Login screen on every click with private gallery after renaming Zenphoto folder

I renamed the Zenphoto folder on my server and reran setup. After I did this I would get prompted with the login screen on every click. I tried multiple browsers and running setup again. It was always the same with the private gallery. If I set the gallery to public it would work fine. If I set it back to private, the login screen would appear again on every click. I eventually started having problems even getting in to the Admin.

I finally renamed it back to the original folder name, ran setup again, and the problem went away. This is the error messages I was getting repeatedly in the different logs. I have changed the folder name and removed my IP address in them. I will tell you that the folder name was changed from one word to three words with spaces in it.

Errors in zp-data/debug.log:

{931102:Mon, 22 Mar 2021 02:28:13 GMT}
  WARNING: Cookie paths cannot contain any of the following ',; \t\r\n\013\014' in /home/public_html/Name and Another/zp-core/functions-common.php on line 501
  setcookie called from zp_setCookie (functions-common.php [501])
    from zp_clearCookie (functions-common.php [522])
      from Zenphoto_Authority->checkCookieCredentials (lib-auth.php [811])
        from require_once (auth_zp.php [69])
          from require_once (load_objectClasses.php [42])
            from require_once (functions.php [34])
              from include (index.php [14])
                from index.php [56]
{931102:Mon, 22 Mar 2021 02:28:13 GMT}
  WARNING: Cookie paths cannot contain any of the following ',; \t\r\n\013\014' in /home/public_html/Name and Another/zp-core/functions-common.php on line 501
  setcookie called from zp_setCookie (functions-common.php [501])
    from zp_clearCookie (functions-common.php [522])
      from require_once (auth_zp.php [78])
        from require_once (load_objectClasses.php [42])
          from require_once (functions.php [34])
            from include (index.php [14])
              from index.php [56]

Errors in zp-data/security.log:

2021-03-21 19:55:22 [My IP] Admin login Admin       Failed  
2021-03-21 19:55:22 [My IP] Guest login Admin       Failed  
2021-03-21 20:00:03 [My IP] Authorization cookie check          Failed      [long number]

Errors in zp-core/error_log:

[21-Mar-2021 20:01:29 America/Los_Angeles] PHP Warning:  Cookie paths cannot contain any of the following ',; \t\r\n\013\014' in /home/public_html/Name and Another/zp-core/functions-common.php on line 501

Comments

  • J_C Member

    The last log, since I was unable to post it due to length.

    Errors in zp-core/setup/error_log:

    [21-Mar-2021 19:28:24 America/Los_Angeles] PHP Warning:  Cannot modify header information - headers already sent by (output started at /home/public_html/Name and Another/zp-core/reconfigure.php:138) in /home/public_html/Name and Another/zp-core/admin-functions.php on line 106
    [21-Mar-2021 19:28:24 America/Los_Angeles] PHP Warning:  Cannot modify header information - headers already sent by (output started at /home/public_html/Name and Another/zp-core/reconfigure.php:138) in /home/public_html/Name and Another/zp-core/admin-functions.php on line 107
    [21-Mar-2021 19:28:24 America/Los_Angeles] PHP Warning:  Cannot modify header information - headers already sent by (output started at /home/public_html/Name and Another/zp-core/reconfigure.php:138) in /home/public_html/Name and Another/zp-core/admin-functions.php on line 108
    [21-Mar-2021 19:28:24 America/Los_Angeles] PHP Warning:  Cannot modify header information - headers already sent by (output started at /home/public_html/Name and Another/zp-core/reconfigure.php:138) in /home/public_html/Name and Another/zp-core/admin-functions.php on line 109
    [21-Mar-2021 19:28:24 America/Los_Angeles] PHP Warning:  Cannot modify header information - headers already sent by (output started at /home/public_html/Name and Another/zp-core/reconfigure.php:138) in /home/public_html/Name and Another/zp-core/admin-functions.php on line 110
    [21-Mar-2021 19:28:24 America/Los_Angeles] PHP Warning:  Cannot modify header information - headers already sent by (output started at /home/public_html/Name and Another/zp-core/reconfigure.php:138) in /home/public_html/Name and Another/zp-core/admin-functions.php on line 111
    [21-Mar-2021 19:28:24 America/Los_Angeles] PHP Warning:  Cannot modify header information - headers already sent by (output started at /home/public_html/Name and Another/zp-core/reconfigure.php:138) in /home/public_html/Name and Another/zp-core/admin-functions.php on line 112
    [21-Mar-2021 19:29:44 America/Los_Angeles] PHP Warning:  Cookie paths cannot contain any of the following ',; \t\r\n\013\014' in /home/public_html/Name and Another/zp-core/functions-common.php on line 501
    

    From what I've seen online with the error messages, it looks like it might be due to the new folder name having spaces, and is possibly related to PHP 7.4, which my server recently updated to.

