Skip to content


Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP


Broken json extension: Login not working in 1.1.1 for some users #1958

mattab opened this Issue · 22 comments

3 participants

Matthieu Aubry Anonymous Piwik user Anthon Pang
Matthieu Aubry

Reported in:,70605

and in emails with FTP access.

Please post your phpinfo() here, or send piwik URL + login + password + FTP or SSH access to and

Anonymous Piwik user
PHP Version 5.2.6

System  FreeBSD woefwafserver 7.0-STABLE-200804 FreeBSD 7.0-STABLE-200804 #0: Thu Apr 10 20:40:56 UTC 2008 i386
Build Date  Jul 22 2008 22:04:49
Configure Command    './configure' '--with-layout=GNU' '--with-config-file-scan-dir=/usr/local/etc/php' '--disable-all' '--enable-libxml' '--with-libxml-dir=/usr/local' '--enable-reflection' '--program-prefix=' '--enable-force-cgi-redirect' '--enable-discard-path' '--enable-fastcgi' '--with-regex=php' '--with-zend-vm=CALL' '--enable-zend-multibyte' '--prefix=/usr/local' '--mandir=/usr/local/man' '--infodir=/usr/local/info/'
Server API  CGI/FastCGI
Virtual Directory Support   disabled
Configuration File (php.ini) Path   /usr/local/etc
Loaded Configuration File   /usr/local/etc/php.ini
Scan this dir for additional .ini files /usr/local/etc/php
additional .ini files parsed    /usr/local/etc/php/extensions.ini
PHP API 20041225
PHP Extension   20060613
Zend Extension  220060519
Debug Build no
Thread Safety   disabled
Zend Memory Manager enabled
IPv6 Support    enabled
Registered PHP Streams  compress.bzip2, php, file, data, http, ftp, https, ftps, zip, compress.zlib
Registered Stream Socket Transports tcp, udp, unix, udg, ssl, sslv3, sslv2, tls
Registered Stream Filters   bzip2.*, convert.iconv.*, string.rot13, string.toupper, string.tolower, string.strip_tags, convert.*, consumed, zlib.*

This server is protected with the Suhosin Patch
Copyright (c) 2006 Hardened-PHP Project

This program makes use of the Zend Scripting Language Engine:
Zend Engine v2.2.0, Copyright (c) 1998-2008 Zend Technologies

