I believe this is a duplicate of https://github.com/phpmyadmin/phpmyadmin/issues/14184

In general, this often can be worked around by entering your credentials a second time or sometimes resolved by clearing your current phpMyAdmin cookies. Those cookies start with “pma” and clearing them may reset a few settings and could clear the stored username from the login form, but may resolve the issue for you.

Switching your connection to https rather than http, if your web server is properly configured, may also help.

@ibennetch: I don't think this is a duplicate. Logging in works without a problem. The bug is just the fact that the error/warning message is shown.

JavaScript compares the scheme used on the client with the scheme reported back by the back-end. As JavaScript sees https, but the back-end reports http, JavaScript decides to show the error/warning message.

If the reverse proxy is configured to use the non-standard HTTP header X-Forwarded-Proto, the back-end will also report a HTTPS connection. However, Forwarded is a standard way via an RFC, while X-Forwarded-Proto is not.

The method isHttps() already supports quite some vendor-specific HTTP headers, so according to my understanding, nothing speaks against also supporting the RFC standard.

The algorithm for parsing is pretty straight forward:

        } elseif (($forwarded = Core::getenv('HTTP_FORWARDED')) != '') {
            $hops = explode(',', $forwarded);
            $parts = explode(';', $hops[0]);
            foreach ($parts as $part) {
                $key_value = explode('=', $part);
                if ((strtolower(trim($key_value[0])) == 'proto') && (isset($key_value[1]) && (strtolower(trim($key_value[1])) == 'https'))) {
                    $is_https = true;
                    break;
                }
            }
        }

@williamdes: What does help wanted mean? Anything I can help you with?

@aschuch247 it means that I would want someone to help us solve this issue with a pull-request

There is mismatch between HTTPS indicated on the server and client. This can lead to non working phpMyAdmin or a security risk. Please fix your server configuration to indicate HTTPS properly.

What is the actual idea behind this? I am using phpMyAdmin behind a HTTPS accelerator proxy and it works very well. At the moment, I consider phpMyAdmin as very proxy-friendly.

Examples of not so friendly applications are Jira and Review Board. What do they do wrong?

• They embed absolute FQDN links in their HTML (Jira).
• They embed absolute FQDN links in their RPC responses (Jira and Review Board).

A properly configured proxy can rewrite FQDN references at the HTTP level, for example as part of a Location header. But there is no fool-proof way to rewrite the HTTP body.

So, why does phpMyAdmin bother with HTTP and HTTPS detection and why does it even compare the detected values between server and client? If I tell my browser to send a proper X-Forwarded-Proto HTTP header, I can trick phpMyAdmin to believe whatever I want and the warning is not shown.

Maybe the solution to this problem here is to add a new option to dismiss the server/client comparison and the resulting warning message. By default, it is enabled (safe and conservative defaults), but it can be disabled to not scare users on a properly configured HTTPS accelerator proxy.

How about that?

Technically, NGINX does it the right way: https://nginx.org/en/docs/http/ngx_http_realip_module.html. All upstream proxies are logged in Forwarded (X-Forwarded-For), one by one. The server also knows a list of trusted proxies and when iterating the list, the first non-trusted IP address obviously is the (untrusted) client. This way, not even the gateway proxy needs to clear/reset Forwarded (X-Forwarded-For).

So from a conceptual point of view, what kind of trust is phpMyAdmin supposed to have in any of the HTTP headers? If it is just to display a message, not that much trust is required.

Any opinion on this?

Summary of the problem: Forwarded is a comma-separated list of tuples. How to figure out which of the tuples represents the (JavaScript) client, in order to then fetch the proto attribute from the tuple. Or always use the very first tuple, but this means that the list is trusted to not be manipulated by the client.

Thanks for the feedback @aschuch247 !

@ibennetch If I can have your comments on this issue, I am okay with implementing the code @aschuch247 sent us.

Yeah I also encountered this bug! 😞

@aschuch247 Is it safe to just ignore this warning?

@lonix1: phpMyAdmin 4.9.1 works like a charm, if the proxy is properly configured. The message can be ignored.

From what I figured out is that the client (your browser) tells the server how phpMyAdmin was accessed. This is either by HTTP or HTTPS. The server checks how it is accessed. This also is either by HTTP or HTTPS. The message is shown if both ways of accessing differ.

