I've seen on my Dashboard that a user had visited the page with the following URL fragment on my Piwik subdomain. URL: /index.php?module=CoreHome&action=index&idSite=1&period=range&date=last30&activated=
I have entered that URL (as a suffix to my analytics subdomain) in a browser and what I faced was a duplicate login form, with the same form (that has fields User name, User password, Remember me, etc.) presented to me twice.
Screenshot (page zoomed out at 67%) below. I guess this was not intended.
Thanks for the report. Can you somehow reproduce this bug on demo.piwik.org?
do you have this issue in 2.14.0 as well?
I don't see a version number on the Dashboard, unless it's somewhere I don't know of. I've upgraded a few days ago in July. So if 2.14.0 is the latest version, the answer is Yes. This happens with the latest version on Opera 12.17 (the old Presto version, not the WebKit-based one), FF, Chromium and IE. Thx.
Do you have any additional plugins installed?
No. Aside from having activated or deactivated plugins that are in the default package, I haven't added any "additional" plugins. My website is khalemy.com and piwik is in the "analytics" subdomain.
The following URL shows one login form: https://analytics.khalemy.com/index.php?module=CoreHome&action=&period=range&date=last30
This one shows two login forms: https://analytics.khalemy.com/index.php?module=CoreHome&action=index&idSite=1&period=range&date=last30&activated=
The differences lie in the params action, idSite and activated. The subdomain is accessible via HTTPS and plain HTTP but I don't think this matters.
Tested two minutes ago with the latest Chromium (46.0.2460.0). Thanks.
Thanks for the links. The whole HTML page appears twice in the page, see the source: view-source:https://analytics.khalemy.com/index.php?module=CoreHome&action=index&idSite=1&period=day&date=yesterday Could it be something like a nginx config issue for example?
Or actually do you have plugins like LoginLdap or LoginHttpAuth installed and enabled?
It seems all the "login" kind of plugins listen to the
User.isNotAuthorized event and echo the login form, so maybe 2 of them are listening to the event and outputting the form twice…
Yes, LoginLdap is installed and activated. We use LDAP as a central authentication DB. I'll see whether the default Piwik login is activated and if so, find out how to deactivate it. We might be on to something here.
EDIT: I confirm that disabling the Login plugin solves this duplication of the login form. Maybe the information could find its way in a FAQ? Thanks all for the time spent on this.
It seems LoginLdap is supposed to deactivate the Login plugin when it is enabled: https://github.com/piwik/plugin-LoginLdap/blob/master/LoginLdap.php#L86-L88
Maybe that didn't work for some reason, or the Login plugin got re-enabled somehow.
If you still experience this issue please re-open / leave a comment. We couldn't reproduce with LoginLdap