PHP Credits


PHP Core

Directive   Local Value Master Value
allow_call_time_pass_reference  On  On
allow_url_fopen On  On
allow_url_include   Off Off
always_populate_raw_post_data   Off Off
arg_separator.input &   &
arg_separator.output    &   &
asp_tags    Off Off
auto_append_file    no value    no value
auto_globals_jit    On  On
auto_prepend_file   no value    no value
browscap    no value    no value
default_charset no value    no value
default_mimetype    text/html   text/html
define_syslog_variables Off Off
detect_unicode  On  On
disable_classes no value    no value
disable_functions   no value    no value
display_errors  On  On
display_startup_errors  Off Off
doc_root    no value    no value
docref_ext  no value    no value
docref_root no value    no value
enable_dl   On  On
error_append_string no value    no value
error_log   no value    no value
error_prepend_string    no value    no value
error_reporting 6135    6135
expose_php  On  On
extension_dir   /usr/local/lib/php/20060613 /usr/local/lib/php/20060613
file_uploads    On  On    #FFFFFF #FFFFFF
highlight.comment   #FF8000 #FF8000
highlight.default   #0000BB #0000BB
highlight.html  #000000 #000000
highlight.keyword   #007700 #007700
highlight.string    #DD0000 #DD0000
html_errors On  On
ignore_repeated_errors  Off Off
ignore_repeated_source  Off Off
ignore_user_abort   Off Off
implicit_flush  Off Off
include_path    .:/usr/local/share/pear .:/usr/local/share/pear
log_errors  Off Off
log_errors_max_len  1024    1024
magic_quotes_gpc    On  On
magic_quotes_runtime    Off Off
magic_quotes_sybase Off Off
mail.force_extra_parameters no value    no value
max_execution_time  30  30
max_input_nesting_level 64  64
max_input_time  60  60
memory_limit    128M    128M
open_basedir    /usr/local/syncer:/var/www:/tmp/:/var/tmp/:/usr/local/share/pear:/usr/sbin  /usr/local/syncer:/var/www:/tmp/:/var/tmp/:/usr/local/share/pear:/usr/sbin
output_buffering    no value    no value
output_handler  no value    no value
post_max_size   8M  8M
precision   12  12
realpath_cache_size 16K 16K
realpath_cache_ttl  120 120
register_argc_argv  On  On
register_globals    Off Off
register_long_arrays    On  On
report_memleaks On  On
report_zend_debug   On  On
safe_mode   Off Off
safe_mode_exec_dir  no value    no value
safe_mode_gid   Off Off
safe_mode_include_dir   no value    no value
sendmail_from   no value    no value
sendmail_path   /usr/sbin/sendmail -t -i    /usr/sbin/sendmail -t -i
serialize_precision 100 100
short_open_tag  On  On
SMTP    localhost   localhost
smtp_port   25  25
sql.safe_mode   Off Off
suhosin.log.phpscript   0   0
suhosin.log.phpscript.is_safe   Off Off  no value    no value
suhosin.log.sapi    no value    no value
suhosin.log.script  no value    no value no value    no value
suhosin.log.syslog  no value    no value
suhosin.log.syslog.facility no value    no value
suhosin.log.syslog.priority no value    no value
suhosin.log.use-x-forwarded-for Off Off
track_errors    Off Off
unserialize_callback_func   no value    no value
upload_max_filesize 16M 16M
upload_tmp_dir  no value    no value
user_dir    no value    no value
variables_order EGPCS   EGPCS
xmlrpc_error_number 0   0
xmlrpc_errors   Off Off
y2k_compliance  On  On
zend.ze1_compatibility_mode Off Off


BZip2 Support   Enabled
Stream Wrapper support  compress.bz2://
Stream Filter support   bzip2.decompress, bzip2.compress
BZip2 Version   1.0.4, 20-Dec-2006


Directive   Local Value Master Value
cgi.check_shebang_line  1   1
cgi.fix_pathinfo    1   1
cgi.force_redirect  1   1
cgi.nph 0   0
cgi.redirect_status_env no value    no value
cgi.rfc2616_headers 0   0
fastcgi.logging 1   1


ctype functions enabled


cURL support    enabled
cURL Information    libcurl/7.18.0 OpenSSL/0.9.8e zlib/1.2.3 libssh2/0.18


date/time support   enabled
"Olson" Timezone Database Version   2008.2
Timezone Database   internal
Default timezone    Europe/Berlin

Directive   Local Value Master Value
date.default_latitude   31.7667 31.7667
date.default_longitude  35.2333 35.2333
date.sunrise_zenith 90.583333   90.583333
date.sunset_zenith  90.583333   90.583333
date.timezone   no value    no value


DOM/XML enabled
DOM/XML API Version 20031129
libxml Version  2.6.32
HTML Support    enabled
XPath Support   enabled
XPointer Support    enabled
Schema Support  enabled
RelaxNG Support enabled


Input Validation and Filtering  enabled
Revision    $Revision: 1.74 $

Directive   Local Value Master Value
filter.default  unsafe_raw  unsafe_raw
filter.default_flags    no value    no value


FTP support enabled


GD Support  enabled
GD Version  bundled (2.0.34 compatible)
FreeType Support    enabled
FreeType Linkage    with freetype
FreeType Version    2.3.7
T1Lib Support   enabled
GIF Read Support    enabled
GIF Create Support  enabled
JPG Support enabled
PNG Support enabled
WBMP Support    enabled
XPM Support enabled
XBM Support enabled


gmp support enabled
GMP version 4.2.2


hash support    enabled
Hashing Engines md2 md4 md5 sha1 sha256 sha384 sha512 ripemd128 ripemd160 ripemd256 ripemd320 whirlpool tiger128,3 tiger160,3 tiger192,3 tiger128,4 tiger160,4 tiger192,4 snefru gost adler32 crc32 crc32b haval128,3 haval160,3 haval192,3 haval224,3 haval256,3 haval128,4 haval160,4 haval192,4 haval224,4 haval256,4 haval128,5 haval160,5 haval192,5 haval224,5 haval256,5


iconv support   enabled
iconv implementation    libiconv
iconv library version   1.11