This can happen if you use an SSL accelerator, that is, a HTTPS to HTTP 'unpacking' proxy in-between.

After more research, I think I can implement it before 4.9.3 is out

I am getting the same warning message with the latest version :(

Using Nginx.

But before the latest update it was ok...

@pamamolf can you post the nginx config?

It is for my hostname that i am using for Phpmyadmin and it worked with no issues a long time:

server {
    listen                       443 ssl http2;
    server_name                  server.mydomain.com;

    ssl_certificate              /usr/local/nginx/conf/ssl/server.mydomain.com/server.mydomain.com-acme.cer;
    ssl_certificate_key          /usr/local/nginx/conf/ssl/server.mydomain.com/server.mydomain.com-acme.key;
    ssl_certificate_key          /usr/local/nginx/conf/ssl/server.mydomain.com/server.mydomain.com.key;
    include                      /usr/local/nginx/conf/ssl_include.conf;

    keepalive_timeout            3000;
    client_body_buffer_size      256k;
    client_body_timeout          3000s;
    client_header_buffer_size    256k;
    ##                           how long a connection has to complete sending
    ##                           it's headers for request to be processed
    client_header_timeout        60s;
    client_max_body_size         512m;
    connection_pool_size         512;
    directio                     512m;
    ignore_invalid_headers       on;
    large_client_header_buffers  8 256k;

    http2_max_field_size         16k;
    http2_max_header_size        32k;
    #                            dual cert supported ssl ciphers
    ssl_ciphers                  EECDH+CHACHA20-draft:EECDH+CHACHA20:EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+ECDSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+SHA384:EECDH+AES128:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!CAMELLIA;
    ssl_prefer_server_ciphers    on;
    #add_header                  Alternate-Protocol 443:npn-spdy/3;
    #add_header                  Strict-Transport-Security "max-age=31536000; includeSubdomains;";
    #add_header                  X-Frame-Options SAMEORIGIN;
    #add_header                  X-Xss-Protection "1; mode=block" always;
    #add_header                  X-Content-Type-Options "nosniff" always;
    #spdy_headers_comp           5;
    ssl_buffer_size              1369;
    ssl_session_tickets          on;

    #                            enable ocsp stapling
    resolver                     8.8.8.8 8.8.4.4 valid=10m;
    resolver_timeout             10s;
    ssl_stapling                 on;
    ssl_stapling_verify          on;
    ssl_trusted_certificate      /usr/local/nginx/conf/ssl/server.mydomain.com/server.mydomain.com-acme.cer;

    root                         html;
    access_log                   /var/log/nginx/localhost.access.log main;
    error_log                    /var/log/nginx/localhost.error.log error;

    #                            ngx_pagespeed & ngx_pagespeed handler
    #include                     /usr/local/nginx/conf/pagespeed.conf;
    #include                     /usr/local/nginx/conf/pagespeedhandler.conf;
    #include                     /usr/local/nginx/conf/pagespeedstatslog.conf;

    #                            limit_conn limit_per_ip 16;
    #                            ssi on;
    location /nginx_status {
        stub_status                 on;
        access_log                  off;
        allow                       127.0.0.1;
        #allow                      youripaddress;
        deny                        all;
    }

    location / {

        #                           block common exploits, sql injections etc
        #include                    /usr/local/nginx/conf/block.conf;

        #Enables                    directory listings when index file not found
        #autoindex                  on;
    }

    include                      /usr/local/nginx/conf/staticfiles.conf;
    include                      /usr/local/nginx/conf/include_opcache.conf;
    include                      /usr/local/nginx/conf/php.conf;
    #include                     /usr/local/nginx/conf/phpstatus.conf;
    include                      /usr/local/nginx/conf/drop.conf;
    #include                     /usr/local/nginx/conf/errorpage.conf;
    #include                     /usr/local/nginx/conf/vts_mainserver.conf;