  • acrylian Administrator, Developer
    edited March 24

    Zenphoto runs up to PHP 7.4 (PHP 8 will not work). Did you clear all cookies in your browser? Also clear the browser cache. Apparently something with the paths does not work since you change the site's URL.

  • J_C Member

    Yeah, I tried different browsers.

    I'm not sure, but it looks like it might be an issue with setcookie in PHP 7.3+. I'm seeing other people online with similar error messages.

    For example, in zp-core/zp-extensions/elFinder/php/elFinderSession.php, they do a version check for PHP 7.3 when setting their cookie.

    Line 224:
    if (version_compare(PHP_VERSION, '7.3', '<')) {
    setcookie(session_name(), session_id(), 0, $cParm['path'] . (!empty($cParm['SameSite'])? '; SameSite=' . $cParm['SameSite'] : ''), $cParm['domain'], $cParm['secure'], $cParm['httponly']);
    } else {
    setcookie(session_name(), session_id(), $cParm);
    }

    In zp-core/functions-common.php, where most of the errors were coming from, it appears not to do that.

    Line 500:
    if (($time < 0) || !GALLERY_SESSION) {
    setcookie($name, $cookiev, time() + $time, $path, '', $secure, $httponly);
    }

    I'm not a programmer, I'm just trying to help.

  • acrylian Administrator, Developer
    edited March 24

    You are right in 1.5.7 that is not. But actually the missing samesite should only cause a browser warning and not block anything yet. But perhaps some recent browser version changed that or your mod_security interferes. I just mention because our own site runs 1.5.7 on PHP 7.4.14.

    Please try the master (suppprt build) from Github (= 1.5.8RC) which does have this check.

  • J_C Member

    It's the spaces in the folder name. I just tried renaming it again with spaces, also again making sure the browser had no cookies or data for the site, and the login screen again appeared on every click after I ran setup.

    I also got these error messages again when I tried to go to the Admin page:

    Zenphoto Error: the requested object was not found.
    Album: Name and Another/zp-core/admin.php

    I replaced the spaces with underscores in the folder name, ran the setup again, and the login screen on every click went away. I was also able to access Admin fine.

    This was on 1.5.7, when I have more time, I will try seeing if 1.5.8RC changes anything.

  • acrylian Administrator, Developer

    Good you found it out. Spaces can be tricky as they are encoded and should be avoided in file and folder names to make everyone's life easier and is general best practice especially for URLs. Although it "should" work…

    when I have more time, I will try seeing if 1.5.8RC changes anything.

    That would be good as we want to release that soon. However tehre is no special treatment of spaces in folder names, just the same site part was added.

  • J_C Member

    Okay, I've tried it with the latest 1.5.8RC and the issue is still there. I know you like MAMP, so I setup the latest version of MAMP (6.3) and a test install of Zenphoto 1.5.8.

    The initial folder for the install was all one word- zenphoto158test.

    It worked fine, though I did get a warning that you are probably aware of:

    Zenphoto core files [Some files are missing or seem wrong]
    …
    zp-core/zp-extensions/elfinder/php/.tmp
    

    Changed the gallery to private. Still worked. Then renamed the folder to "Name and Another" and reran the setup. Again I was getting prompted with the login on every click in the gallery. I also had issues trying to get into Admin and when I did, it failed to load correctly.

    So you know.

    I have my live server folder with one word again, but wanted to let people know this is an issue if they come across it.

  • acrylian Administrator, Developer

    Good you figured it out. My apology that I somehow didn't realize somehow that you had spaces in the folder name. Then I would have mention this directly…

    It is generally best practice and recommended to not have spaces or special chars in file and folder names. This are specially encoded and require even special encoding in htaccess.

Sign In or Register to comment.