I have set up a number of my websites on my host server with xoops. Each site has a copy of the php files, and share a single database with different database table prefixes (as defined on installation).
I have been able to enter each of these sites and work in the administrator section at least once, and in most cases several times.
Today I started to experience problems where I could log into the sites with the administrator id, but when I pressed the Administrator Menu, I got the error "You don't have the right to access this area".
I traced this back to admin.php, and by creating a second variable of _AD_NORIGHT2, I was able to determine that it is because $xoopsuser was false. I have no php experience, so I am having trouble tracing back the source of the error.
I do have zonealarm installed, but I made sure that these sites have full permission for cookies and headers. And the problem seems to go away sometimes.
Any help is appreciated.

Evan Smith

Have you tried disabling your firewall while working on your sites I had this problem and my site was in my firewall as a protected site allowed list but still had troubles with admin section and forums until i disabled the firewall.

Hmm, disabling the firewall is not what I call a good solution!!! (you should see my firewall log) Any idea why the firewall would still cause a problem if the site is listed as an allowed (protected) site?

Search around here for firewall specific topics, lots here. You might also have to configure HTTP Headers in the firewall. It depends on the specific firewall you have.

However, for now you should at least try the site with the local firewall turned off. If that fixes it then you know why. If you can't trust your own web site then....


Personaly I don't understand so called personal firewalls if you have a secure local network and computer plus a stand alone firewall. But that is another topic.

Sorry about the delay in replying, been busy.

As I assume the case is for a lot of people using xoops, I don't (anymore) have a local server, I use a web hosting site, and I often work on the site while one the road - hence need for a personal firewall. :)

Evan

I think you should do the test you want without your firewall (2 minutes )
This is the first test and so you can know if this is a problem about firewall or about your XOOPS's install

To give a short explanation of our reaction to personal firewalls, I'd liek to add that some personal firewall apps block the HTTP HEADER information being sent/recieved to the website in question. This is safe, as it protects your privacy, but it is alos blocking a part of the http communications protocol, which is not just a, but the international standard protocol for webcommunications. XOOPS uses the HTTP HEADER information to verify the user comes from a validated location when logging in (so he can't gain access to the site via another script on another server). This check can be disabled (do a search for referrer check and you'll find lots of posts about this), but it will make your site easier to hack.

The solution is to tell your firewall app to trust the site enough to allow HTTP HEADER information to be sent/recieved. Most often you can do this by simply adding your site to the 'trusted sites list', but this depends on the firewall you use.

So we don't have anything against the use of personal firewalls, but against their blocking a part of the HTTP standard, which is commonly used. You can circumvent this issue by making your site less secure.

Herko