search

Solutions-Nitriques / anti_brute_force

Secure your Symphony CMS login page against brute force attacks
http://symphonyextensions.com/extensions/anti_brute_force/
Other
10 stars 12 forks source link

Parameter must be an array or an object that implements Countable #42

Closed tmslnz closed 5 years ago

tmslnz commented 6 years ago 
Symphony Warning: count(): Parameter must be an array or an object that implements Countable

An error occurred in /extensions/anti_brute_force/lib/class.ABF.php around line 155
    150
    151 // only if already installed
    152 if ($this->_isInstalled) {
    153 // assure access to settings
    154 // fail is not settings, since this is a security software
    155 if (count($this->_settings) < 1) {
    156 throw new Exception('Can not load settings. Can not continue.');
    157 }
    158 }
    159 }
nitriques commented 6 years ago

Do you have a complete stack trace for me please ?

tmslnz commented 6 years ago

Sorry no I didn't save it. I don't recall seeing anything interesting in the stacktrace though.
This was after updating from 2.6.7 to 2.7.6. Oddly it appear to work fine on install; all backend pages were loading normally. Upon logging in a day later I encountered this. Every backend admin link was throwing, at least that I can confirm. I don't know about the frontend as in this instance we use Symphony as a raw XML backend for a JS frontend and I didn't bother checking if the "api" was working.

nitriques commented 6 years ago

It looks like data corruption to me. Can you check your config file please ?

jurajkapsz commented 6 years ago

I also have this with clean Symphony 2.7.7 install and latest extension version:

Symphony Warning: count(): Parameter must be an array or an object that implements Countable

An error occurred in .../extensions/anti_brute_force/lib/class.ABF.php around line 155

Backtrace

[.../extensions/anti_brute_force/lib/class.ABF.php:155] GenericErrorHandler::handler(); [.../extensions/anti_brute_force/lib/class.ABF.php:132] ABF->__construct(); [.../extensions/anti_brute_force/extension.driver.php:100] ABF::instance(); [.../symphony/lib/toolkit/class.administrationpage.php:1127] extension_anti_brute_force->fetchNavigation(); [.../symphony/lib/toolkit/class.administrationpage.php:1252] AdministrationPage->buildExtensionsNavigation(); [.../symphony/lib/toolkit/class.administrationpage.php:961] AdministrationPage->buildNavigation(); [.../symphony/lib/toolkit/class.administrationpage.php:515] AdministrationPage->getNavigationArray(); [.../symphony/lib/toolkit/class.administrationpage.php:351] AdministrationPage->canAccessPage(); [.../symphony/lib/core/class.administration.php:205] AdministrationPage->build(); [.../symphony/lib/core/class.administration.php:483] Administration->buildPage(); [.../symphony/lib/boot/func.utilities.php:253] Administration->display(); [.../symphony/lib/boot/func.utilities.php:235] symphony_launcher(); [.../index.php:19] symphony();

Database Query Log

[0.0001] SET character_set_connection = 'utf8', character_set_database = 'utf8', character_set_server = 'utf8'; [0.0000] SET CHARACTER SET 'utf8'; [0.0001] SET time_zone = '+02:00'; [0.0013] SELECT SQL_CACHE t1.name, t2.page, t2.delegate, t2.callback FROM sym_extensions as t1 INNER JOIN sym_extensions_delegates as t2 ON t1.id = t2.extension_id WHERE t1.status = 'enabled' ORDER BY t2.delegate, t1.name; [0.0005] SELECT SQL_CACHE session_data FROM sym_sessions WHERE session = 'at29u7hgrticj44ec2gebdnjb3' LIMIT 1; [0.0005] SELECT SQL_CACHE a. FROM sym_authors AS a WHERE username = 'admin' ORDER BY a.id ASC LIMIT 1; [0.0006] UPDATE sym_authors SET last_seen = '2018-08-08 01:50:58' WHERE id = 1; [0.0006] SELECT SQL_CACHE name FROM sym_extensions WHERE status = 'enabled'; [0.0003] SELECT SQL_CACHE FROM sym_extensions; [0.0004] SELECT SQL_CACHE s.* FROM sym_sections AS s ORDER BY s.sortorder asc;

It is enough I think to uninstall and again install the extension to get this error.

nitriques commented 6 years ago

I think we should change https://github.com/Solutions-Nitriques/anti_brute_force/blob/master/lib/class.ABF.php#L155 to empty, since it can be null.

nitriques commented 6 years ago

and is this php 7 ?

jurajkapsz commented 5 years ago

 and is this php 7 ?

checked, yes.

I think we should change https://github.com/Solutions-Nitriques/anti_brute_force/blob/master/lib/class.ABF.php#L155 to empty, since it can be null.

I've tried to change the condition to if (empty($this->_settings)) { and yes, it throws that exception after install.

nitriques commented 5 years ago

hum.

Can you try to:

  1. uninstall
  2. edit the config.php file to remove the anti brute force block
  3. open the dev tools
  4. submit the install form
  5. check if the first request is a 302 (redirect) or not. (i wan to know if it is the POST that fails or the subsequent GET)
  6. without reloading anything, check if the block is in the config.php file

thanks!

jurajkapsz commented 5 years ago

Can you try to:

Ok:

5) The first request was a 302 POST. Next one was a 500 GET. 6) The block was added to the config.php, without reloading.

You're welcome.

nitriques commented 5 years ago

@jurajkapsz Ok and if you simply reload, does it works ?

Also, can you check if you have the op_cache module on ?

jurajkapsz commented 5 years ago

Ok and if you simply reload, does it works ?

Yes.

can you check if you have the op_cache module on ?

Should be.

image

image

nitriques commented 5 years ago

Yeah that's the problem. I've fixed it in the core, but 2.7.x will not get that fix.

I'll fix it in the extension. Can you test the latest dev branch please ?

jurajkapsz commented 5 years ago

I'll fix it in the extension. Can you test the latest dev branch please ?

Works like a charm :+1:

BTW a little bit offtopic, but is this going to be a fix for Symphony 3 core, when speaking of opcache?

if (function_exists('opcache_invalidate')) {
    @opcache_invalidate(CONFIG, true);
}

Or is it just a workaround fix? Because as of now I have to add the @ like this concerning opcache into a few places in Symphony 2.7.x, like content.blueprintsdatasources.php to avoid similar error screens in Symphony. I think this is not a solution (I think it just suppresses warnings, but I don't know) so I do it only within my projects. Or maybe can I create a pull request for 2.7 for these opcache_invalidate occurrences in Symphony files, adding the @?

nitriques commented 5 years ago

Yes !

BTW a little bit offtopic, but is this going to be a fix for Symphony 3 core, when speaking of opcache?

The problem, in 2.7.x, is that the call is made in the UI code, not in Configuration::write(). In 3.0.x, it has been put into Configuration::write(), it is not needed in the extension.

I think it just suppresses warnings, but I don't know

Yes, that is the only thing that @ does (and it makes the function return false if warning are thrown). And, currently, it can show a warning: https://github.com/php/php-src/blob/250b577258ba9a736a15527f211ba52c9368d322/ext/opcache/zend_accelerator_module.c#L94

I think this is ok, since we would not want to crash if opcache_invalidate does not work.

Or maybe can I create a pull request for 2.7

Yes, please do!

jurajkapsz commented 5 years ago

Ok will do, thanks very much @nitriques !

nitriques commented 5 years ago

👍