[UNDER REVIEW] can't login to front-end after 1.0.13 to 1.0.14 upgrade

[ikt]

Oh my goodness.. please tell me I didn't really just get to the end of this thread... is there a solution I'm missing here? I am upgrading (scary I know), from 1.0.11 to 1.0.13.... next step was to 1.0.15... I have the same issue with front end log in... can log in to the admin area fine as of now.

Is there another thread going on this that I'm not aware of?

Thanks!

[robin.mousley]

Yep - you've arrived at the far end of Open Source Hell.

On the one hand we wouldn't have such wonderful, powerful, free software to use, on the other when the poop hits the fan, and it's a really nasty difficult issue, there's no-one home to help.

We've made some progress by removing Community Builder - at least our logins seem to be working again, but as at this time we've lost a whole lot of functionality including our forums... We're building a complete duplicate test site so that we can install and test upgrades there in future before touching our production site; we're installing the latest beta CB and generally floundering around without really knowing why or what we're up to. Very frustrating.

We can't tell whether all the people with know-how are focussed on joomla 1.5 or what - but we certainly haven't had any useful help at all from this forum. So good luck!

[T3WADNA]

thanks i need this

[jrtalon]

Hey everyone, I found the solution (at least for me) the nice techs at my hosting company figured it out. Hope it works for everyone else having this problem as well.

Add this code to the end of your .htaccess file

Code: Select all

<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>

[ikt]

unfortunately... didn't work... I did notice that I did not upgrade my community builder prior to upgrading from 1.0.11 - 1.0.13... I really do wonder if there isn't some connection there. I went in and tried to upgrade after and no luck.
What I would like to do is remove my CB alltogether and replace with fireboard, however I'm worried it might mess with my users... I don't want that!
Does anyone have any idea how I need to go about removing community builder without messing up my user end? I don't care about forum messages.. there are not many and I've copied all of my forum names already, I just want to make sure I don't have to go in and re-enter all of my users manually- maybe they are not connected in that way?

I can let everyone know if this solves anything... I remember quite some time back seeing a post about upgrading joomla and making sure your CB is updated as well to their newest because of problems... I just don't remember exactly what those problems were.

Thanks to anyone.... anyone at all who can help!

[jrtalon]

Ikt, I don't know much about CB, but does it use its own login module? If not does joomla's default login module work for you?

[ikt]

yes.... CB does use its own login module. I just know I've heard of this issue... it seems like so much is missing from the joomla forums area.. and it is much harder to find things I'm searching for then it was in the past... you have to be spot on with your words... even in advanced search.

I've been using Joomla for a while now, but just upgrading a couple of sites and I don't want to make any mistakes and lose my members.

I would reinstall and start all over with v. 1.0.15, rather than continue with these patches up to 1.0.15 if I knew I wouldn't have a problem with the user database, but I am not that fluent with Joomla.

[brad]

To me this issues sounds like it is all mod_security related. Be sure to check with your host if you have issues. They should be able to determine if a mod_security rule was triggered or not, and fix it up.

[ikt]

Well, I have some good news (for myself but hopefully for others as well)... and I'm really annoyed I didn't think of trying it earlier.
I disabled my CB login module and re-enabled my regular joomla login and I am in.

I am hoping I can just remove all instances of CB without it touching anything else... keep your fingers crossed!

(To Brad:) So many people with this same issue... where is the team at? I will gladly stumble and try to fix things myself as much as possible... but you have a lot of newbies that can't figure this out... it would be nice to see a message in the forums saying-
"Hey guys... hang tight... we are trying to figure this out & will let you know when we get there."

I'm not moanin and groanin, I just don't understand this.. after being with Joomla for a couple of years now, I haven't seen an issue so important to a webmaster go so long unnoticed.

Wake up!

[ikt]

Sorry Brad.. I wanted to come back in here and let you know I wasn't implying that you had anything to do with this... I don't even know if you are a part of the "team"... I just saw so many stars under your name and thought... well it's about time!

Have a good night

[brad]

I understand, I just don't think this is an issue with Joomla...

This thread was originally about the 1.0.14 patch, which has now been replaced by 1.0.15 anyway.

[robin.mousley]

This thread was originally about the 1.0.14 patch, which has now been replaced by 1.0.15 anyway.

Makes no difference - we were on 1.0.15 and were having the same problem.

What did make a difference was reinstalling Community Builder with the very latest version (1.2 Beta) and reinstalling the hacks for SMF.

Reading through these threads it feels as though there are different causes to this problem, but as I say, it seems that we've fixed ours by reinstalling CB.

[ikt]

Can you tell me Brad.. when you reinstalled CB did you completely remove it and the modules and do a fresh install?

I'm just wondering if removing it completely does anything after integrating users?

