It is the default login form - and I used telnet to validate the response I get from piwik. I’m straight sent to the login page again,
Please PM the URL and login, so that I can see what you’re seeing. Thanks.
Mh. Interesting… Since I did not want to send you the real password I used the “Forgot Password” link to get the chance to create a new one. With this new password I could log in without any problems.
Changed the passwort back to the original one - and same problem as before. I’ll send you the data via pm.
If i completly disable login (with a little hack in Auth.php), I can access the Dashboard without any problem… I’ll digg some deeper into that…
i want to use piwik 0.5.5 on intranet on IIS6/win2k, php5.3.1, mysql 5.0.x/SLSES11
i can no loggin to with all my browser, and my corporate AV is Mc Afee.
i notice that if i add to plugins/Login/Auth.php line 34 (method authenticate, before first condition)
var_dump($rooLogin);
var_dump($this);
i discover that
$rootLogin = admin, that’s ok
$this->login = “anomymous” , but i try to login with super admin account.
i look in mysqlbut setup create only one “anonymous” user. it may be ok.
i use a hack to bypass piwik auth to be able to use my superadmin account;
so i’m not sure it’s can not be a piwik issue.
I could track the error down to the Nonce class.
if (!empty($referer) && (Piwik_Url::getLocalReferer() === false)
Since getLocelReferer() always returns an empty referer, Nonce::verifyNonce fails.
If I simply supress sending of the referrer, login works fine. Commenting out the whole statement works also fine.
Root cause for the problem is the usage of piwik behind a reverse proxy. Piwik creates the url the request should come from via $_SERVER[‘HTTP_HOST’], which returns only the ip address of the server. Using HTTP_X_FORWARDED_HOST works fine.
chx: I can make that change, but that doesn’t explain the case where you said you changed your password and it then worked.
Well, I have no explanation for that single occurance. I modfied the code now in a way, that it first checks for HTTP_X_FORWARDED_HOST and then for HTTP_HOST. This way should work for both cases
I am having the same issue since my upgrade to 0.6.1 today. Sitting behind a reverse proxy as well. Cannot login. After commenting out the if statement login works. chx, could you post your modifications? Would be great. Thanks!
Damn. I had hoped, that this issue had been fixed. At least the changelog says so… For the moment I just disabled the referer-check. Maybe I’ll dig some deeper and provide a patch for this problem.
Thanks a lot. I’ve seen that #2195 has found its way into 0.6.2 and in 0.6.2 everything seems to work fine for me. Keep up the great work!