Welcome to Geeklog, Anonymous Friday, April 26 2024 @ 03:59 am EDT
Geeklog Forums
Login Form problem.
Gregory G.
Anonymous
Hiya!
Here's a situation that's puzzling the heck outta me and I can't seem to find a solve.
One of my customers who uses geeklog is unable to log into their admin. The correct username/password is used and they keep getting redirected BACK to the login form. Same happens with my username in there (or any login for that matter).
I suspect an upgrade on my cpanel server caused this based on what I'm seeing on google.
Geeklog version: 1.3
PHP Version: 5.4.40
MySQL Version: 5.5.42
Apache Version: 2.2.29
I attempted to upgrade to the 2.1.0 version and that failed bigtime. Thankful for backups.
Any advice?
Thanks!
Gregory
Here's a situation that's puzzling the heck outta me and I can't seem to find a solve.
One of my customers who uses geeklog is unable to log into their admin. The correct username/password is used and they keep getting redirected BACK to the login form. Same happens with my username in there (or any login for that matter).
I suspect an upgrade on my cpanel server caused this based on what I'm seeing on google.
Geeklog version: 1.3
PHP Version: 5.4.40
MySQL Version: 5.5.42
Apache Version: 2.2.29
I attempted to upgrade to the 2.1.0 version and that failed bigtime. Thankful for backups.
Any advice?
Thanks!
Gregory
7
5
Quote
Status: offline
Laugh
Site Admin
Admin
Registered: 09/27/05
Posts: 1468
Location:Canada
The upgrade shouldn't fail unless you have some really old plugins installed as well (that are not part of the core install).
That is a really old version of Geeklog... I am not sure why the login failed. Can you create a new user and see if you can login with that (since you will receive a new password).
One of the Geeklog Core Developers.
That is a really old version of Geeklog... I am not sure why the login failed. Can you create a new user and see if you can login with that (since you will receive a new password).
One of the Geeklog Core Developers.
4
6
Quote
Status: offline
Gregory
Forum User
Newbie
Registered: 05/17/15
Posts: 3
When I try to create a user account (/blog/users.php?mode=new) I see the same login form but with a label that says "Try Logging in Again".
When I attempted to upgrade I got an error that said "No Database drivers found!" in RED during the upgrade process.
Thanks!
Gregory
7
4
Quote
Status: offline
Laugh
Site Admin
Admin
Registered: 09/27/05
Posts: 1468
Location:Canada
Your server versions of PHP, MySQL, etc.. shouldn't cause a problem and from the sounds of it your site is connecting to the database since you haven't mentioned that the rest of the pages are affected (so the MySQL php extension is loaded).
Can you install the latest version of Geeklog to a new database? (instead of an upgrade?)
One of the Geeklog Core Developers.
Can you install the latest version of Geeklog to a new database? (instead of an upgrade?)
One of the Geeklog Core Developers.
20
7
Quote
Status: offline
masodo
Forum User
Chatty
Registered: 11/13/12
Posts: 35
Location:Indiana US
I am using 1.8.1 and I have had some various log-in issues that have been traced to the GUS database, where nogoodnicks attempt sql injection via either the request and/or referrer strings. Usually this has resulted in inability for only admin to log-in because it appears to be targeting an error reporting mechanism. I have seen it kick back to log-in as well.
I have been able to get back in by removing the offending data entries from within mysqladmin. The culprits are usually escaped apostrophes and the like. It does not happen very often and it does not happen with every injection attempt but there are a couple of combinations that can cause havock.
Perhaps disabling GUS in configs would also bypass the trouble but I have never tried that approach.
If you don't have GUS installed then I'd be at a loss to advise... (other than as Laugh.)
I have been able to get back in by removing the offending data entries from within mysqladmin. The culprits are usually escaped apostrophes and the like. It does not happen very often and it does not happen with every injection attempt but there are a couple of combinations that can cause havock.
Perhaps disabling GUS in configs would also bypass the trouble but I have never tried that approach.
If you don't have GUS installed then I'd be at a loss to advise... (other than as Laugh.)