Thanks!

[jrtalon]

I would reinstall and start all over with v. 1.0.15, rather than continue with these patches up to 1.0.15 if I knew I wouldn't have a problem with the user database, but I am not that fluent with Joomla.

Off-Topic but I need to chime in on this, never ever, apply updates without at least having a backup first!! Also you should really have a test site to well test patches and components our before applying them to your live site.
1. Download Joomlapack, backup your site and download the zip file to your hard drive.
http://extensions.joomla.org/component/ ... Itemid,35/
2. unzip and upload the backup into its own sub directory called test so your live site is located at /public_html/ your test site would be /public_html/test/ 3
3. create a new database in your hosting control panel....don't use the database of your live site, if you try to do that during install it will wipe it!!
5. type yoursite.com/test/install(ation?) and install joomla like normal (remember to use the new database.
Then delete the install folder, now you have a test site to work on first. Might be a good idea to password protect that folder as well so no bots crawl it.

[robin.mousley]

Can you tell me Brad.. when you reinstalled CB did you completely remove it and the modules and do a fresh install?

Yes, completely removed the old version then went through the re-install step by step.

[ikt]

Thanks so much!
Have a great day

[undoIT]

I had this same issue with a Joomla 1.0.15 site. I've seen it happen twice now. Just spent about seven hours working on it. Then suddenly, after logging out of the backend with the logout link, I'm able to login on the frontend again. I thought this was a Community Builder issue but now I'm not so sure.

Here's the thread I started on the CB forums:

http://www.joomlapolis.com/component/op ... /catid,58/

btw, this is not a Microsoft issue. I'm on Linux

[ikt]

Just a quick update.... I have not had any problems with logins since uninstalling CB and switching back to the default login.
I see that there are things that are working and things that are not for different people.
CB will obviously not be the culprit of everyone's site, but it seems to have been with mine.
I have not yet had the time to reinstall CB... I will be posting my update when this takes place.

If you are having this login issue.... do make sure you check to confirm it isn't CB that is causing your problem. If it is, disable it if you can and switch to the default login to confirm if this is a problem for you too.

Good luck to all!

[undoIT]

I am running CB1.2 RC2 with Joomla 1.0.15. The bug is back. Perhaps it crops up once a day in the evenings. If I try to login with the CB login module I get this:

Session expired or cookies are not enabled in your browser. Please press "reload page" in your browser, and enable cookies in your browser. Please refresh/reload page before filling-in.

If I try to login with the Joomla login module, I get this:

You are not authorised to view this resource.

It seems like both login modules are trying to redirect to a funky URL. I have cleared all caches on the site and still get the problem. I have tried the hacks suggested in this thread and also the following steps listed on this thread:

http://www.joomlapolis.com/component/op ... itstart,0/

When this bug kicks in, there doesn't seem to be anything I can do to get the frontend login working except wait until it magically starts working again.

Here is a debug log for the before and after login:

Before:

Code: Select all

17 queries executed
1
SET sql_mode = 'MYSQL40'
2
SELECT folder, element, published, params
 FROM jos_mambots
 WHERE published >= 1
 AND access <= 0
 AND folder = 'system'
 ORDER BY ordering
3
SELECT `id`,`link` FROM jos_menu  WHERE ((`name` LIKE '%login%') AND (`published` > 0))
4
SELECT oldurl, newurl FROM jos_redirection WHERE oldurl = 'login' ORDER BY rank ASC LIMIT 1
5
UPDATE jos_redirection SET cpt=(cpt+1) WHERE `newurl` = 'index.php?option=com_content&Itemid=89&id=4761&lang=en&task=view' AND `oldurl` = 'login'
6
SELECT template
 FROM jos_templates_menu
 WHERE client_id = 0
 AND ( menuid = 0  OR menuid = 89 )
 ORDER BY menuid DESC
LIMIT 1
7
DELETE FROM jos_session
 WHERE (
 ( time < '1217206000' )
 AND guest = 0
 AND gid > 0
 ) OR (
 ( time < '1217291500' )
 AND guest = 1
 AND userid = 0
 )
8
SELECT *
 FROM jos_session
 WHERE session_id = '79ddf0795fde119ba2698153a77e91d9'
9
UPDATE jos_session SET `time`='1217292400',`userid`='0',`usertype`='',`username`='',`gid`='0',`guest`='1' WHERE session_id='79ddf0795fde119ba2698153a77e91d9'
10
SELECT params
 FROM jos_mambots
 WHERE element = 'yoo_effects'
 AND folder = 'system'
11
SELECT *
 FROM jos_menu
 WHERE id = 89
12
SELECT value,regex FROM jos_pagecache_no_cache WHERE pub = 1
13
SELECT a.*
 FROM jos_components AS a
 WHERE ( a.admin_menu_link = 'option=com_syndicate' OR a.admin_menu_link = 'option=com_syndicate&hidemainmenu=1' )
 AND a.option = 'com_syndicate'
14
SELECT id, title, module, position, content, showtitle, params
 FROM jos_modules AS m
 INNER JOIN jos_modules_menu AS mm ON mm.moduleid = m.id
 WHERE m.published = 1
 AND m.access <= 0
 AND m.client_id != 1
 AND ( mm.menuid = 0 OR mm.menuid = 89 )
 ORDER BY ordering
15
SELECT `id`,`link` FROM jos_menu where ((`menutype`='mainmenu') AND (`published` > 0) AND (`access` <= '0')) ORDER BY parent, ordering
16
SELECT c.title AS category,  a.title AS title FROM jos_content as a LEFT JOIN jos_categories AS c ON a.catid=c.id WHERE a.id=4761
17
SELECT id, metadesc, metakey

