[MEDIUM:TRACKER 6766:1.0.11]User Login: "You are not authorized to view.."

[nextedition]

I saw a recent post talking about "virtue mart" login, although I do not use "virtue mart"  I am using the login module that comes with Joomla, and can not login.  I get the pop-up message "You are not authorized to view this resource.."  The backend login works fine. 



Q&T Notes / related topics

http://forum.joomla.org/index.php/topic,72398.0.html

[darvian]

I'm having the same problem.  Has someone found the solution?

[nextedition]

I figured out my problem.  When I updated to Joomla 1.0.10, I did not update the Components, Mambots, and the Modules folders because I did not want to overwrite my custom components, mambots, and modules files. 

So, I downloaded the Joomla 1.0.10 pak  and FTP the components, mambots, and module files to my server, and it worked!

I hope my solution works for you.

[darvian]

I've tried reloading the file with no luck.

[RobS]

I figured out my problem.  When I updated to Joomla 1.0.10, I did not update the Components, Mambots, and the Modules folders because I did not want to overwrite my custom components, mambots, and modules files. 

So, I downloaded the Joomla 1.0.10 pak  and FTP the components, mambots, and module files to my server, and it worked!

I hope my solution works for you.

If you don't upload the new component/module folders you will not get the updated login module which was modified to address the additions in the Joomla Core.  This will cause the spoof check to fail every time and make it impossible to login.

Edit: Poor grammar.

[nextedition]

I've tried reloading the file with no luck.

I still get the message too, but when you click on a menu button to go to another page, it then displays the user menu and shows that you are logged in.  I think this is a bug, that may relate to the "double login" post.  But I am a noob so what do I know

[pompadissa]

Anyone have a fix for this or working on it?

[natefun]

I've downgraded to Joomla 1.0.8 and use VirtueMart 1.5 and now it works, because I had the same problem after upgrade to 1.0.10

[researchtoxic]

I am having the same issue. All my components and modules are up to date. When I log in as super admin on front end I can use everything. When I use my registered user login , and click on Submit News I get the error, "You are not authorized to view this resource."

[abskure]

Virtue Mart manual fix is here:
http://virtuemart.net/index.php?option= ... &Itemid=83

[Simon.Hague]

Ok.

So I am running a new install of 1.0.11 stable and getting the same for a public post for unregistered users. I login and I still get this??????

Ideas?

[mlines]

I am running 1.011 stable and get a similar problem

When accessing the front page , with a NEW browser session, after logging on as a user I get the "You are not authorized to view this resource" message. If I "OK" this message I get returned to the frontpage, and then I can log on ok. Subsequent login/logout attempts from within the same browser session are fine,

This is true for both IE and Firefox browsers and also for direct and cache/proxy accesses.

As the website is development at this stage I can let you have a look in more detail if necessary

Martin

[abskure]

I recently upgraded several of my sites and most are having this login issue. I find if you hit remember me, it logs in fine. is there a way we can workaround a hack to setup remember me to automatically be checked ? Would this be dangerous?

[user deleted]

Hi All,

Please read my note here; http://forum.joomla.org/index.php/topic ... #msg479924

Can everyone having problems with loging in state there webserver details? Thanks.

[abskure]

I used Community Builder login and changed parameter to set Rmember me as hidden but checked, it did the trick....but here's my webserver details:

Linux web100.opentransfer.com 2.6.14.4 #2 Wed Jan 4 22:51:21 CST 2006 i686
Database Version: 4.0.24-standard-log
PHP Version: 4.3.11
Web Server: Apache/1.3.31 (Unix) PHP/4.3.11 mod_ssl/2.8.18 OpenSSL/0.9.6b FrontPage/5.0.2.2635 mod_throttle/3.1.2
WebServer to PHP interface: apache
Joomla! Version: Joomla! 1.0.8 Stable [ Sunshade ] 26-Feb-2006 05:00 UTC
User Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.6) Gecko/20060728 Firefox/1.5.0.6
Relevant PHP Settings:
Safe Mode: OFF
Open basedir: none
Display Errors: ON
Short Open Tags: ON
File Uploads: ON
Magic Quotes: ON
Register Globals: ON
Output Buffering: OFF
Session save path: /tmp
Session auto start: 0
XML enabled: Yes
Zlib enabled: Yes
Disabled Functions: none
WYSIWYG Editor: JCE Editor Mambot