Directive   Local Value Master Value
iconv.input_encoding    ISO-8859-1  ISO-8859-1
iconv.internal_encoding ISO-8859-1  ISO-8859-1
iconv.output_encoding   ISO-8859-1  ISO-8859-1


IMAP c-Client Version   2004
SSL Support enabled


json support    enabled
json version    1.2.1


LDAP Support    enabled
RCS Version $Id: ldap.c,v 2007/12/31 07:20:07 sebastian Exp $
Total Links 0/unlimited
API Version 3001
Vendor Name OpenLDAP
Vendor Version  20342


libXML support  active
libXML Version  2.6.32
libXML streams  enabled


Multibyte Support   enabled
Multibyte string engine libmbfl
Multibyte (japanese) regex support  enabled
Multibyte regex (oniguruma) version 4.4.4
Multibyte regex (oniguruma) backtrack check On

mbstring extension makes use of "streamable kanji code filter and converter", which is distributed under the GNU Lesser General Public License version 2.1.

Directive   Local Value Master Value
mbstring.detect_order   no value    no value
mbstring.encoding_translation   Off Off
mbstring.func_overload  0   0
mbstring.http_input pass    pass
mbstring.http_output    pass    pass
mbstring.internal_encoding  ISO-8859-1  no value
mbstring.language   neutral neutral
mbstring.script_encoding    no value    no value
mbstring.strict_detection   Off Off
mbstring.substitute_character   no value    no value


mcrypt support  enabled
Version 2.5.8
Api No  20021217
Supported ciphers   cast-128 gost rijndael-128 twofish arcfour cast-256 loki97 rijndael-192 saferplus wake blowfish-compat des rijndael-256 serpent xtea blowfish enigma rc2 tripledes
Supported modes cbc cfb ctr ecb ncfb nofb ofb stream

Directive   Local Value Master Value
mcrypt.algorithms_dir   no value    no value
mcrypt.modes_dir    no value    no value


MHASH support   Enabled
MHASH API Version   20060101


MSSQL Support   enabled
Active Persistent Links 0
Active Links    0
Library version FreeTDS

Directive   Local Value Master Value
mssql.allow_persistent  On  On
mssql.batchsize 0   0
mssql.charset   no value    no value
mssql.compatability_mode    Off Off
mssql.connect_timeout   5   5
mssql.datetimeconvert   On  On
mssql.max_links Unlimited   Unlimited
mssql.max_persistent    Unlimited   Unlimited
mssql.max_procs Unlimited   Unlimited
mssql.min_error_severity    10  10
mssql.min_message_severity  10  10
mssql.secure_connection Off Off
mssql.textlimit Server default  Server default
mssql.textsize  Server default  Server default
mssql.timeout   60  60


MySQL Support   enabled
Active Persistent Links 0
Active Links    0
Client API version  5.0.51a
MYSQL_SOCKET    /tmp/mysql.sock
MYSQL_INCLUDE   no value
MYSQL_LIBS  no value

Directive   Local Value Master Value
mysql.allow_persistent  On  On
mysql.connect_timeout   60  60
mysql.default_host  no value    no value
mysql.default_password  no value    no value
mysql.default_port  no value    no value
mysql.default_socket    no value    no value
mysql.default_user  no value    no value
mysql.max_links Unlimited   Unlimited
mysql.max_persistent    Unlimited   Unlimited
mysql.trace_mode    Off Off


MysqlI Support  enabled
Client API library version  5.0.51a
Client API header version   5.0.51a
MYSQLI_SOCKET   /tmp/mysql.sock

