The Joomla! Forum ™

Well, that makes us two waiting for stability. I've seen many topics about this issue, sometimes offering an insecure option as answer. I'll keep my old 1.0.12 mule for a while...

_________________
"Verba volant, scripta manent"

Hi All,
Although there are many similar problems, no one is recommending any solutions. I too have upgraded from 1.0.13 to 1.0.15 and getting the same error. I can't login either from backend and frontend.

Can any Joomla! master find solutions to these problems?

I would be grateful to know and hear soltuions at the earliest while thanking the JOOMLA! for giving us wonderful CMS!!!

_________________
Pema
Bhutan
http://www,bhutandesigns.com
http://www.bhutanhosting.com

Have you tried this yet? (see pawel7 post above)

in includes/joomla.php

in function josSpoofValue

Change:

$validate = 'j' . mosHash( $mainframe->getCfg( 'db' ) . $random . $my->id );

to

$validate = 'j' . mosHash( $mainframe->getCfg( 'db' ) . $random . (int)$my->id );

This worked for me.

Sadly i have the same isssue.

Went 1.0.12 --> 1.0.15 and was logged into the admin area at the time of install. Interestingly i completed the upgrade fine, maintained a valid session, and did some admin tasks. Then (why?) I decide to click "logout" and all this mess starts (Both logins broken). I've searched a number of boards for solutions and here's where I'm at;

Sessions
I've checked out sessions table (jos_sessions) via phpMyAdmin and it is working fine. There are always new, and changing, entries for guests on the site.

MemberTables
I've checked the member tables in my install (jos_users, jos_core_acl_aro) and my admin entry has consistent detail in each ("value"=62, same name etc). Nothing else in these member tables looks screwy.

php Fixes
I've tried a solutions described here involving (int)$my->id. No joy there for me.

When I try to login to the backend I get "Invalid Username, Password, or Access Level". I've also tried putting no username & password this yields the message "Please Enter a Password" so I make a few assumptions that it's falling on the checking details vs. the DB.

In the install files, i find that "Invalid" entry in administrator/index.php as below;



Code it be this $acl / acl_check call, which i assume is referencing the Joomla core user table (jos_core_acl_aro)?

I do have a DB backup from 14 hours prior to the upgrade, so may if this persists recreate that and compare tables in phpMyAdmin.

Cheers all,
n



As a note I AM using Community Builder, but as this is the core Joomla admin login, I'm going back to basics that it is 1.0.15 related.

I've got some updates, nothing concrete but I think I may be heading in the right direction. I've FTP'd in and set debug 'on' to have a look at what is being called. 2 things are very suspicious in my eyes. This is a standard homepage load, not a login attempt.

1) At the start of my debug my Joomla puts my MySQL 5.0.58 running server into... MySQL 4 mode? eh?



Does anyone know which table that variable is in by the way? I can't find it.

Then it calls 2 completely different session calls?

Well, the question is: when logging in, the session_id is created, then, where does the other session_id come from????

_________________
"Verba volant, scripta manent"

Does yours do the same in debug mode? I'm wondering if my second one is created by Community Builder, and the fact they don't match causes some kind of issue.

But, if you are using CB, the original mod_login MUST be disabled in order to display ONLY the CB login module. So, how could it process it anyway?

PS. I'm not using CB in my public site, only in a test server. Anyhow, i've worked it some.

_________________
"Verba volant, scripta manent"

I'm half way there. The admin login has been "circumnavigated dangerously". In trying to figure out which of the following 2 tests was failing...

if ( strcmp( $hash, $cryptpass ) || !$acl->acl_check( 'administration', 'login', 'users', $my->usertype ) ) {

I removed them one at a time, tried to login, and it the first conditional that's killing me. With it removed I can login to my admin area (Don't worry, I put it back once I'd established an admin session).

As I KNOW every user (6000+) can't be entering the wrong details, does anyone know why "strcmp( $hash, $cryptpass )" would be False?

Could the same issue be hampering my front end login?

n

p.s. I've now been able to run the standard CB diagnostics, and sync scripts. No errors are reported.

Look, in /includes/joomla.php from the 1.0.15 patch, in the login function, you can find this:



hence, the problem should reside in the content of $user->password and more explicitly, in $salt. I'm just guessing some.

Also, one should test the way it checks the old hashing process and transforms the passwords through a new hashing process. Look at this, also in the login function.



Then, it performs the

thing.

