@Amenel opened this issue on July 12th 2015

I've seen on my Dashboard that a user had visited the page with the following URL fragment on my Piwik subdomain. URL: /index.php?module=CoreHome&action=index&idSite=1&period=range&date=last30&activated=

I have entered that URL (as a suffix to my analytics subdomain) in a browser and what I faced was a duplicate login form, with the same form (that has fields User name, User password, Remember me, etc.) presented to me twice.

Screenshot (page zoomed out at 67%) below. I guess this was not intended.

@mattab commented on July 15th 2015

Hi @Amenel

Thanks for the report. Can you somehow reproduce this bug on demo.piwik.org?

do you have this issue in 2.14.0 as well?

@Amenel commented on July 16th 2015

I don't see a version number on the Dashboard, unless it's somewhere I don't know of. I've upgraded a few days ago in July. So if 2.14.0 is the latest version, the answer is Yes. This happens with the latest version on Opera 12.17 (the old Presto version, not the WebKit-based one), FF, Chromium and IE. Thx.

@sgiehl commented on July 21st 2015

Do you have any additional plugins installed?

@Amenel commented on July 21st 2015

No. Aside from having activated or deactivated plugins that are in the default package, I haven't added any "additional" plugins. My website is khalemy.com and piwik is in the "analytics" subdomain.

The following URL shows one login form: https://analytics.khalemy.com/index.php?module=CoreHome&action=&period=range&date=last30

This one shows two login forms: https://analytics.khalemy.com/index.php?module=CoreHome&action=index&idSite=1&period=range&date=last30&activated=

The differences lie in the params action, idSite and activated. The subdomain is accessible via HTTPS and plain HTTP but I don't think this matters.

Tested two minutes ago with the latest Chromium (46.0.2460.0). Thanks.

@mnapoli commented on July 21st 2015

Thanks for the links. The whole HTML page appears twice in the page, see the source: view-source:https://analytics.khalemy.com/index.php?module=CoreHome&action=index&idSite=1&period=day&date=yesterday Could it be something like a nginx config issue for example?

@mnapoli commented on July 21st 2015

Or actually do you have plugins like LoginLdap or LoginHttpAuth installed and enabled?

It seems all the "login" kind of plugins listen to the User.isNotAuthorized event and echo the login form, so maybe 2 of them are listening to the event and outputting the form twice…

@Amenel commented on July 21st 2015

Yes, LoginLdap is installed and activated. We use LDAP as a central authentication DB. I'll see whether the default Piwik login is activated and if so, find out how to deactivate it. We might be on to something here.

EDIT: I confirm that disabling the Login plugin solves this duplication of the login form. Maybe the information could find its way in a FAQ? Thanks all for the time spent on this.

@mnapoli commented on July 21st 2015

It seems LoginLdap is supposed to deactivate the Login plugin when it is enabled: https://github.com/piwik/plugin-LoginLdap/blob/master/LoginLdap.php#L86-L88

Maybe that didn't work for some reason, or the Login plugin got re-enabled somehow.

@mattab commented on June 19th 2017

If you still experience this issue please re-open / leave a comment. We couldn't reproduce with LoginLdap

This issue was closed on June 19th 2017
Powered by GitHub Issue Mirror