Directive   Local Value Master Value
mysqli.default_host no value    no value
mysqli.default_port 3306    3306
mysqli.default_pw   no value    no value
mysqli.default_socket   no value    no value
mysqli.default_user no value    no value
mysqli.max_links    Unlimited   Unlimited
mysqli.reconnect    Off Off


OpenSSL support enabled
OpenSSL Version OpenSSL 0.9.8e 23 Feb 2007


PCRE (Perl Compatible Regular Expressions) Support  enabled
PCRE Library Version    7.6 2008-01-28

Directive   Local Value Master Value
pcre.backtrack_limit    100000  100000
pcre.recursion_limit    100000  100000


PDF Support enabled
PDFlib GmbH Version 7.0.2
PECL Version    2.1.5
Revision    $Revision: 1.7 $


PDO support enabled
PDO drivers sqlite, mysql


PDO Driver for MySQL, client library version    5.0.51a


PDO Driver for SQLite 3.x   enabled
PECL Module version (bundled) 1.0.1 $Id: pdo_sqlite.c,v 2007/12/31 07:20:10 sebastian Exp $
SQLite Library  3.3.7


Revision    $Revision: $


Reflection  enabled
Version $Id: php_reflection.c,v 2008/03/13 15:56:21 iliaa Exp $


Session Support enabled
Registered save handlers    files user
Registered serializer handlers  php php_binary wddx

Directive   Local Value Master Value
session.auto_start  Off Off
session.bug_compat_42   On  On
session.bug_compat_warn On  On
session.cache_expire    180 180
session.cache_limiter   nocache nocache
session.cookie_domain   no value    no value
session.cookie_httponly Off Off
session.cookie_lifetime 0   0
session.cookie_path /   /
session.cookie_secure   Off Off
session.entropy_file    no value    no value
session.entropy_length  0   0
session.gc_divisor  100 100
session.gc_maxlifetime  7200    7200
session.gc_probability  1   1
session.hash_bits_per_character 4   4
session.hash_function   0   0    PHPSESSID   PHPSESSID
session.referer_check   no value    no value
session.save_handler    files   files
session.save_path   no value    no value
session.serialize_handler   php php
session.use_cookies On  On
session.use_only_cookies    Off Off
session.use_trans_sid   0   0


Simplexml support   enabled
Revision    $Revision: $
Schema support  enabled


NET-SNMP Support    enabled
NET-SNMP Version


Soap Client enabled
Soap Server enabled

Directive   Local Value Master Value
soap.wsdl_cache 1   1
soap.wsdl_cache_dir /tmp    /tmp
soap.wsdl_cache_enabled 1   1
soap.wsdl_cache_limit   5   5
soap.wsdl_cache_ttl 86400   86400


Sockets Support enabled


SPL support enabled
Interfaces  Countable, OuterIterator, RecursiveIterator, SeekableIterator, SplObserver, SplSubject
Classes AppendIterator, ArrayIterator, ArrayObject, BadFunctionCallException, BadMethodCallException, CachingIterator, DirectoryIterator, DomainException, EmptyIterator, FilterIterator, InfiniteIterator, InvalidArgumentException, IteratorIterator, LengthException, LimitIterator, LogicException, NoRewindIterator, OutOfBoundsException, OutOfRangeException, OverflowException, ParentIterator, RangeException, RecursiveArrayIterator, RecursiveCachingIterator, RecursiveDirectoryIterator, RecursiveFilterIterator, RecursiveIteratorIterator, RecursiveRegexIterator, RegexIterator, RuntimeException, SimpleXMLIterator, SplFileInfo, SplFileObject, SplObjectStorage, SplTempFileObject, UnderflowException, UnexpectedValueException


SQLite support  enabled
PECL Module version 2.0-dev $Id: sqlite.c,v 2007/12/31 07:20:11 sebastian Exp $
SQLite Library  2.8.17
SQLite Encoding iso8859

Directive   Local Value Master Value
sqlite.assoc_case   0   0


Regex Library   Bundled library enabled
Dynamic Library Support enabled
Path to sendmail    /usr/sbin/sendmail -t -i

