Forums

Can't log in after installing ssl/ajaxterm

Permalink
Hi all

I've been playing around with trying to get Ajaxterm working (including creating ssl certs etc), but in doing so it seems to have b0rked my c5 install - I can no longer log in! When I enter the correct username and password the login page just reloads.

I've tried to reverse the process of installing Ajaxterm as far as I can remember it, but it hasn't helped. I've also cleared my cache, tried a different browser, removed cookies etc.

Any ideas? Help much appreciated!!
melat0nin
 
melat0nin replied on at Permalink Reply
melat0nin
Anyone? Here's my phpinfo:

http://r33769.ovh.net/phpinfo.php...

..although I'm sure it must be a config issue other than PHP. I followed the instructions herehttps://help.ubuntu.com/community/AjaxTerm...
to install Ajaxterm, then more-or-less reversed them once things screwed up, but that hasn't helped.

EDIT i looked at the logs in the database, and after the first time I used the Forgot Password function (after the site initially buggered up), I see these errors when I've tried the Forgot Password function again:

Exception Occurred: Invalid Key. Please visit the forgot password page again to have a new key generated.
#0 [internal function]: LoginController->change_password('3cLrIuWp3GLI', 'yada.php_files', 'ga.js')
#1 /home/scotlawcom/public_html/concrete/libraries/controller.php(190): call_user_func_array(Array, Array)
#2 /home/scotlawcom/public_html/concrete/libraries/controller.php(169): Controller->runTask('change_password', Array)
#3 /home/scotlawcom/public_html/concrete/libraries/view.php(600): Controller->setupAndRun()
#4 /home/scotlawcom/public_html/concrete/dispatcher.php(236): View->render(Object(Page))
#5 /home/scotlawcom/public_html/index.php(2): require('/home/scotlawco...')
#6 {main}


Could that point to the original issue which caused the problem in the first place?
melat0nin replied on at Permalink Reply
melat0nin
I've just realised that the login page has this code at the bottom:

<script type="text/javascript">
var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));
</script><script src="yada.php_files/ga.js" type="text/javascript"></script>
<script type="text/javascript">
var pageTracker = _gat._getTracker("UA-3425025-1");
pageTracker._initData();
pageTracker._trackPageview();
</script>


see the "yada.php_files/ga.js"? That shouldn't be there - is it possible my server's been hacked?

I also added 

<? 
echo var_dump($_SESSION); 
?>


to the bottom of the login page, and I see this both before and after trying to log in:

array(1) { ["uGroups"]=> array(1) { [1]=> string(5) "Guest" } }


Can anyone help? this is driving me nuts :(
nteaviation replied on at Permalink Reply
nteaviation
That appears to be loading some scripts for "google-analytics". Doubt you have been hacked given that piece of code.
melat0nin replied on at Permalink Reply
melat0nin
I'm pretty sure the analytics code doesn't include "yada.php", that's why I mentioned it - I have copied it over from the existing version of the site and it doesn't have that in the code. It's possible I screwed it up in the transfer though..
nteaviation replied on at Permalink Reply
nteaviation
The URL referneced in the code you posted was google-analytics.com which is legit :)
nteaviation replied on at Permalink Reply
nteaviation
Did you remove the Virtual Server config stuff from apache httpd.conf? Did you restart apache? You may also check your c5 .htaccess file and make sure that did not get corrupted. Is there a .htpasswd in the c5 directory? There should not be.
melat0nin replied on at Permalink Reply
melat0nin
Thanks for the reply.

I think the httpd.conf is fine, at least the enabled site is (000-default):

<VirtualHost *:80>
        ServerAdmin webmaster@localhost
        DocumentRoot /home/scotlawcom/public_html
        <Directory />
                Order Deny,Allow
                Deny from all
                Options None
                AllowOverride None
        </Directory>
        <Directory /home/scotlawcom/public_html>
                AllowOverride All
                Options FollowSymLinks
                Order allow,deny
                allow from all
        </Directory>
Viewing 15 lines of 29 lines. View entire code block.


The .htaccess file looks fine, and there isn't a .htpasswd file in the c5 directory.

Bizarrely, I came back from work (where I first noticed this problem) and my home computer was still logged in, and I was able to browse the admin interface. I then logged out, and now I can't log back in again :(
nteaviation replied on at Permalink Reply
nteaviation
You could try manually clearing the site cache by deleting all files in the /files/cache directory.
melat0nin replied on at Permalink Reply
melat0nin
I tried that, alas it doesn't work :(

I think it's either something to do with sessions (some bizarre problem created by being logged in with the same account on two machines - home and work), OR it's something to do with my attempt to install Ajaxterm. That involved installing the python-pyopenssl ubuntu package, and creating an SSL certificate and whatnot. I also had the apache mods proxy and proxy_http enabled for that, but I've disabled them.
nteaviation replied on at Permalink Reply
nteaviation
SSL should not have any effect unless you are using https. Have you tired the reset password page since you closed the other open session?
melat0nin replied on at Permalink Reply
melat0nin
Yep have done that, no success :(
nteaviation replied on at Permalink Reply
nteaviation
Here is something interesting:
http://www.google.com/support/analytics/bin/answer.py?hl=en&ans...

Can you comment out the php line loading that google stuff? I wonder where it is? footer maybe?
melat0nin replied on at Permalink Reply
melat0nin
-- deleted --

see post below
melat0nin replied on at Permalink Reply
melat0nin
-- deleted --

see post below
melat0nin replied on at Permalink Reply
melat0nin
Okay, something very strange is happening.

If I click the Remember Me checkbox on the login screen, it still reloads the login page after submitting, but if I then navigate to the home page, I am logged in (I can see the editing bar and access the dashboard).

Very strange, something to do with cookies perhaps?! I really don't understand it!
nteaviation replied on at Permalink Best Answer Reply
nteaviation
Very odd symptoms.
Have you changed anything in the /concrete core? You may try reloading just the /concrete directory. Maybe something got "scrambled" in there and it won't hurt as long as you have not made any custom changes to the core.

I'm running out of ideas :(
melat0nin replied on at Permalink Reply
melat0nin
I've just added a new user to the Administrators group, and the account can log in absolutely fine. There's obviously something wrong with the admin (super user) account, but I can't delete and recreate it.

How would I go about 'refreshing' it?

Thanks for yr help!
nteaviation replied on at Permalink Reply
nteaviation
You could look in your database in the user table. See if anything looks out of whack. Here is a screen shot of my admin user record (password mangled and email address changed).
nteaviation replied on at Permalink Reply 1 Attachment
nteaviation
Oppps, forgot to attach it :)
melat0nin replied on at Permalink Reply
melat0nin
Well after refreshing the DB schema from the Dashboard, it seems to be working again... either that or creating a new user and successfully logging in as them seemed to kick the superuser account into working. Not sure which, but I'm very glad it's going again!

Thanks for all your help, I'll give you a helpful post so you get some karma from all this! :)
nteaviation replied on at Permalink Reply
nteaviation
Thanks for the Karma :) Very strange how installing Ajaxterm could corrupt the MySQL database. Only thing that make any sense is that the database engine "hick-up-ed" during the fiasco.