Nothing displayed if "auth" => 1 about ifm HOT 19 CLOSED

Which version of the IFM do you use? The precompiled version, or do you compile it yourself?

from ifm.

Could this error be triggered by some unusual header or header value?

I guess not. The initialization process of the IFM follows four steps:

• load configuration
• load templates
• load i18n (translations)
• client-side application initialization

The first three steps trigger ajax requests which expect valid JSON answers. Additional headers in the HTTP response should be ignored.

You should be able to test this by opening the browser console and enter

ifm.config

This should display the configuration array.

from ifm.

Which version of the IFM do you use? The precompiled version, or do you compile it yourself?

The compiled one (from this site).
BTW how could I compile it? (I haven't seen information, or I didn't look at the right place).

from ifm.

The compiled one (from this site).

Hm, weird. Which file exactly do you use? I just tested ifm.php and set auth => 1 and it works.

BTW how could I compile it? (I haven't seen information, or I didn't look at the right place).

You can compile the IFM this way:

$ git clone https://github.com/misterunknown/ifm
$ cd ifm
$ php ./compiler.php --lang=en

Afterwards you find the results in the dist folder.

from ifm.

Which file exactly do you use?

ifm.php

But only this one! from a previous message, should I understand that I need other folders too? (templates, i18n,..)

To crypt the password I used

htpasswd -n -B admin

from ifm.

No, you only need this single file, and the password generation looks also good.

Can you force reloading the page while having the networking tab in the browser console open? You should see some XHR requests containing JSON objects. Could you validate these objects?

from ifm.

Another method you could use: Just open a browser and go to:

view-source:https://<your_domain_and_path>/ifm.php?api=getTemplates

For example:

view-source:https://ifmdemo.gitea.de/ifm.php?api=getTemplates

The copy the content and check, if this is a valid JSON file (e.g. here).

from ifm.

The XHR POSTs are valid JSONs, containing only

{"status":"ERROR","message":"not authenticated"}

view-source: produced a HTML source code, not a JSON.

from ifm.

I wonder if it doesn't come from my PHP version, which is 7.4.3 (although that does not explain why without authentication it works smoothly).
Isn't any possibility to have a "debug" mode that writes to Apache's error log?

from ifm.

I have an "educated guess": Do you use an Basic Authentication with your web server additional to setting auth => 1? This may interfere in 2.6.2. Can you test a self-compiled version?

from ifm.

(BTW: PHP 7.4 should work fine, I tested everything on 7.4.11)

from ifm.

1. if I test with a local compiled version, I get the same thing,
2. I don't use Basic Authentication here

However, adding some error_log in the code I noticed that

• the return from checkCredentials() is 1, so there's no type error,
• there's no HTTP_X_IFM_AUTH variable defined and
• session_status() returns 1

from ifm.

Hi, sorry for the late reply.

The function checkCredentials should return a boolean value. session_status should return 2 (which is equal to PHP_SESSION_ACTIVE), if the session is active.

Could you test it with a private tab in your browser? If this IFM instance is public accessible, you can email me the URL and the credentials, maybe I can work out the problem.

from ifm.

you can email me the URL

What e-mail, please?

from ifm.

Thanks for your mail, I'll take a look at it on Monday.

from ifm.

Ok, I took a look, and I guess the problem is that your webserver sends a different set-cookie header with every request. This is really weird, since it contains the path /myphp/, which is not associated with the IFM.

Can you upload this little test script? It can be used to test if a session is persistent.

<?php
session_start();

if (!isset($_SESSION['session_created_at']))
    $_SESSION['session_created_at'] = date('r');

echo "<pre>";
print_r($_SESSION);

if (isset($_REQUEST['logout']))
    session_destroy();

If you call this script multiple times in your browser, it should initially set the session_created_at field and echo the same timestamp in all subsequent requests. If that's not the case, then you likely have some webserver configuration you're not aware of.

from ifm.

Yes, it creates a new session each time; I shall look into that to see why.

from ifm.

Yes, that was the problem - you may close this issue now.

Thank you for your help!

from ifm.

Ok, glad you resolved it!

from ifm.