[abskure]

Here's another server with similar problem:

  Linux ans01.midphase.com 2.6.9999-MIDPHAZED-8d852ef03f0ece2563d39a8c6ebdbe96 #1 SMP Mon Jul 24 19:40:22 CDT 2006 i686
Database Version: 4.1.20
PHP Version: 5.1.6
Web Server: Apache/1.3.37 (Unix) mod_fastcgi/2.4.2 PHP/5.1.6 mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.4 FrontPage/5.0.2.2635.SR1.2 mod_ssl/2.8.28 OpenSSL/0.9.7a
WebServer to PHP interface: apache
Joomla! Version: Joomla! 1.0.11 Stable [ Sunbow ] 28 August 2006 20:00 UTC
User Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.6) Gecko/20060728 Firefox/1.5.0.6

Joomla! Register Globals Emulation:  ON 
Register Globals: ON
Magic Quotes: ON
Safe Mode: OFF
File Uploads: ON
Session auto start: OFF
Session save path: /tmp
Short Open Tags: ON
Output Buffering: OFF
Open basedir: /home/idiacla5:/usr/lib/php:/usr/local/lib/php:/tmp
Display Errors: ON
XML enabled: Yes
Zlib enabled: Yes
Disabled Functions: none

[tflores21]

Cannot login from frontpage, or any other pages.  Clicking on the LOGIN button gives me the error, regardless of entering a login and password.  Tried adding www to url, same problem.

PHP built On:  Linux serv01.clev10.com 2.6.15.1-mingoto #1 SMP Thu Jan 26 08:06:24 CST 2006 i686
Database Version: 4.1.21-standard-log
PHP Version: 4.4.2
Web Server: Apache
WebServer to PHP interface: cgi
Joomla! Version: Joomla! 1.0.11 Stable [ Sunbow ] 28 August 2006 20:00 UTC
User Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.7) Gecko/20060909 Firefox/1.5.0.7

Relevant PHP Settings: 
Joomla! Register Globals Emulation: OFF
Register Globals: OFF
Magic Quotes: ON
Safe Mode: OFF
File Uploads: ON
Session auto start: OFF
Session save path: /tmp
Short Open Tags: ON
Output Buffering: OFF
Open basedir: none
Display Errors: ON
XML enabled: Yes
Zlib enabled: Yes
Disabled Functions: none

[Devz]

Hi guys, im in exactly the same boat (possibly after updating to 1.0.11 (but i cannot confirm this))

Exact same scenario best described by mlines @ http://forum.joomla.org/index.php/topic ... #msg474363

Below is my sysinfo:

PHP built On:  Linux 2.6.16.27-AMDv8 #1 SMP Fri Jul 21 16:53:01 CDT 2006 x86_64 
Database Version:  4.1.21-standard 
PHP Version:  4.4.3-x86_64 
Web Server:  Apache/1.3.37 (Unix) PHP/5.1.4 mod_fastcgi/2.4.2 mod_deflate/1.0.21 mod_jk/1.2.14 mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.4 PHP/4.4.3-x86_64 FrontPage/5.0.2.2634a mod_ssl/2.8.28 OpenSSL/0.9.7a 
WebServer to PHP interface:  apache 
Joomla! Version:  Joomla! 1.0.11 Stable [ Sunbow ] 28 August 2006 20:00 UTC 
User Agent:  Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; InfoPath.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322) 
Relevant PHP Settings:  Joomla! Register Globals Emulation:  ON   
Register Globals:  ON   
Magic Quotes:  ON   
Safe Mode:  OFF   
File Uploads:  ON   
Session auto start:  OFF   
Session save path:  /tmp 
Short Open Tags:  ON 
Output Buffering:  OFF 
Open basedir:  /home/rat24/:/usr/lib/php:/usr/local/lib/php:/tmp 
Display Errors:  ON 
XML enabled:  Yes 
Zlib enabled:  Yes 
Disabled Functions:  none 

Site is currently in development, any indication if its something ive done, or a bug within the works would be great in the interim of finding a fix.

