Welcome to Geeklog Saturday, October 23 2021 @ 08:01 am EDT

Geeklog Forums

Locked out


Status: offline

worldfooty

Forum User
Full Member
Registered: 13/01/09
Posts: 162
Location:Mostly Adelaide, South Australia, Australia
Um, I seem to be locked out of my site.

Yesterday I upgrade from GL1.8 to 2.2.1sr1 and it seemed to go okay. I was logged in with my admin account and changing configurations and posted up a quick story saying the site was being upgraded.

This morning I've tried to log in and it doesn't exactly say it's an error but nothing happens, I'm still on the home screen, not logged in. I'm 98% sure it's the right password. I asked my one colleague and he confirmed it. He also has a regular user account and that won't let him in either.

I've tried a password reset based on my email address and it says it has sent me instructions to reset, but nothing arrives. I can't see anything in the system sent mail. I did have that restricted for a long time to reduce spam issues, but I just turned it all back on and tried again but still nothing in there.

Why would our passwords no longer be valid? Might I have been hacked and it was when I tried to upgrade the site that they took control?

The last thing I did before going to bed was install reCAPTCHA but I hadn't signed up for it yet.

I can still log into cPanel and get to the database and I tried disabling reCAPTCHA in case that was related, but didn't help.

Actually the very last thing I did before bed was disable the new user queue. Surely that shouldn't have caused this? I can't get in to undo that, unless I could get to the database directly.

Ahhh, help!
 Quote

Status: offline

worldfooty

Forum User
Full Member
Registered: 13/01/09
Posts: 162
Location:Mostly Adelaide, South Australia, Australia
OK, so I think my password reset was not being sent because I'd locked down the system email to protect from spam. I released that but it didn't help. Several hours later I tried again, and my password reset was successful.

I then used it to try to log in but same as before the screen just refreshed but I'm not logged in. So I'm thinking it's not that my password was invalid, but rather it breaks at the next step.

Any ideas? Is there a log somewhere I can see what's happening?

The cPanel error.log shows the most recent errors as:

[Sun May 30 20:47:08.683445 2021] [access_compat:error] [pid 19016:tid 47530802956032] [client 40.76.68.86:56966] AH01797: client denied by server configuration: /home/wfnews/public_html/xmlrpc.php
[Sun May 30 19:46:03.809235 2021] [:error] [pid 22492:tid 47530701395712] [client 34.216.3.248:39556] File does not exist: /home/wfnews/public_html/wp-login.php
[Sun May 30 19:26:41.088266 2021] [access_compat:error] [pid 29852:tid 47530794551040] [client 31.206.94.89:59600] AH01797: client denied by server configuration: /home/wfnews/public_html/xmlrpc.php
[Sun May 30 19:26:40.780082 2021] [:error] [pid 29852:tid 47530794551040] [client 31.206.94.89:59600] File does not exist: /home/wfnews/public_html/wp-login.php
[Sun May 30 19:26:40.158403 2021] [access_compat:error] [pid 29852:tid 47530690889472] [client 31.206.94.89:59599] AH01797: client denied by server configuration: /home/wfnews/public_html/xmlrpc.php
[Sun May 30 19:26:39.849516 2021] [:error] [pid 29852:tid 47530690889472] [client 31.206.94.89:59599] File does not exist: /home/wfnews/public_html/wp-login.php

However, I don't think the times correspond to my attempts to log in, so they could be bots.

The raw access logs don't seem to say anything relevant or at the right times, as far as I can tell.

The Geeklog logs (ftping in) show the access.log as a few password errors, including me, but that was when I was experimenting thinking I was doing something wrong. There's no recent errors now that I've successfully reset it and 100% sure it's correct. error.log shows the last entry as the reCAPTCHA successful install nearly 24 hrs ago now. captcha.log has lots of captcha failed in registration errors, not sure why, but I disabled anyway, so none of those errors are from today so don't seem to correspond to my recent login attempts.

It's like I log in and then it just ignores me and refreshes the page.
 Quote

Status: offline

worldfooty

Forum User
Full Member
Registered: 13/01/09
Posts: 162
Location:Mostly Adelaide, South Australia, Australia
I solved it! I'll explain, for the record.

Learning as I go.

I turned on rootdebug (editing siteconfig.php via an ftp GUI) and saw an error in lib-custom.php in that it has blank lines at the end. Which is odd, as it seemed to be working the night before and I hadn't touched it before the errors started happening.

But certainly it did have a custom function to show a submissions queue only to logged in users, which might explain that the site looked ok but seemed to bounce me out when I tried to log in. Though I'd still expect to be logged in then the error occur. I removed the blank lines and then the site looked ok again, rootdebug showing no errors. Then I tried to log in and got this error:
E_USER_ERROR(256) - 1054: Unknown column 'tid' in 'where clause' @ /home/wfnews/system/databases/mysqli.class.php line 468

Call Stack
# Function File Line
1 trigger_error /home/wfnews/system/databases/mysqli.class.php 468
2 dbQuery /home/wfnews/system/lib-database.php 221
3 DB_query /home/wfnews/system/lib-custom.php 569
4 phpblock_submissions /home/wfnews/public_html/lib-common.php 4319
5 COM_formatBlock /home/wfnews/public_html/lib-common.php 4194
6 COM_showBlocks /home/wfnews/public_html/lib-common.php 1586
7 COM_createHTMLDocument /home/wfnews/public_html/index.php 492
array(3) {
["sql"]=>
string(248) "SELECT title FROM gl_storysubmission WHERE (tid IN ('General','Site','Europe','northamerica','africa','Asia','oceania','internationalrules','IC2005','IC2008','IC2011','Mideast','SAmerica','Australia','IC2014','IC2017','IC2020'Wink) ORDER BY DATE desc"
["ignore_errors"]=>
int(0)
["result"]=>
bool(false)
}

Actually there was another step in there as I realised that the ftp GUI I'm using, WinSCP, or something somewhere, is inserting blank lines everywhere, which meant the line numbers of the errors was crazy in lib-common.php, which I was unaware I'd touched, I didn't mean too, maybe just when trying to track this error. So I replaced it with one out of the box, then got the errors above.

Turns out in my lib-custom.php where I'd created my own submissions list for admin folk, something has changed in GL that means the getTopicSql tries to get a tid field that no longer exists.

$res = DB_query("SELECT title FROM {$_TABLES['storysubmission']} "
. COM_getTopicSql() . " ORDER BY DATE desc"Wink;

So I've got rid of that part and now it all works. Phew, that wasn't obvious!
 Quote

Status: offline

Laugh

Site Admin
Admin
Registered: 27/09/05
Posts: 1438
Glad you figured it out.

In Geeklog 2.0.0 a lot of changes happened to Topics (topics could have child topics and articles can be assigned to more than one topic)

It is probably a good idea to skim the Geeklog release articles that explain the changes that has happened with Geeklog over the last 8 years since Geeklog 1.8 was used.

I am not sure what your custom code is doing but the topic assignments are now stored in their own table.

Here is the article for Geeklog 2.0.0 that explain some of the changes and how it affected plugins at the time.
One of the Geeklog Core Developers.
 Quote

All times are EDT. The time is now 08:01 am.

  • Normal Topic
  • Sticky Topic
  • Locked Topic
  • New Post
  • Sticky Topic W/ New Post
  • Locked Topic W/ New Post
  •  View Anonymous Posts
  •  Able to post
  •  Filtered HTML Allowed
  •  Censored Content