Directive   Local Value Master Value   1   1
assert.bail 0   0
assert.callback no value    no value
assert.quiet_eval   0   0
assert.warning  1   1
auto_detect_line_endings    0   0
default_socket_timeout  60  60
safe_mode_allowed_env_vars  PHP_    PHP_
safe_mode_protected_env_vars    LD_LIBRARY_PATH LD_LIBRARY_PATH
url_rewriter.tags   a=href,area=href,frame=src,input=src,form=,fieldset=    a=href,area=href,frame=src,input=src,form=,fieldset=
user_agent  no value    no value


Tidy support    enabled
libTidy Release 18 June 2008
Extension Version   2.0 ($Id: tidy.c,v 2007/12/31 07:20:14 sebastian Exp $)

Directive   Local Value Master Value
tidy.clean_output   no value    no value
tidy.default_config no value    no value


Tokenizer Support   enabled


WDDX Support    enabled
WDDX Session Serializer enabled


XML Support active
XML Namespace Support   active
libxml2 Version 2.6.32


XMLReader   enabled


core library version    xmlrpc-epi v. 0.51
php extension version   0.51
author  Dan Libby
open sourced by


XMLWriter   enabled


XSL enabled
libxslt Version 1.1.24
libxslt compiled against libxml Version 2.6.32
EXSLT   enabled
libexslt Version    1.1.24


YAZ Support enabled
PHP/YAZ Version 1.0.14
YAZ Version 3.0.26
Compiled with YAZ version   3.0.26


Zip enabled
Extension Version   $Id: php_zip.c,v 1.99 2007/01/18 02:05:18 pajoye Exp $
Zip version 1.9.0
Libzip version  0.7.1


ZLib Support    enabled
Stream Wrapper support  compress.zlib://
Stream Filter support   zlib.inflate, zlib.deflate
Compiled Version    1.2.3
Linked Version  1.2.3

Directive   Local Value Master Value
zlib.output_compression Off Off
zlib.output_compression_level   -1  -1
zlib.output_handler no value    no value

Additional Modules

Module Name


Variable    Value
DOCUMENT_ROOT   /var/www/syncer/public
HTTP_ACCEPT application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
HTTP_ACCEPT_CHARSET ISO-8859-1,utf-8;q=0.7,*;q=0.3
HTTP_ACCEPT_ENCODING    gzip,deflate,sdch
HTTP_ACCEPT_LANGUAGE    nl-NL,nl;q=0.8,en-US;q=0.6,en;q=0.4
HTTP_HOST   woefwafserver
HTTP_USER_AGENT Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
PATH    /bin:/usr/bin
QUERY_STRING    no value
REQUEST_URI /phpinfo
SCRIPT_FILENAME /var/www/syncer/public/phpinfo.php
SCRIPT_NAME /phpinfo.php
SERVER_NAME woefwafserver
SERVER_SOFTWARE Apache/2.2.9 (FreeBSD) mod_ssl/2.2.9 OpenSSL/0.9.8e DAV/2