}

Thank you

@pamamolf so 4.9.2 version works fine ?
Also can you send php.conf; ?
Thank you

@pamamolf is using my Centmin Mod LEMP stack and it has a phpadmymin.sh scrip to install phpmyadmin via git clone of stable branch. Here's a cleaner markdown formatted phpmyadmin https self-signed ssl vhost from my test server which is also experiencing the mismatch issue on update to phpmyadmin 5.0 - prior versions were fine

contents of https vhost /usr/local/nginx/conf/conf.d/phpmyadmin_ssl.conf

# https SSL SPDY phpmyadmin
server {
        listen 443 ssl http2;
            server_name centos7.localdomain;
            root   html;

keepalive_timeout  3000;

 client_body_buffer_size 256k;
 client_body_timeout 3000s;
 client_header_buffer_size 256k;
 client_header_timeout  60s;
 client_max_body_size 512m;
 connection_pool_size  512;
 directio  512m;
 ignore_invalid_headers on;
 large_client_header_buffers 8 256k;

        ssl_certificate      /usr/local/nginx/conf/ssl/centos7.localdomain.crt;
        ssl_certificate_key  /usr/local/nginx/conf/ssl/centos7.localdomain.key;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_session_cache      shared:SSL:10m;
        ssl_session_timeout  10m;
        # mozilla recommended
        ssl_ciphers EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+ECDSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+SHA384:EECDH+AES128:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!CAMELLIA;
        ssl_prefer_server_ciphers   on;
        add_header X-Frame-Options SAMEORIGIN;
        ssl_buffer_size 1400;
        ssl_session_tickets on;

        access_log              /var/log/nginx/localhost_ssl.access.log     main;
        error_log               /var/log/nginx/localhost_ssl.error.log      error;

    location / {
        return 302 http://$server_name$request_uri;
    }

  include /usr/local/nginx/conf/phpmyadmin_https.conf;
  include /usr/local/nginx/conf/staticfiles.conf;
  #include /usr/local/nginx/conf/php.conf;
  include /usr/local/nginx/conf/drop.conf;
  include /usr/local/nginx/conf/errorpage.conf;
}

in the non-https vhost for same domain, it has a 301 rewrite redirect for just phpmyadmin install url redirecting from non-https to https vhost

location ^~ /5119_mysqladmin19840/ {
        rewrite ^/(.*) https://centos7.localdomain/$1 permanent;
}

contents of /usr/local/nginx/conf/phpmyadmin_https.conf

location ^~ /5119_mysqladmin19840/ {
        #try_files $uri $uri/ /5119_mysqladmin19840/index.php?$args;
        include /usr/local/nginx/conf/php_5119_mysqladmin19840.conf;

        auth_basic      "Private Access";
        auth_basic_user_file  /usr/local/nginx/conf/htpassphpmyadmin;
        allow 127.0.0.1;
        #allow 192.168.0.12;
        #deny all;
}

contents of /usr/local/nginx/conf/php_5119_mysqladmin19840.conf

location ~ [^/]\.php(/|$) {
  include /usr/local/nginx/conf/503include-only.conf;
    fastcgi_split_path_info ^(.+?\.php)(/.*)$;
    if (!-f $document_root$fastcgi_script_name) {
        return 404;
    }
    #fastcgi_keep_conn on;
    #fastcgi_pass dft_php;
    fastcgi_pass   127.0.0.1:9991;
    #fastcgi_pass   unix:/tmp/php5-fpm.sock;
    fastcgi_index  index.php;
    #fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
    fastcgi_param  SCRIPT_FILENAME    $request_filename;
    #fastcgi_param PHP_ADMIN_VALUE open_basedir=$document_root/:/usr/local/lib/php/:/tmp/;

# might shave 200+ ms off PHP requests
# which don't pass on a content length header
# slightly faster page response time at the
# expense of throughput / scalability
#sendfile on;
#tcp_nopush off;
#keepalive_requests 0;

fastcgi_connect_timeout 60s;
fastcgi_send_timeout 180s;
fastcgi_read_timeout 300s;
fastcgi_buffer_size 4k;
fastcgi_buffers 512 4k;
fastcgi_busy_buffers_size 1m;
fastcgi_temp_file_write_size 4m;
fastcgi_max_temp_file_size 4m;
fastcgi_intercept_errors off;

# next 3 lines when uncommented / enabled
# allow Nginx to handle uploads which then 
# passes back the completed upload to PHP
#fastcgi_pass_request_body off;
#client_body_in_file_only clean;
#fastcgi_param  REQUEST_BODY_FILE  $request_body_file;

#new .04+ map method
fastcgi_param HTTPS $server_https;

