The simpler media website CMS
I renamed the Zenphoto folder on my server and reran setup. After I did this I would get prompted with the login screen on every click. I tried multiple browsers and running setup again. It was always the same with the private gallery. If I set the gallery to public it would work fine. If I set it back to private, the login screen would appear again on every click. I eventually started having problems even getting in to the Admin.
I finally renamed it back to the original folder name, ran setup again, and the problem went away. This is the error messages I was getting repeatedly in the different logs. I have changed the folder name and removed my IP address in them. I will tell you that the folder name was changed from one word to three words with spaces in it.
Errors in zp-data/debug.log:
{931102:Mon, 22 Mar 2021 02:28:13 GMT} WARNING: Cookie paths cannot contain any of the following ',; \t\r\n\013\014' in /home/public_html/Name and Another/zp-core/functions-common.php on line 501 setcookie called from zp_setCookie (functions-common.php [501]) from zp_clearCookie (functions-common.php [522]) from Zenphoto_Authority->checkCookieCredentials (lib-auth.php [811]) from require_once (auth_zp.php [69]) from require_once (load_objectClasses.php [42]) from require_once (functions.php [34]) from include (index.php [14]) from index.php [56] {931102:Mon, 22 Mar 2021 02:28:13 GMT} WARNING: Cookie paths cannot contain any of the following ',; \t\r\n\013\014' in /home/public_html/Name and Another/zp-core/functions-common.php on line 501 setcookie called from zp_setCookie (functions-common.php [501]) from zp_clearCookie (functions-common.php [522]) from require_once (auth_zp.php [78]) from require_once (load_objectClasses.php [42]) from require_once (functions.php [34]) from include (index.php [14]) from index.php [56]
Errors in zp-data/security.log:
2021-03-21 19:55:22 [My IP] Admin login Admin Failed 2021-03-21 19:55:22 [My IP] Guest login Admin Failed 2021-03-21 20:00:03 [My IP] Authorization cookie check Failed [long number]
Errors in zp-core/error_log:
[21-Mar-2021 20:01:29 America/Los_Angeles] PHP Warning: Cookie paths cannot contain any of the following ',; \t\r\n\013\014' in /home/public_html/Name and Another/zp-core/functions-common.php on line 501
Comments
The last log, since I was unable to post it due to length.
Errors in zp-core/setup/error_log:
From what I've seen online with the error messages, it looks like it might be due to the new folder name having spaces, and is possibly related to PHP 7.4, which my server recently updated to.
Zenphoto runs up to PHP 7.4 (PHP 8 will not work). Did you clear all cookies in your browser? Also clear the browser cache. Apparently something with the paths does not work since you change the site's URL.
Yeah, I tried different browsers.
I'm not sure, but it looks like it might be an issue with setcookie in PHP 7.3+. I'm seeing other people online with similar error messages.
For example, in zp-core/zp-extensions/elFinder/php/elFinderSession.php, they do a version check for PHP 7.3 when setting their cookie.
Line 224:
if (version_compare(PHP_VERSION, '7.3', '<')) {
setcookie(session_name(), session_id(), 0, $cParm['path'] . (!empty($cParm['SameSite'])? '; SameSite=' . $cParm['SameSite'] : ''), $cParm['domain'], $cParm['secure'], $cParm['httponly']);
} else {
setcookie(session_name(), session_id(), $cParm);
}
In zp-core/functions-common.php, where most of the errors were coming from, it appears not to do that.
Line 500:
if (($time < 0) || !GALLERY_SESSION) {
setcookie($name, $cookiev, time() + $time, $path, '', $secure, $httponly);
}
I'm not a programmer, I'm just trying to help.
You are right in 1.5.7 that is not. But actually the missing samesite should only cause a browser warning and not block anything yet. But perhaps some recent browser version changed that or your mod_security interferes. I just mention because our own site runs 1.5.7 on PHP 7.4.14.
Please try the master (suppprt build) from Github (= 1.5.8RC) which does have this check.
It's the spaces in the folder name. I just tried renaming it again with spaces, also again making sure the browser had no cookies or data for the site, and the login screen again appeared on every click after I ran setup.
I also got these error messages again when I tried to go to the Admin page:
Zenphoto Error: the requested object was not found.
Album: Name and Another/zp-core/admin.php
I replaced the spaces with underscores in the folder name, ran the setup again, and the login screen on every click went away. I was also able to access Admin fine.
This was on 1.5.7, when I have more time, I will try seeing if 1.5.8RC changes anything.
Good you found it out. Spaces can be tricky as they are encoded and should be avoided in file and folder names to make everyone's life easier and is general best practice especially for URLs. Although it "should" work…
That would be good as we want to release that soon. However tehre is no special treatment of spaces in folder names, just the same site part was added.
Okay, I've tried it with the latest 1.5.8RC and the issue is still there. I know you like MAMP, so I setup the latest version of MAMP (6.3) and a test install of Zenphoto 1.5.8.
The initial folder for the install was all one word- zenphoto158test.
It worked fine, though I did get a warning that you are probably aware of:
Changed the gallery to private. Still worked. Then renamed the folder to "Name and Another" and reran the setup. Again I was getting prompted with the login on every click in the gallery. I also had issues trying to get into Admin and when I did, it failed to load correctly.
So you know.
I have my live server folder with one word again, but wanted to let people know this is an issue if they come across it.
Good you figured it out. My apology that I somehow didn't realize somehow that you had spaces in the folder name. Then I would have mention this directly…
It is generally best practice and recommended to not have spaces or special chars in file and folder names. This are specially encoded and require even special encoding in htaccess.