Hi guys

I try login in my site but i can't do it. Show message :

"Sorry, unrecognized username or password. Have you forgotten your password?"

It only occur when i use PHP7

i edited file /modules/user/user.module in function user_load, i added a line following for debug:

//.....
 if ($user = db_fetch_object($result)) {
     echo var_dump($user)."1"; //<--- line added
    $user = drupal_unpack($user);
/***
......
*/
}

object(stdClass)#480 (20) { ["uid"]=> string(1) "0" ["name"]=> string(0) "" ["pass"]=> string(0) "" ["mail"]=> string(0) "" ["mode"]=> string(1) "0" ["sort"]=> string(1) "0" ["threshold"]=> string(1) "0" ["theme"]=> string(0) "" ["signature"]=> string(0) "" ["created"]=> string(1) "0" ["access"]=> string(1) "0" ["login"]=> string(10) "1463422937" ["status"]=> string(1) "0" ["timezone"]=> string(6) "-18000" ["language"]=> string(0) "" ["picture"]=> string(0) "" ["init"]=> string(0) "" ["data"]=> NULL ["signature_format"]=> string(1) "0" ["timezone_name"]=> string(12) "America/Lima" } 

1object(stdClass)#482 (20) { ["uid"]=> string(2) "62" ["name"]=> string(7) "admin" ["pass"]=> string(32) "0d9f876b71030e8f9748de028f65849a" ["mail"]=> string(17) "sdf.xxxx@yyyy.com" ["mode"]=> string(1) "0" ["sort"]=> string(1) "0" ["threshold"]=> string(1) "0" ["theme"]=> string(0) "" ["signature"]=> string(0) "" ["created"]=> string(10) "1392218487" ["access"]=> string(10) "1464385687" ["login"]=> string(10) "1464385687" ["status"]=> string(1) "1" ["timezone"]=> string(6) "-18000" ["language"]=> string(0) "" ["picture"]=> string(0) "" ["init"]=> string(29) "sdf.xxxx@yyyy.com" ["data"]=> string(72) "a:1:{s:13:"form_build_id";s:37:"form-2cb3ace5ac6946224a332419f45baf9d";}" ["signature_format"]=> string(1) "0" ["timezone_name"]=> string(12) "America/Lima" } 1 

It meaning that it try login two users. =S
Someone help me please

Thanks in advance

PS: Sorry my english

Comments

onejam’s picture

All i can say is that you shouldn't be using Drupal 6 anymore. This version is no longer offically supported and was never built to run on PHP7 since support has ended. Either upgrade to Drupal 7 or 8, or downgrade PHP version to 5.4

There is a company that still supports Drupal 6 but it is only security updates: https://www.mydropwizard.com/

Otherwise, you are on your own...

-----------------------------------------------------------------
We build engaging websites and intuitive designs that will benefit your business.
Duvien

idreamer’s picture

I got the same problem here. After upgraded to PHP7, I could not log in to my Drupal 6 sites.
After adding debug messages to find out what happened, I found the function call 'sess_regenerate()' in function user_authenticate_finalize() resets the loaded $user back to anonymous user.
It doesn't make any sense, but after commenting out the sess_regenerate() call in user_authenticate_finalize(), the login functionality seems to perform normally again.

kubrt’s picture

Same here, commenting out the sess_regenerate() call seems to fix it

kubrt’s picture

I have also noticed that the CCK field nodereference doesn't work on php7 - it won't update upon node save. No error or warning is issued.

jvieille’s picture

Similar issue: After login out, impossible to login again unless I clear the browser cookies.
seemingly related : I set a rule that emails me user information when someone logs in. I Get "Anonymous" instead of the user correct info.
It looks like $user is not set when hook_user proceeds.

Commenting out as suggested seems to fix both login and "anonymous" notification issues.
Any explanation, what possible drawbacks?