5
7
Quote
Status: offline
Gregory
Forum User
Newbie
Registered: 05/17/15
Posts: 3
Quote by: Laugh
Your server versions of PHP, MySQL, etc.. shouldn't cause a problem and from the sounds of it your site is connecting to the database since you haven't mentioned that the rest of the pages are affected (so the MySQL php extension is loaded).
Can you install the latest version of Geeklog to a new database? (instead of an upgrade?)
I'd certainly be willing to give that a try. Is there a way to migrate the old data once that's done?
Gregory
6
5
Quote
Status: offline
Laugh
Site Admin
Admin
Registered: 09/27/05
Posts: 1468
Location:Canada
@masodo
I would be interested in hearing more about the Gus issue.
I haven't run across any sql injection issues. If there is one with the latest version I would like to get it fixed.
Would it be possible to send me the offending records by chance if you have them backed up?
Thanks
Tom
One of the Geeklog Core Developers.
I would be interested in hearing more about the Gus issue.
I haven't run across any sql injection issues. If there is one with the latest version I would like to get it fixed.
Would it be possible to send me the offending records by chance if you have them backed up?
Thanks
Tom
One of the Geeklog Core Developers.
7
5
Quote
Status: offline
masodo
Forum User
Chatty
Registered: 11/13/12
Posts: 35
Location:Indiana US
Hi Laugh,
I do not have any firm examples at the moment but I will be sure to keep you in mind the next time I see this crop-up.
Very often I see where the listed referrer string will display something along the lines of:
...with query strings like:
I have 7 of these sorts in my database now but have no trouble with them. Those that cause trouble are usually an extended version of this technique.
There are times that clicking on the GUS today list item will throw a server error so I will manually "ban" the offending IP and manually add to Ignore list and ultimately flush these entries. Sometimes they can be banned and ignored with the buttons in day.php only to crash the GUS app in the "Clean Up" phase. And as stated every once in a great while this ploy will block root access (seemingly due to reading the data back at the error reporting - is my best guess.)
I did find the following entry in a backed-up error.log that is typical of the sort of clue that sent me to GUS data to get back in (this was probably not a fatal error but may very well have been...):
Like I said, I will let you know if it happens again and see if I can give you more exacting information then.
Thanks!
I do not have any firm examples at the moment but I will be sure to keep you in mind the next time I see this crop-up.
Very often I see where the listed referrer string will display something along the lines of:
Text Formatted Code
http%3A%2F%2Fblogdogit.com%2Farticle.php%3Fstory%3D20150425161631294%5C%27A%3D0...with query strings like:
Text Formatted Code
story%3D20150425161631294%5C%27A%3D0I have 7 of these sorts in my database now but have no trouble with them. Those that cause trouble are usually an extended version of this technique.
There are times that clicking on the GUS today list item will throw a server error so I will manually "ban" the offending IP and manually add to Ignore list and ultimately flush these entries. Sometimes they can be banned and ignored with the buttons in day.php only to crash the GUS app in the "Clean Up" phase. And as stated every once in a great while this ploy will block root access (seemingly due to reading the data back at the error reporting - is my best guess.)
I did find the following entry in a backed-up error.log that is typical of the sort of clue that sent me to GUS data to get back in (this was probably not a fatal error but may very well have been...):
Text Formatted Code
Mon 25 Aug 2014 12:45:23 EDT - 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''20110408112644399\'' at line 1. SQL in question: SELECT title FROM gl_stories WHERE sid = '20110408112644399\' Like I said, I will let you know if it happens again and see if I can give you more exacting information then.
Thanks!
5
3
Quote
Status: offline
Laugh
Site Admin
Admin
Registered: 09/27/05
Posts: 1468
Location:Canada
Okay I will look into what you have given me. I want to release a new version of Gus soon with the minor updates I have done over the last year or so. It also is better integrated into the ban plugin.
One of the Geeklog Core Developers.
One of the Geeklog Core Developers.
5
6
Quote
All times are EDT. The time is now 03:59 am.
- Normal Topic
- Sticky Topic
- Locked Topic
- New Post
- Sticky Topic W/ New Post
- Locked Topic W/ New Post
- View Anonymous Posts
- Able to post
- Filtered HTML Allowed
- Censored Content