0

Adding/enabling (you name it) google captcha in phpmyadmin config makes me stuck on the login page, token appears in the URL but I don't get the "control panel", so phpmyadmin becomes kinda useless. Turning on php error reporting gave me nothing, no error messages at all, even in /var/log (apache and mysql and php itself reported no errors). Turning off SSL or accessing via virtualhost that has no SSL configured changes nothing, the same problem is present.

The only way now to access phpmyadmin functionality is to remove google captcha (reCAPTCHA) from the config which is not an option for obvious reasons.

More information:

I was running phpmyadmin panel always only on localhost where I was connecting via ssh proxy.

But now I have the need to expose the panel to other users, so after adding it's own virtualhost with SSL which looks like this:

<VirtualHost x.x.x.x:443>
    ServerName somehost.tld
    DocumentRoot /usr/share/phpmyadmin
    #Alias /phpmyadmin /usr/share/phpmyadmin

    ServerSignature Off
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    SSLEngine on
    SSLCertificateFile /etc/letsencrypt/live/somehost.tld/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/somehost.tld/privkey.pem

    <Directory /usr/share/phpmyadmin>
        Options FollowSymLinks
        DirectoryIndex index.php

        <IfModule mod_php5.c>
            <IfModule mod_mime.c>
                AddType application/x-httpd-php .php
            </IfModule>
            <FilesMatch ".+\.php$">
                SetHandler application/x-httpd-php
            </FilesMatch>

            php_flag magic_quotes_gpc Off
            php_flag track_vars On
            php_flag register_globals Off
            php_admin_flag allow_url_fopen Off
            php_value include_path .
            php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp
            php_admin_value open_basedir /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/:/usr/share/php/php-gettext/:/usr/share/javascript/:/usr/share/php/tcpdf/
        </IfModule>

    </Directory>

    # Authorize for setup
    <Directory /usr/share/phpmyadmin/setup>
        <IfModule mod_authz_core.c>
            <IfModule mod_authn_file.c>
                AuthType Basic
                AuthName "phpMyAdmin Setup"
                AuthUserFile /etc/phpmyadmin/htpasswd.setup
            </IfModule>
            Require valid-user
        </IfModule>
    </Directory>


    # Disallow web access to directories that don't need it
    <Directory /usr/share/phpmyadmin/libraries>
        Require all denied
    </Directory>
    <Directory /usr/share/phpmyadmin/setup/lib>
        Require all denied
</Directory>


    BrowserMatch "MSIE [2-6]" \
    nokeepalive ssl-unclean-shutdown \
    downgrade-1.0 force-response-1.0

    # MSIE 7 and newer should be able to use keepalive
    BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>

(I didn't touch localhost virtualhost file to be able to access that panel in case where for some reason this config will not work, but it appears that even this thing is broken now)

So, the login page works fine, but the problem is that after trying to login to any user (even from localhost virtualhost [the old way it used to be]) url in browser changes to: https://somehost.tld/index.php?token=sometoken and I'm stuck at the login page.

Since this panel is connected to mysql server and is exposed to public internet I also turend on google recaptcha on login page by adding these lines to /etc/phpmyadmin/config.inc.php :

$cfg['CaptchaLoginPublicKey'] = 'mypublickey'
$cfg['CaptchaLoginPrivateKey'] = 'myprivatekey'

When I commented these lines I'm able to access all of phpmyadmin's functionality, why is this captcha breaking everything? In google recaptcha settings I have the right domain added to this captcha keys.

Host is Debian 8, I tried to even run dpkg-reconfigure phpmyadmin to make sure that it's not just config problem. It didn't help.

Kristi
  • 91
  • 2
  • 10

2 Answers2

0

I found a solution and now I'm feeling kinda stupid.

Since debian 8 (jessie) is installed on the host I have really old packages (that's not a suprise sine it's debian).

It appears that phpmyadmin was not updated in debian and when google dropped (or not dropped, the point is that it is not working in this version anymore) reCAPTCHA v1 API it just stopped working, and I have added reCAPTCHA v2 keys to the config.

So I had to download newer version of phpmyadmin from debian 9 repo. I wasn't using debian in a long time so I didnt know how to add repository from newer version and tell apt to download given package and it's deps from given repo like in ArchLinux or SUSE. The solution to my lack of knowegle were these steps:

wget http://ftp.cz.debian.org/debian/pool/main/p/phpmyadmin/phpmyadmin_4.6.6-4_all.deb
dpkg -i ./phpmyadmin_4.6.6-4_all.deb

dpkg throws errors about unmet dependencies and that it's leaving that package unconfigured but the panel works now with no other tweaks needed... well.. I do get some warning in the panel about " The phpMyAdmin configuration storage is not completely configured, some extended features have been deactivated. "

But since I use that panel to just interact with MySQL and add/remove SQL users I don't really need it anyway... probably.

I hope that one day someone will edit this answer and add a proper way of installing a package from repository with newer version.

Kristi
  • 91
  • 2
  • 10
0

The answer is that you should not select a v2 reCaptcha but an "invisile reCaptcha". Worked for me.

Sigi
  • 1