JV

btopro’s picture

My guess is that if the account changes while someone is logged in that basically forces all current users to be kicked out. Not sure if there are other security considerations or not.

jvieille’s picture

This actually does not work. I have again login problems despite this fix.
I am trying another fix - in function drupal_session_regenerate(), I commented this out:

if (drupal_session_started()) {
// $old_session_id = session_id();
// session_regenerate_id();
}

JV

miststudent2011’s picture

commenting out the sess_regenerate() call seems to fix it for me

felixbachman’s picture

The issue with the sess_regenerate() function is that it uses session_regenerate_id() which works differently in php7. The php manual at

http://php.net/manual/en/function.session-regenerate-id.php

states that with version 7 session_regenerate_id() saves and restores the session variables. That means the functions sess_write() is called with the old key and then sess_read() with the new key. The last call leads to not finding the record in the session database table and therefore the user is set to anonymous.

A simple way around this issue is in the function sess_regenerate() to save the user information before calling session_regenerate_id() and restoring the user after returning from the call.

function sess_regenerate() {
  global $user;
  // Save the user information since session_regenerate_id in php7 will think
  // we have no session information after we got the new id and switch the user to anonymous
  $account = $user;
  $old_session_id = session_id();

  // We code around http://bugs.php.net/bug.php?id=32802 by destroying
  // the session cookie by setting expiration in the past (a negative
  // value).  This issue only arises in PHP versions before 4.4.0,
  // regardless of the Drupal configuration.
  // TODO: remove this when we require at least PHP 4.4.0
  if (isset($_COOKIE[session_name()])) {
    setcookie(session_name(), '', time() - 42000, '/');
  }

  session_regenerate_id();

  db_query("UPDATE {sessions} SET sid = '%s' WHERE sid = '%s'", session_id(), $old_session_id);
  // Restore the user data again
  $user = $account;
}
gt.’s picture

Curly brackets for array type properties of objects:

You also have to put the variable object properties into a pair of curly brackets, at least where the variable is a child of an array. For example: change $node->$field['field_name'] to $node->{$field['field_name']}. Instead of this your cck node forms will not be filled with data. I'm using this regexp for the change:

Pattern:
(\$[a-zA-Z0-9-_]+)-\>(\$[a-zA-Z0-9-_]+\[\'?[^\'\]]+\'?\])

Replacement:
$1->{$2}

You will need get rid of "i" regexp modifier:
for example in unicode.inc:

Change:

  return preg_replace('/&(#x?)?([A-Za-z0-9]+);/e', '_decode_entities("$1", "$2", "$0", $html_entities, $exclude)', $text);

To:

  return preg_replace_callback('/&(#x?)?([A-Za-z0-9]+);/', function($m) use($html_entities, $exclude) {
    return _decode_entities($m[1], $m[2], $m[0], $html_entities, $exclude);
  }, $text);

...and ereg and eregi functions:
For this, I put helper functions into settings.php:

if (!function_exists('ereg')) {
	function ereg($pattern, $subject, &$matches) { return preg_match('%'.$pattern.'%', $subject, $matches); }
}
if (!function_exists('eregi')) {
	function eregi($pattern, $subject, &$matches) { return preg_match('%'.$pattern.'%i', $subject, $matches); }
}
if (!function_exists('ereg_replace')) {
	function ereg_replace($pattern, $replacement, $string) { return preg_replace('%'.$pattern.'%', $replacement, $string); }
}
if (!function_exists('eregi_replace')) {
	function eregi_replace($pattern, $replacement, $string) { return preg_replace('%'.$pattern.'%i', $replacement, $string); }
}
if (!function_exists('split')) {
	function split($pattern, $subject, $limit) { return preg_split('%'.$pattern.'%', $subject, $limit); }
}
if (!function_exists('spliti')) {
	function spliti($pattern, $subject, $limit) { return preg_split('%'.$pattern.'%i', $subject, $limit); }
}

If you have views module, you may need fix the tons of mismatching class extends where the method property definitions aren't matching to the parent class.
This causes warnings, although you you can suppress them (not recommended).

MustangGB’s picture

Curly brackets for array type properties of objects:
To list the occurrences that need changing I used gt.'s regex like so:
find . -type f -print0 | xargs -0 grep -inrI --color=always -e "\\\$[a-zA-Z0-9_-]\+\->\\\$[a-zA-Z0-9_-]\+\['\{0,1\}[^'^\]\+'\{0,1\}\]"

jvieille’s picture

in Komodo you should use
\1->{\2}
for replacement to work

JV

jvieille’s picture

Thank you so much, this is very helpful.