# comment out PATH_TRANSLATED line if /usr/local/lib/php.ini sets following:
# cgi.fix_pathinfo=0 
# as of centminmod v1.2.3-eva2000.01 default is set to cgi.fix_pathinfo=1

fastcgi_param  PATH_INFO          $fastcgi_path_info;
fastcgi_param  PATH_TRANSLATED    $document_root$fastcgi_path_info;

fastcgi_param  QUERY_STRING       $query_string;
fastcgi_param  REQUEST_METHOD     $request_method;
fastcgi_param  CONTENT_TYPE       $content_type;
fastcgi_param  CONTENT_LENGTH     $content_length;

fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
fastcgi_param  REQUEST_URI        $request_uri;
fastcgi_param  DOCUMENT_URI       $document_uri;
fastcgi_param  DOCUMENT_ROOT      $document_root;
fastcgi_param  SERVER_PROTOCOL    $server_protocol;
fastcgi_param  REQUEST_SCHEME     $scheme;
fastcgi_param  HTTPS              $https if_not_empty;
fastcgi_param  HTTP_PROXY         "";

fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;

fastcgi_param  REMOTE_ADDR        $remote_addr;
fastcgi_param  REMOTE_PORT        $remote_port;
fastcgi_param  SERVER_ADDR        $server_addr;
fastcgi_param  SERVER_PORT        $server_port;
fastcgi_param  SERVER_NAME        $server_name;

# Set php-fpm geoip variables
fastcgi_param GEOIP_COUNTRY_CODE $geoip_country_code;
fastcgi_param GEOIP_COUNTRY_CODE3 $geoip_country_code3;
fastcgi_param GEOIP_COUNTRY_NAME $geoip_country_name;
fastcgi_param GEOIP_CITY_COUNTRY_CODE $geoip_city_country_code;
fastcgi_param GEOIP_CITY_COUNTRY_CODE3 $geoip_city_country_code3;
fastcgi_param GEOIP_CITY_COUNTRY_NAME $geoip_city_country_name;
fastcgi_param GEOIP_REGION $geoip_region;
fastcgi_param GEOIP_CITY $geoip_city;
fastcgi_param GEOIP_POSTAL_CODE $geoip_postal_code;
fastcgi_param GEOIP_CITY_CONTINENT_CODE $geoip_city_continent_code;
fastcgi_param GEOIP_LATITUDE $geoip_latitude;
fastcgi_param GEOIP_LONGITUDE $geoip_longitude;

# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param  REDIRECT_STATUS    200;

                   }

phpmyadmin is installed at /5119_mysqladmin19840

4.9.1 was ok for sure !
4.9.2 if i remember correctly it was ok ... 99% yes it was ok

php.conf:

location ~ [^/]\.php(/|$) {
  include /usr/local/nginx/conf/503include-only.conf;
    fastcgi_split_path_info ^(.+?\.php)(/.*)$;
    if (!-f $document_root$fastcgi_script_name) {
        return 404;
    }
    fastcgi_keep_conn on;
    fastcgi_pass dft_php;
    #fastcgi_pass   127.0.0.1:9000;
    #fastcgi_pass   unix:/tmp/php5-fpm.sock;
    fastcgi_index  index.php;
    #fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
    fastcgi_param  SCRIPT_FILENAME    $request_filename;
    #fastcgi_param PHP_ADMIN_VALUE open_basedir=$document_root/:/usr/local/lib/php/:/tmp/;

# might shave 200+ ms off PHP requests
# which don't pass on a content length header
# slightly faster page response time at the
# expense of throughput / scalability
#sendfile on;
#tcp_nopush off;
#keepalive_requests 0;

fastcgi_connect_timeout 60s;
fastcgi_send_timeout 180s;
fastcgi_read_timeout 300s;
fastcgi_buffer_size 4k;
fastcgi_buffers 512 4k;
fastcgi_busy_buffers_size 1m;
fastcgi_temp_file_write_size 4m;
fastcgi_max_temp_file_size 4m;
fastcgi_intercept_errors off;

# next 3 lines when uncommented / enabled
# allow Nginx to handle uploads which then
# passes back the completed upload to PHP
#fastcgi_pass_request_body off;
#client_body_in_file_only clean;
#fastcgi_param  REQUEST_BODY_FILE  $request_body_file;

#new .04+ map method
fastcgi_param HTTPS $server_https;