After trying to login with CB module:

Code: Select all

12 queries executed
1
SET sql_mode = 'MYSQL40'
2
SELECT folder, element, published, params
 FROM jos_mambots
 WHERE published >= 1
 AND access <= 0
 AND folder = 'system'
 ORDER BY ordering
3
SELECT `id`,`link` FROM jos_menu  WHERE ((`name` LIKE '%component%') AND (`published` > 0))
4
SELECT template
 FROM jos_templates_menu
 WHERE client_id = 0
 AND ( menuid = 0  OR menuid = 99999999 )
 ORDER BY menuid DESC
LIMIT 1
5
DELETE FROM jos_session
 WHERE (
 ( time < '1217206082' )
 AND guest = 0
 AND gid > 0
 ) OR (
 ( time < '1217291582' )
 AND guest = 1
 AND userid = 0
 )
6
SELECT *
 FROM jos_session
 WHERE session_id = '79ddf0795fde119ba2698153a77e91d9'
7
UPDATE jos_session SET `time`='1217292482',`userid`='0',`usertype`='',`username`='',`gid`='0',`guest`='1' WHERE session_id='79ddf0795fde119ba2698153a77e91d9'
8
SELECT params
 FROM jos_mambots
 WHERE element = 'yoo_effects'
 AND folder = 'system'
9
SELECT *
 FROM jos_menu
 WHERE published = 1 AND
 link LIKE 'index.php?option=com\_comprofiler&task=login%'
10
SELECT a.*
 FROM jos_components AS a
 WHERE ( a.admin_menu_link = 'option=com_syndicate' OR a.admin_menu_link = 'option=com_syndicate&hidemainmenu=1' )
 AND a.option = 'com_syndicate'
11
SELECT id, title, module, position, content, showtitle, params
 FROM jos_modules AS m
 INNER JOIN jos_modules_menu AS mm ON mm.moduleid = m.id
 WHERE m.published = 1
 AND m.access <= 0
 AND m.client_id != 1

[undoIT]

Okay. Joomla cache and PageCache have been turned off for the past hour. Both cache folders where checked to make sure they were empty. Browser cache completely cleared. Both jos_comprofiler_sessions and jos_session tables were emptied. I still can't login. Where could Joomla possibly be pulling funky data from?

[undoIT]

I have completely overwritten the existing Joomla installation with a fresh Joomla 1.0.15 set of files. That did not fix the login issue. I also disabled sh404SEF and turned off SEF URLs. I still wasn't able to login. There must be something that is getting stored in the database that is causing this.

[undoIT]

Interesting. I am able to login with the login form supplied with Fireboard:

http://themebot.com/forums/

If I go to the login page after logging in there it shows me as logged in. However, after loggin out, I am still not able to login with the CB login module nor the Joomla login module.

[undoIT]

I enabled the the Joomla login module on the forum page. I am able to login with the Fireboard login form but not the Joomla module login form. I checked out the source code for the page. The only suspicious thing I can see is that one of the hidden input values is different.

Joomla Login:

Code: Select all

<input type="hidden" name="j8c1d1210a24905d7cf7d7f91281bdbe0" value="1" />

Fireboard Login:

Code: Select all

<input type="hidden" name="jd3e64c87c264a1cf14d6e37009cba979" value="1" />

That looks like a session value to me, although I can find any sessions in the databse tables with the same string. Am I on to something here?

[undoIT]

YES!!! I opened mod_login.php and manually replaced the name for that input with "jd3e64c87c264a1cf14d6e37009cba979". Now I am able to login. There is something going on with the josSpoofValue function. josSpoof is despoofing the wrong guy. I'm innocent!