JV

btopro’s picture

ini_set('mbstring.http_input', 'pass');
ini_set('mbstring.http_output', 'pass');

will get you through install as well

jvieille’s picture

What is this supposed fixing?
Where would this code apply ? settings.php ?

JV

btopro’s picture

settings.php ; My setup is a well tuned PHP7 rig so something w/ mbstring which wasn't allowing Drupal to install

jvieille’s picture

I remember now that I had to change that (did it in php.ini actually)
This is documented here https://www.drupal.org/node/2332295
However,
1) the patch will not work for PHP7 - checking for PHP 5.6, not 7
2) these settings are both deprecated and useless, so we don't care and should better left unset.
I removed all this code in unicode.inc and removed the two settings as we will not go back to older PHP versions and Drupal should not address internal PHP affairs.

Also, this section in .htaccess is useless, actually skipped in php7

<IfModule mod_php5.c>
  php_value magic_quotes_gpc                0
  php_value register_globals                0
  php_value session.auto_start              0
  php_value mbstring.http_input             pass
  php_value mbstring.http_output            pass
  php_value mbstring.encoding_translation   0
</IfModule>

JV

jvieille’s picture

This might be a possible issue
https://www.drupal.org/node/2914460
I experienced this with PHP7 only

JV

jvieille’s picture

I was successful upgrading my D6 +250 contribs platform working smoothly and speedily under PHP7.
I wish now to go 7.1 as I do not plan to rework the web site by a decade.
Hase someone tested it? There seem to be quite significant number of backward incompatibilities in this PHP release.
Thanks
 

JV

ttkaminski’s picture

Can you provide a summary of all the changes you did to get the D6 site working under php7?  There are some tips listed above, but they are probably not complete.  Ideally a diff of your code would be super helpful (it doesn't have to cleanly apply as I can manually inspect the diffs).   It would save me (and a few others) a bunch of time!

jvieille’s picture

Most is in this page.

Actually, there are no much changes to proceed before having a D6 site bak and running under PHP7

The next step is to handle PHP warnings : I did that o a daily basis until it got quiet...

I can send you my Pressflow code, some modulesyou might need too though I made some specific tweaks.

JV

emilymathew’s picture

Hi, I am also using pressflow for D6 and I am so happy to know that, you successfully upgraded pressflow core +250 contribs to php7. I also want to upgrade to php7 and I was researching whether it is feasible.

I see an initiative here https://github.com/d6lts/drupal/tree/php-7 to upgrade D6 core to php7. But didn't find an initiative for pressflow. Currently I am using an old php version 5.3 and I am using around 150 contrib modules.

It will be great if you can help me. What was your approach to upgrade? How did you identify the issues? Did you use any php static code analyzer tools like php7cc, php7mar etc? What was your previous php version?

jvieille’s picture

My approach was just what I said : After making the most obvious changes described here, I fixed the php error one by one, first on a test site, then in prod...

PHP 7.2 made some significant breaking changes. I fixed them also.

If you wish to save time, I can send you my current code - core and modules.

I am so happy with D6!

(the next time, I'll try to avoid Drupal if I have to develop a complex site, seeking a long term operations because you get abandonned by the community after the next - non migrable - upgrade) 

JV

emilymathew’s picture

Thank you, it would definitely help me save time if you send me the code. Can you provide a patch for the changes you done?

EastWan’s picture

Hi all,

I had the feeling that simply commenting out sess_regenerate() wouldn't be a good solution, so I did some research and found a solution at https://drupal.stackexchange.com/questions/215150/cannot-log-in-my-site-...

Apparently the session_regenerate_id() calls the sess_read() function, which in turn initializes the $user object. 

So in includes/session.inc, function sess_regenerate(), just save the $user object into a temporary variable and re-set it after the session has reinitialized.

$save_user = $user;
session_regenerate_id();
$user = $save_user;

Don't forget

global $user;

at the beginning of the sess_regenerate() function.

EastWan

jvieille’s picture

Thank you for this certainly better solution. I have made the change. I'll report back if something wrong happens again.

Edit: This is the right fix I am on Pressflow, so it is a bit different - different function in different file

JV