# comment out PATH_TRANSLATED line if /usr/local/lib/php.ini sets following:
# cgi.fix_pathinfo=0
# as of centminmod v1.2.3-eva2000.01 default is set to cgi.fix_pathinfo=1

fastcgi_param  PATH_INFO          $fastcgi_path_info;
fastcgi_param  PATH_TRANSLATED    $document_root$fastcgi_path_info;

fastcgi_param  QUERY_STRING       $query_string;
fastcgi_param  REQUEST_METHOD     $request_method;
fastcgi_param  CONTENT_TYPE       $content_type;
fastcgi_param  CONTENT_LENGTH     $content_length;

fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
fastcgi_param  REQUEST_URI        $request_uri;
fastcgi_param  DOCUMENT_URI       $document_uri;

fastcgi_param  DOCUMENT_ROOT      $document_root;
fastcgi_param  SERVER_PROTOCOL    $server_protocol;
fastcgi_param  REQUEST_SCHEME     $scheme;
fastcgi_param  HTTPS              $https if_not_empty;
fastcgi_param  HTTP_PROXY         "";

fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;

fastcgi_param  REMOTE_ADDR        $remote_addr;
fastcgi_param  REMOTE_PORT        $remote_port;
fastcgi_param  SERVER_ADDR        $server_addr;
fastcgi_param  SERVER_PORT        $server_port;
fastcgi_param  SERVER_NAME        $server_name;

# Set php-fpm geoip variables
fastcgi_param GEOIP_COUNTRY_CODE $geoip_country_code;
fastcgi_param GEOIP_COUNTRY_CODE3 $geoip_country_code3;
fastcgi_param GEOIP_COUNTRY_NAME $geoip_country_name;
fastcgi_param GEOIP_CITY_COUNTRY_CODE $geoip_city_country_code;
fastcgi_param GEOIP_CITY_COUNTRY_CODE3 $geoip_city_country_code3;
fastcgi_param GEOIP_CITY_COUNTRY_NAME $geoip_city_country_name;
fastcgi_param GEOIP_REGION $geoip_region;
fastcgi_param GEOIP_CITY $geoip_city;
fastcgi_param GEOIP_POSTAL_CODE $geoip_postal_code;
fastcgi_param GEOIP_CITY_CONTINENT_CODE $geoip_city_continent_code;
fastcgi_param GEOIP_LATITUDE $geoip_latitude;
fastcgi_param GEOIP_LONGITUDE $geoip_longitude;

# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param  REDIRECT_STATUS    200;

Thank you

Thank you for your quick responses !
this line fastcgi_param HTTPS $https if_not_empty; is intriguing
I am going to sleep and will try to reproduce the issue you have ASAP and fix it for next 5.0 version

I someone has a docker version of the issue I would love it ;)

NB: https://github.com/centminmod/phpmyadmin

yes phpmyadmin.sh install is located at https://github.com/centminmod/phpmyadmin

cheers @williamdes here's my config.inc.php active settings too with the comments filtered out

cat config.inc.php | egrep -v '^\/|^ \*' | grep '^$cfg'

$cfg['blowfish_secret'] = 'klowz6LHWazQ3GOkxH9FQB89ziy4yk5N11jfomFc'; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */
$cfg['Servers'][$i]['auth_type'] = 'cookie';
$cfg['Servers'][$i]['host'] = 'localhost';
$cfg['Servers'][$i]['compress'] = false;
$cfg['Servers'][$i]['AllowNoPassword'] = false;
$cfg['UploadDir'] = '';
$cfg['SaveDir'] = '';
$cfg['ForceSSL'] = 'false';
$cfg['ExecTimeLimit'] = '28800';
$cfg['MemoryLimit'] = '0';
$cfg['ShowDbStructureCreation'] = 'true';
$cfg['ShowDbStructureLastUpdate'] = 'true';
$cfg['ShowDbStructureLastCheck'] = 'true';
$cfg['ShowPhpInfo'] = true;
$cfg['Export']['compression'] = 'gzip';
$cfg['LoginCookieValidity'] = 1440;

i did notice there's 404 broken theme links for themes/pmahomme/css/theme.css in browser devtools network tab

ls -lah /usr/local/nginx/html/5119_mysqladmin19840/themes/pmahomme/css/theme.css
ls: cannot access /usr/local/nginx/html/5119_mysqladmin19840/themes/pmahomme/css/theme.css: No such file or directory

and for themes/pmahomme/css/printview.css

ls -lah /usr/local/nginx/html/5119_mysqladmin19840/themes/pmahomme/css/printview.css?v=5.0.0
ls: cannot access /usr/local/nginx/html/5119_mysqladmin19840/themes/pmahomme/css/printview.css?v=5.0.0: No such file or directory

seem to be missing in https://github.com/phpmyadmin/phpmyadmin/tree/master/themes/pmahomme/css

