Unable to set cookie for install

[bobl61]

Deleted ALL previous PS files from server. Uploaded new PsychoStats-main (3.2.8b) to server. Install cannot set cookie:

[Drek282]

I'm pretty sure that's not a problem with PS. That is either a problem with your Apache2/PHP settings, or with your browser. If it can't set a cookie PS will fail, and I've never encountered that issue with any other user, or in the, literally, thousands of times I've installed or used PS.

Looking at your browser icons it looks like you might be running one or more addons that might interfere with cookies in some way. You could try disabling all your addons, or running your browser in safe/troubleshoot mode to see if you still get that error message.

[bobl61]

Tried it on Microsoft Edge (no extensions installed). Same result.

[Drek282]

Then it must be something in your Apache or PHP config.

[Drek282]

It isn't PS. This happens to no one else. Something is not configured correctly. The possible culprits are Apache, PHP, or possibly your DNS.

[Drek282]

The other possibility is a router security configuration option.

[Drek282]

Just out of curiosity. Are you hosting the site and accessing it from the same machine?

[Drek282]

Also could you please follow the troubleshooting steps from the other thread and post a file with the PHP errors you get when you attempt to run the install?

[bobl61]

Just out of curiosity. Are you hosting the site and accessing it from the same machine?

Yes. I've tried it on 3 different browsers (Edge, Chrome, Firefox) with any extensions disabled and (or) safe mode (incognito) enabled. The error logs do not contain any information related to the install. I'm convinced it's due to the script not being able to set the cookie required to proceed with the install. I've enabled all cookies (including 3rd party) and also added the server to "Sites that can always use cookies" "Including third-party cookies on this site".

[Drek282]

So you are hosting the site and accessing the site from the same machine? I have noticed you are hosting other software on that same domain. Are they successfully setting cookies?

The reason why I asked that question is I used to host game servers and play them on the same machine. Doing that can cause strange network behaviour.

The following thread on Stack Exchange might offer some guidance, if that is what you are doing.

https://superuser.com/questions/1047745/access-external-ip-from-inside-the-network

[bobl61]

I don't play games on the server machine. My main computer is the one I'm using now. The server machine is in another room. I have 2 other sites and they both are setting cookies:

[Drek282]

Having said that, I am able to access the domain and website I host on my lan without issues, and without any cookie issues, so maybe this is a rabbit hole.

[Drek282]

Here's another shot in the dark. Is the time on your server box set correctly?

[bobl61]

Here's another shot in the dark. Is the time on your server box set correctly?

That's too funny. The server time was actually off by an hour and I corrected it. Unfortunately it didn't make any difference. Same error.

[Drek282]

I'm glad you see the humour. Can you follow the trouble shooting steps from the other thread and post your PHP errors log again please?

[bobl61]

Okay, I changed error reporting in common.php to error_reporting(E_ALL); I just looked at the serve error log and see this: [Mon Apr 24 19:04:49.842892 2023] [php7:notice] [pid 5452:tid 1896] [client 194.124.76.48:30932] PHP Notice: Undefined index: step in C:\\xampp\\htdocs\\psycho.servegame.com\\includes\\smarty\\Smarty.class.php(1945) : eval()'d code on line 25, referer: http://psycho.servegame.com/install/index.php?re=1

[Drek282]

Thank you, but that doesn't tell us anything about why the cookie isn't being set. Again, I'm pretty certain this is not a problem with PS. This is something in your settings, what exactly, I have no idea.

[Rosenstein]

<?php
echo 'session.save_handler = ' . ini_get('session.save_handler') . "\n". "<br>";
echo 'session.save_path = ' . ini_get('session.save_path') . "\n". "<br>";
echo 'session.use_strict_mode = ' . ini_get('session.use_strict_mode') . "\n". "<br>";
echo 'session.use_cookies = ' . ini_get('session.use_cookies') . "\n". "<br>";
echo 'session.cookie_secure = ' . ini_get('session.cookie_secure') . "\n". "<br>";
echo 'session.use_only_cookies = ' . ini_get('session.use_only_cookies') . "\n". "<br>";
echo 'session.name = ' . ini_get('session.name') . "\n". "<br>";
echo 'session.cookie_path = ' . ini_get('session.cookie_path') . "\n". "<br>";
echo 'session.cookie_domain = ' . ini_get('session.cookie_domain') . "\n". "<br>";
echo 'session.cookie_httponly = ' . ini_get('session.cookie_httponly') . "\n". "<br>";
echo 'session.cookie_samesite = ' . ini_get('session.cookie_samesite') . "\n". "<br>";
echo 'session.cookie_lifetime = ' . ini_get('session.cookie_lifetime') . "\n". "<br>";
function print_r2($val){
        echo '<pre>';
        print_r($val);
        echo  '</pre>';
}
print_r2(get_loaded_extensions());
?>

Paste this code in new php file on a site where PsychoStats will be located, execute in browser and paste the output please

[Drek282]

If I were to hazard a guess, I would guess that this has something to do with SSL. @bobl61 you say you are using SSL with XAMPP. Could you try disabling that and running the install and see what happens?

[bobl61]

If I were to hazard a guess, I would guess that this has something to do with SSL. @bobl61 you say you are using SSL with XAMPP. Could you try disabling that and running the install and see what happens?

