Fixing an array_filter() php error when using PHP 7.4 with dokuwiki's twofactor plugin

Screenshot of partial dokuwiki login page, saying "Sorry, username or password was wrong" in black text on a reddish background

Yep, niche.

After doing a system upgrade from Debian 10 Buster to Debian 11 Bullseye, no user can log into the wiki, with the error "Sorry, username or password was wrong.".

The actual answer lay in the logs of nginx:

2022/03/20 19:38:46 [error] 222120#222120: *373 FastCGI sent in stderr: "PHP message: PHP Warning:  array_filter() expects parameter 1 to be array, bool given in /var/www/wiki.neilzone.co.uk/lib/plugins/twofactor/action.php on line 450

PHP message: PHP Warning:  Invalid argument supplied for foreach() in /var/www/wiki.neilzone.co.uk/lib/plugins/twofactor/action.php on line 450" while reading response header from upstream, client: [IP address], server: wiki.neilzone.co.uk, request: "POST /doku.php?id=start HTTP/1.1", upstream: "fastcgi://unix:/var/run/php/php7.4-fpm.sock:", host: "wiki.neilzone.co.uk", referrer: "https://wiki.neilzone.co.uk/"

I searched online, and I found a few people had had a similar issue, but none with dokuwiki, let alone the specific twofactor plugin.

Interim solution

The interim solution was to delete the twofactor plugin from dokuwiki's lib/plugin directory.

In doing that, the login system no longer required two-factor authentication, and so I could log in.

Not ideal, but it worked.

The actual fix

Rather than attempt to code my own solution, I was hoping for something more supportable. And, fortunately, there is such an answer.

Andi, one of the lead developers of dokuwiki, is rewriting some of the dokuwiki plugins, including twofactor, and the plugin for Google Authenticator (which, in practice, just means "TOTP" - I don't use Google for it).

What I did:

  • I backed up the twofactor, twofactorgoogleauth, and attribute plugins from lib/plugins in the dokuwiki installation directory to somewhere else.
  • I deleted the current twofactor, twofactorgoogleauth, and attribute plugins.
  • I downloaded the updated versions of the plugins:
  • I checked ownership of the plugins was my webserver user (in my case, www-data)

and that was it. I could log in again, with TOTP-based 2FA.

Note that the UX is different with the new plugin. Rather than putting in your TOTP code on the same screen as username and password, it is now a second, separate, screen.

With thanks to Andi for his help on the dokuwiki forum.

decoded.legal donated to dokuwiki this month, as part of its regular FOSS support.


Author: neil

I'm Neil. By day, I run a law firm, decoded.legal, giving advice on Internet, telecoms, and tech law. This is my personal blog, so will be mostly about tech stuff, cycling, and other hobbies.

You can find me (and follow me) on Mastodon and Twitter.