PHP Variables

Variable    Value
_SERVER["DOCUMENT_ROOT"]    /var/www/syncer/public
_SERVER["HTTP_ACCEPT"]  application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
_SERVER["HTTP_ACCEPT_CHARSET"]  ISO-8859-1,utf-8;q=0.7,*;q=0.3
_SERVER["HTTP_ACCEPT_ENCODING"] gzip,deflate,sdch
_SERVER["HTTP_ACCEPT_LANGUAGE"] nl-NL,nl;q=0.8,en-US;q=0.6,en;q=0.4
_SERVER["HTTP_HOST"]    woefwafserver
_SERVER["HTTP_USER_AGENT"]  Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
_SERVER["PATH"] /bin:/usr/bin
_SERVER["REQUEST_URI"]  /phpinfo
_SERVER["SCRIPT_FILENAME"]  /var/www/syncer/public/phpinfo.php
_SERVER["SCRIPT_NAME"]  /phpinfo.php
_SERVER["SERVER_NAME"]  woefwafserver
_SERVER["SERVER_SOFTWARE"]  Apache/2.2.9 (FreeBSD) mod_ssl/2.2.9 OpenSSL/0.9.8e DAV/2
_SERVER["PHP_SELF"] /phpinfo.php
_SERVER["REQUEST_TIME"] 1294225352
_SERVER["argc"] 0
_ENV["DOCUMENT_ROOT"]   /var/www/syncer/public
_ENV["HTTP_ACCEPT"] application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
_ENV["HTTP_ACCEPT_CHARSET"] ISO-8859-1,utf-8;q=0.7,*;q=0.3
_ENV["HTTP_ACCEPT_ENCODING"]    gzip,deflate,sdch
_ENV["HTTP_ACCEPT_LANGUAGE"]    nl-NL,nl;q=0.8,en-US;q=0.6,en;q=0.4
_ENV["HTTP_CONNECTION"] keep-alive
_ENV["HTTP_HOST"]   woefwafserver
_ENV["HTTP_USER_AGENT"] Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
_ENV["PATH"]    /bin:/usr/bin
_ENV["QUERY_STRING"]    no value
_ENV["REQUEST_URI"] /phpinfo
_ENV["SCRIPT_FILENAME"] /var/www/syncer/public/phpinfo.php
_ENV["SCRIPT_NAME"] /phpinfo.php
_ENV["SERVER_NAME"] woefwafserver
_ENV["SERVER_SIGNATURE"]    no value
_ENV["SERVER_SOFTWARE"] Apache/2.2.9 (FreeBSD) mod_ssl/2.2.9 OpenSSL/0.9.8e DAV/2

PHP License

This program is free software; you can redistribute it and/or modify it under the terms of the PHP License as published by the PHP Group and included in the distribution in the file: LICENSE

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

If you did not receive a copy of the PHP license, or have any questions about PHP licensing, please contact
Anonymous Piwik user

Attachment: phpinfo

Anonymous Piwik user

Login not working for me with version 1.1 and 1.1.1 and php version 5.2.14. Cache cleared and tested with Firefox and Chrome

Anonymous Piwik user

Replying to matt:

see possible solution:,70673,page=1#msg-70691

Thank you for your response, but this does not solve the trouble for me. Still unable to login...

I'll investigate further the problem when I'll get a bit of free time (not before several days).


Anthon Pang

(In [3644]) refs #1958 - improve form security error message

Anthon Pang

So far, the phpinfo hasn't helped. I'd like to see what's causing the login to fail.

In core/Nonce.php, add some debugging, login, send us the output, and then remove the debugging.

    static public function verifyNonce($id, $cnonce)
        $ns = new Piwik_Session_Namespace($id);
        $nonce = $ns->nonce;

var_dump($_SERVER); die; // add this line

        // validate token
        if(empty($cnonce) || $cnonce !== $nonce)
            return false;
Anonymous Piwik user


Here is the result (coockies removed just before) :

