11
ghia
Re: Can't access admin ?
  • 2010/2/15 13:48

  • ghia

  • Community Support Member

  • Posts: 4953

  • Since: 2008/7/3 1


Quote:
it displayed the PHPSESSIONID in the browser
You mean in the URL?
That is not normal, XOOPS uses cookies for that.
Check the documentation of your hoster about sessions.

XOOPS version is in /include/version.php

12
peterr
Re: Can't access admin ?
  • 2010/2/15 13:52

  • peterr

  • Just can't stay away

  • Posts: 518

  • Since: 2004/8/5 9



// $Id: version.php 1236 2008-01-08 23:00:25Z phppp $

define("XOOPS_VERSION","XOOPS 2.0.18.1");

?>


13
peterr
Re: Can't access admin ?
  • 2010/2/15 13:57

  • peterr

  • Just can't stay away

  • Posts: 518

  • Since: 2004/8/5 9


Quote:

ghia wrote:
Quote:
it displayed the PHPSESSIONID in the browser
You mean in the URL?
That is not normal, XOOPS uses cookies for that.
Check the documentation of your hoster about sessions.


Yes, it displays it in the URL. Cookies, yes, I'm sure I had XOOPS configured so that it used a different cookie name also, but if i check cookies in the browser (firefox), only PHPSESSIONID is there, not the one I setup in XOOPS.

I will check a few things with the hoster about sessions.

Quote:

ghia wrote:
XOOPS version is in /include/version.php


Thanks, that was just posted, in the previous post.

Pete


14
peterr
Re: Can't access admin ?
  • 2010/2/16 2:34

  • peterr

  • Just can't stay away

  • Posts: 518

  • Since: 2004/8/5 9


Have checked the php settings from an old .htaccess file, to the servers php.ini , and the only setting that actually needs changing is

session.use_only_cookies 1


to ..

session.use_only_cookies 1


Hopefully that will fix the problem.

Pete

15
peterr
Re: Can't access admin ?
  • 2010/2/16 3:05

  • peterr

  • Just can't stay away

  • Posts: 518

  • Since: 2004/8/5 9


Having the modified php.ini in a temp folder did set the session.use_only_cookies to 'On", but even after I also copied it to /include and the web root path, I still wasn't able to access admin, despite the fact that I was logged in.

Is there any way to see why XOOPS won't let me into admin ?

Pete

16
peterr
Re: Can't access admin ?
  • 2010/2/16 3:23

  • peterr

  • Just can't stay away

  • Posts: 518

  • Since: 2004/8/5 9


If it is the session setting, then can it be set in a php file that XOOPS accesses all the time ?

Like in /include/common.php , just where a user logs in, we have

@ini_set('session.gc_maxlifetime'$xoopsConfig['session_expire'] * 60);


So, in theory, we could have an extra line there at the top of the login ..

@ini_set('session.use_only_cookies'1);


Surely other people must have this problem, as not every server can modify php settings via .htaccess (assuming that is the problem).

Pete





17
peterr
Re: Can't access admin ?
  • 2010/2/16 6:00

  • peterr

  • Just can't stay away

  • Posts: 518

  • Since: 2004/8/5 9


I added this line to mainfile.php

@ini_set('session.use_only_cookies'1);


However, it made no difference at all, same problem, no admin access. :(

18
peterr
Re: Can't access admin ?
  • 2010/2/16 8:33

  • peterr

  • Just can't stay away

  • Posts: 518

  • Since: 2004/8/5 9


I uploaded the 2 MD5 files, and ran http://example.com/xoops_md5.php

The output was full of this type of errors ..

Quote:

admin.php content invalid
backend.php content invalid
banners.php content invalid
class/auth/auth_ads.php content invalid
class/auth/auth_ldap.php content invalid
class/auth/auth_provisionning.php content invalid
class/auth/authfactory.php content invalid


I'm using version 2.0.18.1 of XOOPS, and I assume the correct MD5 files are being used. Funny thing is, only a few days ago, I compared all the XOOPS files to a recent website backup, and all returned an equal on compare ??

The XOOPS MD5 files does have this prefix for all the files ..