It was indeed something to do with SSL and that dang cookie! /includes/class_session.php:

`function __construct($_config = array()) { $this->config = array( 'cms' => null, // a CMS object MUST be passed in 'dbhandle' => 0, 'delaystart' => 0, 'cookielife' => 60 60, // 1 hour 'cookielifeoptions' => 60 60 24 30, // ~30 days 'cookiedomain' => '', 'cookiepath' => '/', 'cookiename' => 'sess', 'cookiesecure' => 1, 'cookiesalt' => '', // mcrypt module must be installed if this is !empty
'cookiecompress' => TRUE, 'cookieencode' => TRUE, 'login_callback_func' => '', 'match_agent_ip' => FALSE, // i haven't kept up-to-date on bot IPs

    'db_session_table'  => 'sessions',
    'db_user_table'     => '',              // if blank, extra user features are ignored...
    'db_user_session_last'  => 'session_last',      // table field name to update the users last session request
    'db_user_login_key' => 'session_login_key',     // table field name to hold auto-login token
    'db_user_last_visit'    => 'lastvisit',         // table field name to update the users last (previous) visit
    'db_user_id'        => 'userid',            // table field name for the users "user id"

    // these aren't used in this version of the session class; pass a dbhandle above instead
    'dbuser'        => '',
    'dbpass'        => '',
    'dbhost'        => 'localhost',
    'dbname'        => 'sessions',
);`

changed 'cookiesecure' => 1, to 'cookiesecure' => 0, and voila!

[Drek282]

I'm glad we finally sorted it, and I can't believe you stuck with it. Congrats!

[Rosenstein]

This is temp fix, IMHO. We need to know what is the underlying issue, so it wouldn't happen again. Please post the output of the script i posted earlier.

[bobl61]

Rosenstein

session.save_path = \xampp\tmp
session.use_strict_mode = 0
session.use_cookies = 1
session.cookie_secure = 0
session.use_only_cookies = 1
session.name = PHPSESSID
session.cookie_path = /
session.cookie_domain =
session.cookie_httponly =
session.cookie_samesite =
session.cookie_lifetime = 0
Array
(
    [0] => Core
    [1] => bcmath
    [2] => calendar
    [3] => ctype
    [4] => date
    [5] => filter
    [6] => hash
    [7] => iconv
    [8] => json
    [9] => SPL
    [10] => pcre
    [11] => readline
    [12] => Reflection
    [13] => session
    [14] => standard
    [15] => mysqlnd
    [16] => tokenizer
    [17] => zip
    [18] => zlib
    [19] => libxml
    [20] => dom
    [21] => PDO
    [22] => bz2
    [23] => SimpleXML
    [24] => xml
    [25] => xmlreader
    [26] => xmlwriter
    [27] => apache2handler
    [28] => mcrypt
    [29] => openssl
    [30] => curl
    [31] => fileinfo
    [32] => gd
    [33] => gettext
    [34] => gmp
    [35] => mbstring
    [36] => exif
    [37] => mysqli
    [38] => pdo_mysql
    [39] => pdo_sqlite
    [40] => Phar
    [41] => ftp
)```

[bobl61]

Thanks for all the help!

[Drek282]

@Rosenstein, I know the $cookiesecure works with https, but I don't know anything about using http with SSL. That's probably something I could look into.

https://stackoverflow.com/questions/72845675/meaning-of-php-setcookie-parameter-secure

[Drek282]

@bobl61 You asked about CSS and the GunGame mod for CSS. That particular mod isn't in the list of supported games/mods. I don't know if the base CSS support works for the GunGame mod.

edit: thanks for the logs

[bobl61]

Sent you the logs.

[bobl61]

Wondering why map images are not showing. I created the folders (/img/maps/halflife/cstrike) and uploaded all the map images, but nothing's showing up. I don't know what version of PS this site is using, but their maps are visible:

My site:

[Drek282]

You have the folder wrong. Maps need to be in "img/maps/source/cstrikes". I need to add that directory structure to the repos. Doing so now.

[Drek282]

Also, the last I checked heatmaps were not being generated, at least not on my system. There is a problem with the perl script.

[bobl61]

You have the folder wrong. Maps need to be in "img/maps/source/cstrikes". I need to add that directory structure to the repos. Doing so now.

Perfect! Thanks.

[bobl61]

As for the game events, I know you can manually add them. Would you know how to do so for the GunGame actions? IE: "Frahg Daddy<46>" triggered "gg_levelup" There's several I would like to add: gg_win gg_leader gg_levelup gg_leveldown gg_knife_steal gg_knife_level gg_triple_level gg_last_level gg_team_win gg_team_lose

[Drek282]

Yes I can add them. It would be easier for me to do it than to try to explain how to do it, especially seeing as it has been so long that I'm going to have to figure it out anyway. What I'm trying to figure out is whether I should add a separate module for gungame, the way there is for the hl version, or just add the support to the cstrikes module.

Can you give me an idea of what point values you'd like for each event please?

[bobl61]

gg_win +10 gg_leader +1 gg_levelup +1 gg_leveldown -1 gg_knife_steal +2 gg_knife_level +1 gg_triple_level +3 gg_last_level +1

Not sure these 2 are not even relevant... gg_team_win +5 gg_team_lose -5

[Drek282]

@bobl61 I haven't gotten to the awards yet, but I will be. I just wanted to note what @Rosenstein pointed out. You can't have SSL without using HTTPS, and that is probably the root configuration issue that caused the problem with cookies not being set. Basically you are using the wrong protocol for Apache if you wish to use SSL. You need a certificate, and you need to have HTTPS set up properly.

If you want to look into that, encryption certificates are available for free from Let's Encrypt, using certbot. If that was set up properly you would not have had to disable secure cookies in PS.

This was not a problem with PS, this is a problem with attempting to use SSL with HTTP instead of HTTPS, in other words it was a problem with the way you have your server and domain configured.

This issue is closed. There are plenty of problems with PS right now, this isn't one of them...

https://letsencrypt.org/

[Rosenstein]

+1 for LetsEncrypt. Free certs are set to expire after 3 months, but it is not hard to renew them.