Hi all,
I installed Mibew 1.6.14 today on a dedicated web server running Apache on CentOS. We have PHP 5.4.31 and MySQL 5.5.30.
I was able to log in with the default admin:<empty> credentials, but only when the "Remember" box was checked. Trying to change anything resulted in a CSRF Failure error.
I've seen a couple other threads regarding this issue, so I'll say this up front:
- I've tried logging in through the latest versions of Chrome, Firefox, Opera, and Internet Explorer
- The demo on mibew.org works just fine, and the rest of our PHP applications work
- In php.ini, session.cookie_lifetime is set to 0, session.gc_maxlifetime is set to 1440, and short_open_tags is set to on
- I double checked the file and directory permissions; all files are set to 0644 and directories to 0755
I added a line to common.php to print out the CSRF token in your setcsrftoken() function, and it's generating a different one on every page load.
My only thought is that we're already using session_start() for our own record-keeping and that could be preventing the Mibew session cookie from registering, but it does show up in Chrome's developer tools.
Do you have any other suggestions to fix this, or things to look at?