afterlogic / webmail-lite

AfterLogic WebMail Lite PHP. Fast and easy-to-use webmail front-end for your existing IMAP mail server, Plesk or cPanel.
https://afterlogic.org/webmail-lite
GNU Affero General Public License v3.0
443 stars 120 forks source link

Correct credentials make the login page go back to login without error messages. #89

Closed xpufx closed 6 years ago

xpufx commented 6 years ago

We are on 8.1.11 . Auth is via LDAP. It has been working fine for the most part but lately some users started to have an issue where even though they enter the correct credentials login will not occur. They will be sent back to the login page. No error message is displayed. If incorrect credentials are entered, an error message is correctly displayed.

Sometimes after a random amount of time and/or tries login will occur and after that it will work for that particular user. So I am thinking it might be a cookie or cache issue. I can't find anything in the logs that looks relevant.

What can I look at ? Has there been work in this area in 8.1.12?

afterlogic-support commented 6 years ago

Actually, we've just run into a very similar issue. On a customer's system, we've found out that a couple of PHP functions won't work as expected. Please check system/Api.php file, create its backup copy, and in DecodeKeyValues function, replace:

$aResult = @\unserialize(
    gzinflate(
        Utils\Crypt::XxteaDecrypt(
            Utils::UrlSafeBase64Decode($sEncodedValues), \md5(self::$sSalt))));

with:

$aResult = @\unserialize(
        Utils\Crypt::XxteaDecrypt(
            Utils::UrlSafeBase64Decode($sEncodedValues), \md5(self::$sSalt)));

Also, in EncodeKeyValues function, replace:

gzdeflate(
    @\serialize($aValues)
), 

with

@\serialize($aValues),

Does it help?

xpufx commented 6 years ago

Thanks for the quick response. The one sample I have in hand already started working again somehow. I will check this code the next time it happens and report back.

xpufx commented 6 years ago

This happened with a different user today and the proposed fix did work. If it will help with your debugging I want to remind you that we are using an old PHP version due to some unrelated legacy app. Our version is 5.6.37 . This issue must have started happening with a PHP update in the recent weeks.

Thanks for the fix.