Regards,
Devz

[user deleted]

Hi all,

Thanks for all the extra info you are posting.

I have read someone else his similar problem, and possible fix. If anyone is interested in trying; download the full 1.0.11 package, unzip it, and upload the /modules/mod_login.php module. See if the problem is solved by doing so.

[Devz]

Hi RobInk,

Thanks for your reply, and interest in resolving this problem.

I have done as requested, uploaded /modules/mod_login.php from the Joomla_1.0.11-Stable-Full_Package zip package.

Problem still exists.

- Devz

[user deleted]

Thanks Devz,

Just trying to rule out some things. It's seems to be a hard one to crack...

[Devz]

Much harder for people outside the dev-team to figure out what is causing this.

I hope whomever is looking into it, understands the importance to the enduser that this important components of the Joomla! framework is rectified. From what i have read people have experienced similar things as far back as 1.0.8.

In my honest opinion, anything regarding Login, or authentication, should be a HIGH priority.

I know that users can eventually log on (so that should point out it something relating to Joomla not acknowledging that they are coming from the Joomla site (sp00f related?) as if i open my development site up in a new browser, click on something restricted or non restricted, then put in user login details. It works fine. Thats ok for me, but not an end user that simply wants the site to work.

Is there anything else the community thats having this problem can do to assist its resolve?
My development site should be delivered this week sometime. 

[beano]

I agree with above comment re High Priority

On my small web site I'm getting users registering, then emailing to say they cannot log in.
Not a great first impression.

Has anyone checked out this thread as a cure? http://forum.joomla.org/index.php/topic,92425.0.html

(Credit to Phil Taylor for spotting it!)

[Devz]

Have done some backtracing.

Problem exists (for me) with the following check in includes/joomla.php:

// extra check to ensure that Joomla! sessioncookie exists
if (!($sessioncookie == '-' || strlen($sessioncookie) == 32)) {

Demonstrated by the following mod for includes/joomla.php:
// header( 'HTTP/1.0 403 Forbidden' );
// mosErrorAlert( _NOT_AUTH );
header( 'Location: http://www.slashdot.org' );
mosErrorAlert( _NOT_AUTH );

Does someone want to verify this, or look a little bit further.
Hope this leads to a solution.

- Devz

[user deleted]

Thanks Devz, your backtracking has been brought to the attention of Q&T.

[Devz]

RobInk: any update on progress or discussion on this thread?

How is it constructive for developers to have their own thread for problems, rather then participate with the users that are WILLING to trial and help resolve issues affecting them?

The reason i ask, my predicament is: I have 1200+ members to start populating into my site. I can only imagine how many emails will be sent about not being able to login with the details generated and emailed to this many users.

This is a HUGE problem for anyone looking to implement Joomla! 1.0.11 (which they are urged to upgrade too) with any sort of user login system. Which, if there is a need for user login or user specific information, wouldnt your current choice be something-other-than-Joomla, if you knew of this bug being present?

I would have thought my identification of the cookie check would have narrowed down the fix time on this bug that id guess hundreds of people are experiencing (far fewer are reporting, or choosing other CMS), considering this was first accurately identified on Sept 11 (24days ago) and this thread began July 14 (83 days ago).

Maybe this thread should be worked on, so it can be closed, and people can continue to use mod_login.