But, about the thing in the strcmp, AFAIK it is just checking that they have the same length, right? There's something missing in the hashing process.

_________________
"Verba volant, scripta manent"

I did a FRESH Fantastico 1.015 upgrade and worked all day on it yesterday, in and out of admin and front end logins.

I'm using the CB Login with the main Joomla login disabled.

I did find that my configuration.php file had a "1" in it when I got up this morning

$mosConfig_admin_expired = '1' so I changed it to

$mosConfig_admin_expired = '0'

no effect.

I AM able to log in to the front end. Just not the backend. in either IE or FF

Thanks to anyone who's working on this! 1.015 recently showed up in the Fantastico distribution, so there are going to be a LOT of unhappy Joomla campers out there!

What's the error message in your admin login?

Admin login error message is:

Invalid Session

Ok, the (int) addition to /includes/joomla.php worked!! Thanks konczal!

If it breaks again, I'll report back.

We can assume that your 1.0.15 is working 100%, right?

_________________
"Verba volant, scripta manent"

Hey Alfabravo

Thanks for asking. Yes, my 1.015 site is running smoothly.

I have about 20 or so sites running 1.013 - think I'll wait a bit to upgrade. I'm deploying another 15 or so 1.015 sites in the next few weeks. I think I'll hack the joomla.php file as a standard install procedure until a patch is released.

Thanks for the news, I'll start patching my testing site, so I'll see how it behaves.

Now I'm happy 'cause it works for you and i guess we'll be all happy soon! This hack must be implemented in the official patch soon!

_________________
"Verba volant, scripta manent"

Thanks are actually due to pawel7 - see his post on the first page. I was merely repeating his suggestion and noting that it worked for me!

Yes, none of the above works for me either.

I truly hope that someone is working on this issue!

Is that like , "YES, we have no bananas?"

Jejejeje... looks like there's an issue in the 1.0.12 that is not present in a clean 1.0.15

_________________
"Verba volant, scripta manent"

None of the above works for me either. But there is hope: I will meet part of the Joomla crew next Mo (May 19) during the JoomlaDay in Syd. Let's see whether I can come back with a solution soon.

Cheers,
Matthias

I couldn't login to the backend after upgrading from 1.012 to 1.015. I found a very simple solution, just replace the includes/joomla.php from the upgrade pack by the joomla.php from the full package. It worked for me

Greetz, Rene

Hi!
Patch 1.0.12 ----> 1.0.15 and off course, the same problem as everyone.
can't login in front page.
I'm using CB login module.
I did the pawel7 suggestion, but the same same.
backend no problems.

Hello,
I'm still having this issue, is there an official fix yet? I'm dead in the water. I upgraded from 1.0.12 to 1.0.15 and I'm not using any components other than Phil-a-form and Joomla Explorer. You can login the first time, then if you go back to the homepage and if you try to login again it says "You are not authorised to view this resource" The only way to clear it it to log the user off from the back end.

Funny enough, I had this happening with three sites...two of them just seemed to start working for no reason. The third one is still locked up tight.

_________________
http://www.jasonpainter.com -|- http://www.sellmeflorida.com

Hi to all. I have the same problem but I finally found a FIX
So far, I have a joomla based cms (core 1.0.12, cb 1.0.2 and many MANY other stuff) and I had to upgrade it to the lastest releases. When I first upgraded to joomla 1.0.15 I experienced the same problem read in this threads. I tried the includes/joomla.php file fix but nothing worked at all. At last I focused my attention on the database.
I went in the table jos_users and I changed the password field from varchar(32) to varchar(100) (I think a 32 size is to small for the new joomla's password routine) and ...it works! I used phpmyadmin frontend for the database editing, but you can simply perform an ALTER TABLE sql command

...just remember to adjust CHARACTER SET and COLLATE to those of yours databases...

Mine is already set at 100, therefore this can't fix my install.

_________________
http://www.jasonpainter.com -|- http://www.sellmeflorida.com

is the password stored in the new joomla style hash+salt?? something like aaaaaaaaaaaaaaaaaaa:bbbbbbbbbbb

Hi,

I still having same problem. I can't login from fronend.

I have tried:

- fix joomla.php
- turn off SEO
- my jos_users table with password varchar 100 is OK.

Anybody can I say me any idea more?

Thank you very much

So is there a fix for this yet? I am not a programmer and a lot if this is over my head. Even new users I set up can't log-in to front end.
-Stephen