@centminmod you should check the issue https://github.com/phpmyadmin/scripts/issues/21 we forgot to add the CSS files for composer
But for the git version I am quite sure we will not add them because they are generated files
You need to run yarn or yarn/npm run css-compile

Hope to get a fix asap for this as phpmyadmin is not usable now :(

Thanks

With the help of @centminmod i tested and the issue seems to be at version 5.0 only as the re installation of 4.9.3 was ok and working for me.

this line fastcgi_param HTTPS $https if_not_empty; is intriguing

To me, this looks unrelated.

• https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_param
• https://nginx.org/en/docs/http/ngx_http_core_module.html#var_https

NGINX is just told to not set an empty environment variable. But phpMyAdmin does not check the presence of the environment as-is, but the value. And if the value is not 'on', $is_https is not set for this case.

• https://github.com/phpmyadmin/phpmyadmin/blob/QA_4_9/libraries/classes/Config.php#L1318
• https://github.com/phpmyadmin/phpmyadmin/blob/QA_5_0/libraries/classes/Config.php#L1337

Furthermore, the method looks the same for both phpMyAdmin versions (branches). So the question is, which of the conditions in the method actually sets $is_https to true.

I am curious about where the difference is between phpMyAdmin 4 and 5.

If anyone find a solution for v5 and make it work please post here...

Thank you

Fixed it by adding yarn to my update script.

More details please?

How you add it and where?

Just run yarn command in your terminal after git pull, manually or in your deploy script. Once the CSS resources have been compiled the error msg is gone.

oh actually doing yarn install does fix phpmyadmin 5's mismatch errors it seems ! interesting :)

though get on login, the error

Failed to set session cookie. Maybe you are using HTTP instead of HTTPS to access phpMyAdmin.

despite logging in from HTTPS site with self-signed ssl cert

edit: seems this error is reported when in enter incorrect mysql user password !

It seems all to be ok now :)

Another user report that there is an error 500 when you try to export a database:

[28-Dec-2019 23:18:27 UTC] PHP Fatal error: Uncaught TypeError: set_time_limit() expects parameter 1 to be integer, string given in /usr/local/nginx/html/25218_mysqladmin106/libraries/classes/Util.php:4842
Stack trace:

0 /usr/local/nginx/html/25218_mysqladmin106/libraries/classes/Util.php(4842): set_time_limit('28800')

1 /usr/local/nginx/html/25218_mysqladmin106/export.php(333): PhpMyAdmin\Util::setTimeLimit()

2 {main}

thrown in /usr/local/nginx/html/25218_mysqladmin106/libraries/classes/Util.php on line 4842

Didn't test that myself but you may want to check it...

Thanks

@pamamolf: Please do not hijack this issue. If you found another bug, please just file another bug. Thanks. :smiley:

I am unable to reproduce the issue using a centos setup.
Can someone debug this issue or give me access to a server that has it ?

@OfficialOzioma do you want to implement this issue using QA_5_0 branch as base?

NB: please add and update the unit tests

I implemented it as 3db8949ad3836db24e5cf182cbe715296654f56e

@aschuch247 & @centminmod can you please test my implementation ?

@williamdes: I am not yet ready for phpMyAdmin 5, but I had a look at your implementation. I added two comments there.

Thank you, re-opening so I do not forget to fix the implementation

https://github.com/phpmyadmin/phpmyadmin/commit/3db8949ad3836db24e5cf182cbe715296654f56e#commitcomment-37079212

Fixed in 6729c89b1775b48f6fb636e27279ab94c91f79da as much as I could
thank you @aschuch247

@aschuch247 I made the changes you asked for in 71a02a92d43c946eb67fa161fffe5ad806e7fd46

@williamdes: Thanks for really caring. You deserve more than just a single thumbs up.