[Devz]

NOTE: during this testing, session_id's were purged from the jos_session db table in each instance to evaluate a 'common' scenario, ie. first login's - as this is what will effect the user's experience

General Occurances:
guest session_id is not created in db table jos_session when using a new IE browser instance.
guest session_id is not created in db table jos_session when using a new FF browser instance.

guest session_id IS NOT created in db table jos_session when using an existing IE browser window.
guest session_id IS created in db table jos_session when using an existing FF browser window.

guest session_id is always created on page refresh when user hasnt logged in (if user logs in, it differs depending on browser).

NEW INSTANCES FF:

new instance FF (firefox about:blank), open joomla_1_0_11_site.com, no guest session_id created, user CANNOT login, recieves dialogue box error, then redirects to homepage, which creates session_id. user CAN then login, however usermenu doesnt appear til page is refreshed.
new instance FF (firefox joomla_1_0_11_site.com), no guest session_id created, user CAN login.

NEW INSTANCES IE:

new instance IE (iexplore about:blank), open Joomla! 1.0.11 site, no guest session_id created, user CANNOT login (403 forbidden)
new instance IE (iexplore google.com), open Joomla! 1.0.11 site, no guest session_id created, user CANNOT login (403 forbidden)
new instance IE (iexplore joomla_1_0_11_site.com), no guest session_id created, and user CAN login.

EXISTING INSTANCES FF:

existing FF windows exist, open new FF window (ctrl+n), open Joomla! 1.0.11 site (first & only tab in this window),
guest session_id created AND user CAN login.
existing FF window, open new tab (ctrl+t) (other tabs exist), open google.com, open Joomla! 1.0.11 site (same tab),
guest session_id created AND user CAN login.

EXISTING INSTANCES IE:

Existing IE instances, give 403 Forbidden, until the page is refreshed (session_id made). Then login works.

Summary:

Pretty much, if you navigate directly to your Joomla! 1.0.11 site with a new browser, you can login.
If you reuse an old FF browser, you can login.
If you reuse an old IE browser, you must refresh the page before being able to login.

--

Could this be a bug where guest session_id's should be created on ANY instance of viewing the page?

Any insight/views/opinions/hacks or fixes, would be of assistance.

[Devz]

A dirty workaround for those experiencing this mess (and patiently waiting for a fix) is to modify the login form module to appear on every other menu item other than the home page. I know, its not how it should be, but, theres been no solution as yet.

For newbies.
In Administration:
Modules => Site Modules => Login Form
On the right hand side click ur bottom-most mainmenu item, hold down shift, click ur second mainmenu item from the top.
Click save.

Lets all hope Joomla Developers dont leave us with this ugly work around.

Regards,
Devz

[user deleted]

Hi,

How is it constructive for developers to have their own thread for problems, rather then participate with the users that are WILLING to trial and help resolve issues affecting them?

As a Q&T member I'm also depending on the developers to check this forum. I'll make sure to bring this topic to there attention again. I agree that this is an ongoing problem which needs a fix.

Regards Robin

[facedancer]

RobInk: any update on progress or discussion on this thread?

How is it constructive for developers to have their own thread for problems, rather then participate with the users that are WILLING to trial and help resolve issues affecting them?

The reason i ask, my predicament is: I have 1200+ members to start populating into my site. I can only imagine how many emails will be sent about not being able to login with the details generated and emailed to this many users.

This is a HUGE problem for anyone looking to implement Joomla! 1.0.11 (which they are urged to upgrade too) with any sort of user login system. Which, if there is a need for user login or user specific information, wouldnt your current choice be something-other-than-Joomla, if you knew of this bug being present?

I would have thought my identification of the cookie check would have narrowed down the fix time on this bug that id guess hundreds of people are experiencing (far fewer are reporting, or choosing other CMS), considering this was first accurately identified on Sept 11 (24days ago) and this thread began July 14 (83 days ago).

Maybe this thread should be worked on, so it can be closed, and people can continue to use mod_login.

Thx for your involvement, trying to figure out what's wrong with those silly browsers :P