array(34) { [string(24) "TSVgUlQQXBsAAHOzMfoAAAEJ" "SCRIPT_URL"=> string(16) "/piwik/index.php" [string(42) "" "HTTP_HOST"=> string(19) "" [string(112) "Mozilla/5.0 (X11; U; Linux x86_64; fr; rv: Gecko/20110102 Ubuntu/10.10 (maverick) Namoroka/3.6.14pre" "HTTP_ACCEPT"=> string(63) "text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8" [string(35) "fr,fr-fr;q=0.8,en-us;q=0.5,en;q=0.3" "HTTP_ACCEPT_ENCODING"=> string(12) "gzip,deflate" [string(30) "ISO-8859-1,utf-8;q=0.7,*;q=0.7" "HTTP_KEEP_ALIVE"=> string(3) "115" [string(10) "keep-alive" "HTTP_REFERER"=> string(102) "" [string(164) "piwik_auth=login%3DImFsZXhhbmRyZS5qYWJvcnNrYSI%3D%3Atoken_auth%3DIjRmNGNmNGYwYzg4OTk3MmM5NTExODIwYTZjYTlhMWQyIg%3D%3D%3A_%3Dfbb3345b96d389589a49508d9d300e5a39160d8d" "CONTENT_TYPE"=> string(33) "application/x-www-form-urlencoded" [string(2) "96" "PATH"=> string(91) "/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/opt/apache/bin:/opt/mysql/bin" [string(0) "" "SERVER_SOFTWARE"=> string(6) "Apache" [string(19) "" "SERVER_ADDR"=> string(11) "" [string(2) "80" "REMOTE_ADDR"=> string(14) "" [string(46) "/home/www/ab09e4ca36157e8de9f2c9cdd0d79844/web" "SERVER_ADMIN"=> string(25) "" [string(62) "/home/www/ab09e4ca36157e8de9f2c9cdd0d79844/web/piwik/index.php" "REMOTE_PORT"=> string(5) "56284" [string(7) "CGI/1.1" "SERVER_PROTOCOL"=> string(8) "HTTP/1.1" [string(4) "POST" "QUERY_STRING"=> string(59) "module=CoreHome&action=index&idSite=1&period=day&date=today" [string(76) "/piwik/index.php?module=CoreHome&action=index&idSite=1&period=day&date=today" "SCRIPT_NAME"=> string(16) "/piwik/index.php" [string(16) "/piwik/index.php" "REQUEST_TIME"=> int(1294295122) }

Matthieu Aubry

See also report in forum with php ini:,70782

Anthon Pang

Hmmm... the piwik_auth cookie is set, and the query string shows that ajaborsk was redirected to CoreHome.

Try deleting the files in piwik/tmp/assets/.

Anonymous Piwik user

I deleted files in piwik/tmp/assets/

No change.

two of the users in the forum thread given by matt are using services, as me. Maybe a .htaccess issue ?


Matthieu Aubry

One more report possibly a different bug?,70874
After upgrade to 1.1.1, I got error when I logout from a login session, here is the error:

Warning: session_regenerate_id() href='function.session-regenerate-id'>function.session-regenerate-id</a>: Session object destruction failed in \wwwroot\piwik\libs\Zend\Session.php on line 313

Here is the backtrace:

#0 Piwik_ErrorHandler(2, session_regenerate_id() href='function.session-regenerate-id'>function.session-regenerate-id</a>: Session object destruction failed, \wwwroot\piwik\libs\Zend\Session.php, 313, Array ([=> ,linenum => 0))#1 session_regenerate_id(1) called at [Zend_Session::regenerateId() called at \wwwroot\piwik\plugins\Login\Controller.php:384#3 Piwik_Login_Controller::clearSession() called at [Piwik_Login_Controller->logout()#5 call_user_func_array(Array (0 => Piwik_Login_Controller Object ([=> Login, => ,[=> , => 0,[=> Piwik_Site Object ( => 0)),[=> logout), Array ()) called at \wwwroot\piwik\core\FrontController.php:125#6 Piwik_FrontController->dispatch() called at [\wwwroot\piwik\index.php:60]

Anthon Pang

(In [refs #1958 - revert this line from 3529)

Anthon Pang

Different bug; fixed in r3659

Anthon Pang

Are only Infomaniak users affected? I've made no progress in code inspection or trying to reproduce the problem using different php versions and php.ini settings.

Anonymous Piwik user

I do, and I'm not an Infomaniak customer. Piwik is self hosted, on an old XServe (MacOS X 10.4).

Piwik is updated using cvs : version 1.1.1 revision 3690.
The login is broken since the update to version 1.1.