[ircmaxell]

This is a bug in CB. Edit from line 514 of mod_cblogin.php:
Change:

Code: Select all

	if ( is_callable("josSpoofValue")) {
		$validate = josSpoofValue();
		echo "<input type=\"hidden\" name=\"" .  $validate . "\" value=\"1\" />\n";
	}

To:

Code: Select all

	if ( is_callable("josSpoofValue")) {
		$validate = josSpoofValue(1);
		echo "<input type=\"hidden\" name=\"" .  $validate . "\" value=\"1\" />\n";
	}

[undoIT]

Hi Anthony. That code looks the same as the Joomla login module which was not working as well. Beat from CB mentioned something about server offset. Indeed, my server offset was set to -3, which was valid for an old server the site was on, but not the new server it is currently on. I changed it to 0. Could that also cause a problem with the josSpoofValue?

It looks like there are two places in mod_cblogin,

around line 515 and 689

Code: Select all

		$validate = josSpoofValue();

I have changed thos to:

Code: Select all

		$validate = josSpoofValue(1);

I guess I will find out later tonight if the server offset and that adjustment fixes this. Thanks!

[ircmaxell]

Hi Anthony. That code looks the same as the Joomla login module which was not working as well. Beat from CB mentioned something about server offset. Indeed, my server offset was set to -3, which was valid for an old server the site was on, but not the new server it is currently on. I changed it to 0. Could that also cause a problem with the josSpoofValue?

It looks like there are two places in mod_cblogin,

around line 515 and 689

Code: Select all

		$validate = josSpoofValue();

I have changed thos to:

Code: Select all

		$validate = josSpoofValue(1);

I guess I will find out later tonight if the server offset and that adjustment fixes this. Thanks!

I would uninstall CB... If it still doesn't work, then we can talk, but otherwise, AFAICS, it's a CB issue.

As far as the offset issue, yes, that would cause this too. It uses an internal date (to force rotate the tokens each day). So if the date is off by an hour, it could throw this error... POSSIBLY...

[undoIT]

Thanks again Anthony, especially for all your work recently optimizing Joomla. You da man!

I'll report back later if the changes made have solved this.

[Beat]

This is a bug in CB. Edit from line 514 of mod_cblogin.php:
Change:

Code: Select all

	if ( is_callable("josSpoofValue")) {
		$validate = josSpoofValue();
		echo "<input type=\"hidden\" name=\"" .  $validate . "\" value=\"1\" />\n";
	}

To:

Code: Select all

	if ( is_callable("josSpoofValue")) {
		$validate = josSpoofValue(1);
		echo "<input type=\"hidden\" name=\"" .  $validate . "\" value=\"1\" />\n";
	}

Yup, that's a good find, confirmed. Many thanks

However, this value is normally ignored, if CB 1.2 RC 2 is installed properly, as it then uses CB's anti-spoofing instead of joomla's. Main reason for making a CB own version has been that joomla's 1.0 antispoofing has a bug at midnight each day: the anti-spoofing check fails if the page is loaded before midnight and the login from that page is sent after midnight (same applies to any anti-spoofed joomla page). I reported that bug to joomla dev lead over a year back, and maybe it's fixed in joomla 1.5, but for sure not in 1.0.15.

I just finished reviewing all of CB's and Joomla's 1.0.15 anti-spoofing code to try to find why in undoIT's case it didn't work well a few days back in both CB and joomla's logins, but didn't find why. I doubt that uninstalling CB will change anything if undoIT uses joomla's login module, as CB doesn't interfer or register any events for joomla login. I had a *maybe* guess on the timezone offset, but couldn't confirm this hypothesis by code review.

In case of CB 1.1, sites where a module was partially reloading a page were failing on the anti-spam checks, and not using CB 1.1 login module would be fixing the problem in those cases, but this has been fixed for CB 1.2.

I will continue following up with UndoIT on joomlapolis if his problem reappears and if anyone else still has a problem with CB 1.2 RC 2 logins, please join the discussion here:

http://www.joomlapolis.com/component/op ... tstart,18/

[Setablaze4JC]

I've been having the same problem of not being able to login to the front end, but back end login works fine. I had created a test user to experiment with the article publishing capabilities of Joomla from a front end perspective, and then (being new to Joomla) tried to see if that user could login to the back end. It didn't, and then I could no longer log that user or any other user into the front end.
I've read through this thread several times and tried the different suggestions, but still no luck. I've tried the default login module, YOO login, Core Design login, and CB 1.1 login (most recently, and currently active). Nothing, regardless of browser. I've also tried clicking on "forgot password" but even the new password doesn't work. I always get "You are not authorised to view this resource." or "Invalid username/password" or a few times it just took me to index.php as if I never even logged in to begin with. Any help would be appreciated.

Braden

Site: http://www.newvessels.org/test1
Joomla! version 1.0.15 installed using Fantastico