Quote:

Anyone ??

Pete

Have been looking at sessions. There was a backup of the db done, ages ago, and it must have been when I was logged in. I compared it to the sessions table now, after an 'admin' login.

The column "sess_data" now, is just as other site visitors, even though I'm logged in (XOOPS gives the msg that I'm logged in). But, that column in the sessions table, from the backup ages ago is vastly different, it has all sorts of XOOPS info , like 'xoopsUserGroups' and it looks like arrays or similar following that.

So, this is the only _real_ difference at present, it seems.

Any clues as to why XOOPS would be allowing me to 'login' (I get the msg), but then not assigning any 'rights' in the session data ?

Pete

Quote:

ghia - I did actually try that today, as you suggested. However, same problem, so we can probably rule out Protector. It (Protector) was definitely not running, as my IP didn't appear in the logs, as it usually does.

Looks like a re-install , or more the point, upgrade to new XOOPS. Better still, I'll wipe the site, and the db contents, and start afresh.

Would still love to know what is causing this though.

Thanks,

Pete

Thanks for the tip about the blank page with that beta version of protector. Sounds a bit tricky. :)

Quote:

Thanks for that link, very useful and interesting site. I'm running Linux/Ubuntu now locally, so technically I could add Apache and MySQL fairly easily. That said, I might just add a seperate path on current site to install it all 'afresh', from memory it's only a few path names then to change, to move it all to current 'home' path.

Quote:

Downloaded xForms, it has no readme or such and a few EXE and INI files, looks kinda 'windo-ish' to me. But will try it out. Liaise doesn't do any captcha, so I do get some spam from it now.

Will be nice to drop SmartObject and Smartsection, in place of Publisher. I see there is no archive for Publisher, will just do a wget recursive to grab those files. Hopefully, it is stable. I didn't think much of Smartfactory moving away from XOOPS, so will be nice to drop Smartsection.

Quote:

Thanks for all those links. I had a quick look at 2..4.4 , and it seems Protector is already included in XOOPS core, so now no need to get the module I assume. That said, it would be prudent to keep to the latest version. I'm assuming the Protector in XOOPS core is no different from the 'same version' of Protector, as a single module.

Fairly sure Smartobject was only needed because of Smartsection, so if I go to Publisher, then I can drop Smartobject as well.

I have always had to modify XOOPS userinfo.php as follows (lines added between //BEGIN and //END statements)



This was always added, because I never liked the fact that a guest user could do this:

http://www.example.com/userinfo.php?uid=1

and find out the username of 'admin' ; not real good for security. Hopefully XOOPS has come a bit further now, in that respect, and there would be no need for that mod.

Thanks to all for your replies,

Pete

I have been having problems with accessing XOOPS admin

Now, probably my only solution is to update to 2.4.4 . I currently use 2.0.18.1 , and

These are the only modules I currently use:

Liaise - 1.26
protector - 3.4
Site Map - 1.30
Smartobject - 0.9
Smartsection - 2.13
Wflinks - 1.03C
Xhld0 - 3.07

I see protector is now in the core 2.4.4 , so I don't have to be concerned about that.

What about those other modules ? Are they still in use, safe to use with 2.4.4, safe to upgrade to, or even, should I use a different module (like Smartsection has gone over to ??cube or something).

Thanks,

Pete

If I do have to have a php.ini to force the use of cookies, then I see from this post , it seems I can make my custom php.ini accessable from every directory with .htaccess

Is "session.use_only_cookies on" essential for either XOOPS or Protector ?

Too dangerous to disable protector. Although I guess I can ban all other IP's again, and only allow mine, then comment out those lines in mainfile.php

However, if it is protector, then what ?

Searched on the Peak site, and found some similar problems, not exactly the same. One had about the 'reliable IP' field, so chased that, it's in the config table, changed it to reflect my IP (it had my IP from years back), and tried to login and use admin again, ... still no go.

Turned on debug mode through the db, and no output ?? Well, I assume this debug is a php debug, and errors always get logged to a file. However, no file, so I assume no php errors.

The setting was definitely 'on' (value of 1) for the config table, for debug.

I notice in the protector table, it always thinks that I'm doing a "brute force" (malicious_actions column says 'BRUTE FORCE: myadminusername'). This is despite the fact that it is a valid username and pwd, and XOOPS does say 'logged in'. Is the password MD5 ?

I even updated to the latest stable protector, ... nope, same problem.

Can I just copy the /install path to the website (for 2.0.18.1), and use the files there to 'update' ?

Pete