Here is the result of the var_dump() :

array(34) {
    ["CONTENT_LENGTH"] => "90"
    ["CONTENT_TYPE"] => "application/x-www-form-urlencoded"
    ["DOCUMENT_ROOT"] => "/Library/WebServer/html/server/www"
    ["HTTP_ACCEPT"] => "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"
    ["HTTP_ACCEPT_CHARSET"] => "ISO-8859-1,utf-8;q=0.7,*;q=0.7"
    ["HTTP_ACCEPT_ENCODING"] => "gzip, deflate"
    ["HTTP_ACCEPT_LANGUAGE"] => "fr-fr,fr;q=0.8,en-us;q=0.5,en;q=0.3"
    ["HTTP_CONNECTION"] => "keep-alive"
    ["HTTP_COOKIE"] => "piwik_auth=login%3DIlAxdzFrIg%3D%3D%3Atoken_auth%3DIjcwMmFmMGIzZDhlMTgxMGI3ZjZmODViYTkyYTZjODI3Ig%3D%3D%3A_%3D11cc71c7f164a89de459262048cd2fac298150c5; PIWIK_SESSID=4k0j3b2nnudl623fk9t2onk8v2"
    ["HTTP_HOST"] => ""
    ["HTTP_KEEP_ALIVE"] => "115"
    ["HTTP_REFERER"] => ""
    ["HTTP_USER_AGENT"] => "Mozilla/5.0 (X11; Linux i686; rv:2.0b9pre) Gecko/20110110 Firefox-4.0/4.0b9pre"
    ["PATH"] => "/usr/local/php5/oracle:/bin:/sbin:/usr/bin:/usr/sbin:/usr/libexec:/System/Library/CoreServices"
    ["REMOTE_ADDR"] => "10.25.xx.xx"
    ["REMOTE_PORT"] => "39787"
    ["SCRIPT_FILENAME"] => "/Library/WebServer/html/server/piwik/www/index.php"
    ["SERVER_ADDR"] => "193.50.xx.xx"
    ["SERVER_ADMIN"] => ""
    ["SERVER_NAME"] => ""
    ["SERVER_PORT"] => "80"
    ["SERVER_SIGNATURE"] => ""
    ["SERVER_SOFTWARE"] => "Apache/1.3.41 (Darwin) PHP/5.2.4 mod_ssl/2.8.31 OpenSSL/0.9.7l"
    ["GATEWAY_INTERFACE"] => "CGI/1.1"
    ["SERVER_PROTOCOL"] => "HTTP/1.1"
    ["QUERY_STRING"] => ""
    ["REQUEST_URI"] => "/piwik/index.php"
    ["SCRIPT_NAME"] => "/piwik/index.php"
    ["PATH_TRANSLATED"] => "/Library/WebServer/html/server/piwik/www/index.php"
    ["PHP_SELF"] => "/piwik/index.php"
    ["REQUEST_TIME"] => int(1294650398)
    ["argv"] => array(0) { }
    ["argc"] => int(0)

I aded my phpinfo() as an attachment under the name phpinfo-xserve.html.

Anthon Pang

(In [3706]) quick fixes #1958 - always use safe_serialize/safe_unserialize as there are sites with custom php builds that exhibit buggy json_encode/json_decode behaviour preventing login; since we use json_encode/json_decode for the dashboard, we can debug further there

p.s. Infomaniak's conclusion (posted in the forum) is inaccurate, and their bug fix is wrong (in more ways than one).

1) json_encode/json_decode is not a 5.3 feature. It was added in php 5.2.0. (I tested with 5.2.0, 5.2.1, 5.2.13, 5.2.14, 5.2.16, and 5.2.17 without Infomaniak's "fix". One of the phpinfo I received shows php was built with --disable-all, and then --enable specific extensions.)

2) their "fix" to use preg_match(/5.2.1/, PHP_VERSION) no longer matches broken 5.2.0, and excludes 5.2.2 through 5.2.9, but includes 5.2.10 - 5.2.17 (latest 5.2.x); boggle

Anthon Pang

(In [3709]) delete invalid cookies, refs #1958

Anthon Pang

(In [3712]) refs #1958 - discard entire cookie content if any part fails to unserialize

Anthon Pang

(In [3713]) refs #1958 - yet another typo

Anthon Pang

p.s. I got access to an Infomaniak account, and traced the problem to a broken json_encode. Infomaniak did some more troubleshooting and identified the problem as a broken php build (i.e., they were still using the pecl extension for json instead of the one bundled with php 5.2.x).

Matthieu Aubry mattab added this to the Piwik 1.2 milestone
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.