MySQL Error on Fresh 5.6.0.2 Install
Permalink
Hello, I'm trying to evaluate Concrete 5 as a replacement for our current CMS but I can't get the current version to work either through migrations from an earlier version or a fresh install. In theory I'm excited about this CMS, but in practice I'm a little scared to use it in production.
My configuration:
- OpenSUSE 12.1, all current upgrades as of this post
- MySQL v5.5.25 installed through yast2
- PHP v5.3.8 installed through yast2
- Apache2 v2.2.21 installed through yast2
When installing I get this error:
mysql error: [1048: Column 'uID' cannot be null] in EXECUTE("INSERT INTO Config (cfKey,cfValue,uID) VALUES ('NEWSFLOW_LAST_VIEWED','FIRSTRUN',NULL)")
Looking at the appropriate db.xml file, that field does not have the <NOTNULL /> tag, so I don't know why it doesn't match the schema generated. I'm not a PHP guy though so I didn't debug much further.
With this same setup I can install 5.4.2.2 and upgrade to 5.5.2.1 with no apparent errors. When I upgrade to 5.6.0.2 though my edit bar doesn't show (the javascript to render it isn't written) and I can't adjust permissions for anything with simple or advanced permissions in the dashboard (I can get to the dashboard if I type the url in manually).
My configuration:
- OpenSUSE 12.1, all current upgrades as of this post
- MySQL v5.5.25 installed through yast2
- PHP v5.3.8 installed through yast2
- Apache2 v2.2.21 installed through yast2
When installing I get this error:
mysql error: [1048: Column 'uID' cannot be null] in EXECUTE("INSERT INTO Config (cfKey,cfValue,uID) VALUES ('NEWSFLOW_LAST_VIEWED','FIRSTRUN',NULL)")
Looking at the appropriate db.xml file, that field does not have the <NOTNULL /> tag, so I don't know why it doesn't match the schema generated. I'm not a PHP guy though so I didn't debug much further.
With this same setup I can install 5.4.2.2 and upgrade to 5.5.2.1 with no apparent errors. When I upgrade to 5.6.0.2 though my edit bar doesn't show (the javascript to render it isn't written) and I can't adjust permissions for anything with simple or advanced permissions in the dashboard (I can get to the dashboard if I type the url in manually).
The underlying problem is actually Concrete 5 nuking the user session. In concrete/startup/session.php, the length of the session key is checked, presumably as a security measure. Since I'm not a PHP developer I don't know why that's important. The two php.ini settings that control key length are:
session.hash_bits_per_character : Higher numbers make shorter keys
session.hash_function : Different hash functions have different lengths
My default OpenSUSE install set hash_bits_per_character at 5 and the hash_function at SHA256, which is more secure than 1 (SHA-1), so I'm going to guess this is a bug. To make all my problems go away I modified the concrete/startup/session.php file to comment out the following three lines.
session.hash_bits_per_character : Higher numbers make shorter keys
session.hash_function : Different hash functions have different lengths
My default OpenSUSE install set hash_bits_per_character at 5 and the hash_function at SHA256, which is more secure than 1 (SHA-1), so I'm going to guess this is a bug. To make all my problems go away I modified the concrete/startup/session.php file to comment out the following three lines.
Brilliant! You've nailed it. I stopped trying after messing with this back in October. Many thanks!
I am upping this max value to 128 instead of 32.
Thanks, I just logged on to post a follow-up saying this was fixed on 5.6.1.1 and noticed your comment (https://github.com/concrete5/concrete5/blob/5.6.1.1/web/concrete/startup/session.php) :)
The context of this then becomes:
If I do the same thing in 5.6.2.2 I get a little bit further, but then I get a class not found error, which is fixed by adding an include. After that the site is still broken in the same way, but it reports having installed successfully.