CSRF token is wrong - please try to login again

Issue #384 resolved
Ahmed Cherevatyi created an issue


I manage some Archlinux and Centos7 servers and insatlled PhpLiteAdmin to all of them. On Archlinux’s it is working great, but on Centos’s while login, issues error “CSRF token is wrong - please try to login again“.

To force to work it I quoted “private function checkToken()^M” in index.php (renamed phpliteadmin.php) and works ok. However I descended serurity in this way and this is not good. Could you help, please.

Centos 7 minimal, Phpliteadmin stable, Lighttpd 1.4.54, php 7.3, openssl 1.0.2k-fips, Sqlite3, pdo, xml, sqlite, mbstring modules for php7.3 installed.


Comments (6)

  1. phpLiteAdmin repo owner

    Thanks for reporting. Does the problem also occur with the current development version?


    I guess you might be missing the openssl PHP extension, but I don’t know how to install it on Centos. I think the development version does not depend on it anymore, so try this first.

  2. Ahmed Cherevatyi reporter

    Thank you for quick replying.

    Yes, the problem occered with the current and stable version. I installed the dev version, the problem occured, as well.

    Finally, I have a look at the web-server error log and found the thing:

    2019-12-05 23:42:52: (mod_fastcgi.c.421) FastCGI-stderr: PHP message: PHP Warning: session_start(): open(/var/opt/remi/php74/lib/php/session/sess_8qkktm9dc1tvh3o5nkepp1n5ur, O_RDWR) failed: Permission denied (13) in /var/www/rainloop/db/phpliteadmin.php on line 464PHP message: PHP Warning: session_start(): Failed to read session data: files (path: /var/opt/remi/php74/lib/php/session) in /var/www/rainloop/db/phpliteadmin.php on line 464

    So, it’s funny but the problem was from php7.3 taken from Remi repo :)) 😀

    root@mail-america/v/w/r/db> ll /var/opt/remi/php74/lib/php/

    drwxrwx--- 2 root apache 4.0K Nov 27 09:49 opcache/

    drwxrwx--- 2 root apache 4.0K Nov 27 09:49 session/

    drwxrwx--- 2 root apache 4.0K Nov 27 09:49 wsdlcache/ means that php’s from Remi made for Apache.

    Changed the permissions: chown -R root:lighttpd /var/opt/remi/php74/lib/php and voila, both stable Phpliteadmin and development one work great.

    Thank you very much!

    Sincerely, Ahmed

  3. phpLiteAdmin repo owner

    Ok thanks for the reply. A broken PHP installation is nothing we can do much about. I guess the only thing we could do is check whether the session could be opened correctly. If not, we could display some message that helps the user to fix the problem more easily.

  4. Log in to comment