===
htdocs/admin.php:ea883acad4c4ee5983cdaaef2491134f
htdocs/backend.php:c37971e12b8c779a8ae63c3882bc4b04
htdocs/banners.php:0b2a632d50abb9f7fdf08218a15da2c9
=======

but I assume the php script is clever enough to work out that the path 'htdocs' isn't there.

As I run a Linux box here, I also ran php on the files, using the XOOPS md5 script, and got the same error messages. Will need to find a backup of 2.0.18.1 , just to be sure these md5 files are _for_ 2.0.18.1

Pete

19
ghia
Re: Can't access admin ?
  • 2010/2/16 9:22

  • ghia

  • Community Support Member

  • Posts: 4953

  • Since: 2008/7/3 1


Your file is probably wrong, because htdocs is not in the MD5 file of 2.0.18.1
Weird is that the htdocs doesn't show in your error messages.
Verify the XOOPS version in /include/version.php
It should be dated of 16/02/2008 16:39 and having 41.616 bytes.
Refer to SourceForge for a copy of the archive.

20
peterr
Re: Can't access admin ?
  • 2010/2/16 9:57

  • peterr

  • Just can't stay away

  • Posts: 518

  • Since: 2004/8/5 9


Quote:

ghia wrote:
Your file is probably wrong, because htdocs is not in the MD5 file of 2.0.18.1
Weird is that the htdocs doesn't show in your error messages.


It strips it out ..

if ( substr$file0) == 'htdocs/' ) {
        
$file substr$file);
    }


Sure does seem I was using an old file to check all the files. The checksum files are the ones to use then, not the MD5 files.

Quote:

ghia wrote:
Verify the XOOPS version in /include/version.php


The content of that file, both from the XOOPS 2.0.18.1 archive and from my local copy of the website show


// $Id: version.php 1236 2008-01-08 23:00:25Z phppp $

define("XOOPS_VERSION","XOOPS 2.0.18.1");

?>


Quote:

ghia wrote:
It should be dated of 16/02/2008 16:39 and having 41.616 bytes.
Refer to SourceForge for a copy of the archive.


The file checksum.md5 is dated Sat 16 Feb 2008 19:39:10 EST , and file size is 40.6 KB (41616 bytes).

I have downloaded 2.0.18.1 from SourceForge, extracted it, and the only messages from running the checksum are ..

Quote:

./robots.txt content invalid
./userinfo.php content invalid
./install/index.php missing !
./install/install_tpl.php missing !
./install/makedata.php missing !
./install/passwd.php missing !
./install/style.css missing !
./install/class/cachemanager.php missing !
./install/class/dbmanager.php missing !
./install/class/mainfilemanager.php missing !
./install/class/settingmanager.php missing !
./install/class/textsanitizer.php missing !
./install/img/bg_content_left.gif missing !
./install/img/bg_content_right.gif missing !
./install/img/bg_darkblue.gif missing !
./install/img/bg_table.gif missing !
./install/img/dummy.gif missing !
./install/img/hbar_installer_right.gif missing !
./install/img/hbar_left.gif missing !
./install/img/hbar_middle.gif missing !
./install/img/hbar_right.gif missing !
./install/img/logo.gif missing !
./install/img/no.gif missing !
./install/img/xoops2.gif missing !
./install/img/yes.gif missing !
./install/language/english/finish.php missing !
./install/language/english/install.php missing !
./install/language/english/install2.php missing !
./install/language/english/mysql.lang.data.sql missing !
./install/language/english/welcome.php missing !
./install/sql/mysql.data.sql missing !
./install/sql/mysql.structure.sql missing !
./install/sql/upgrade/mysql.structure.sql missing !
There are 623 files checked.
Please remove the file ./checksum.md5 and checksum.php as soon as possible.


It has been run on the website, and on my local copy of the website. The 2 files that are shown to be different there, robots.txt has been changed, and I had to modify /userinfo.php , as I didn't like guests being able to see the username of registered users. That file hasn't changed for a long time.

It's still a mystery, then.

Thanks,

Pete

Login

Who's Online

420 user(s) are online (298 user(s) are browsing Support Forums)


Members: 0


Guests: 420


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits