Cannot Login
Permalink
Hello all,
Ok, Back again with another problem logging in.
We use a shared host, all was fine for the last almost 2 weeks, then suddenly today, now none of our passwords work, we tried all of them, so I doubt it is a series of 6 forgotten passwords by 6 people all at the same time..
When we try to login it just refreshes the login page, nothing comes up and no edit bar, its just a loop...
My thought is maybe my host changed something, but I am not familiar with what versions of things are compatible, so here is my server info:
Apache Version 2.4.27
PHP Version 7.0.22
MySQL Version 5.6.35
Architecture x86_64
Operating System linux
Path to Sendmail /usr/sbin/sendmail
Path to Perl /usr/bin/perl
Perl Version 5.10.1
Kernel Version 2.6.32-673.26.1.lve1.4.20.el6.x86_64
we are using Concrete5 Version: 5.6.2.1
Any help deciphering what might be the issue?
I checked the logs manually and there was no errors in the log database, just email requests for the password changes we tried.
Ok, Back again with another problem logging in.
We use a shared host, all was fine for the last almost 2 weeks, then suddenly today, now none of our passwords work, we tried all of them, so I doubt it is a series of 6 forgotten passwords by 6 people all at the same time..
When we try to login it just refreshes the login page, nothing comes up and no edit bar, its just a loop...
My thought is maybe my host changed something, but I am not familiar with what versions of things are compatible, so here is my server info:
Apache Version 2.4.27
PHP Version 7.0.22
MySQL Version 5.6.35
Architecture x86_64
Operating System linux
Path to Sendmail /usr/sbin/sendmail
Path to Perl /usr/bin/perl
Perl Version 5.10.1
Kernel Version 2.6.32-673.26.1.lve1.4.20.el6.x86_64
we are using Concrete5 Version: 5.6.2.1
Any help deciphering what might be the issue?
I checked the logs manually and there was no errors in the log database, just email requests for the password changes we tried.
Concrete5 5.6.2.1 definitely doesn't work with PHP 7 and I have to point out that it has some known vulnerabilities that are documented online in public forums so you should really upgrade if you don't want to be hacked.
Thank you for the response,
Yeah, the back story is that we hosted on a server that was managing our site for us, they were very restrictive as to what we were allowed to do, we would have to request for them to do it, then they would charge an astronomical amount to do basic things like change a picture (4hrs @ $125 per hour to change the index main pic), I recently came into the company and quickly realized we needed to get away from it so I requested a copy of the site and I signed up a shared hosting account and did a site transfer, but once I got it moved I found out that they were using this version..
I would love to upgrade but I read somewhere that you cant upgrade anything below 5.7 past that point.
am I mistaken?? If I can, is there a tutorial on how to do it safely?
Thank you
Yeah, the back story is that we hosted on a server that was managing our site for us, they were very restrictive as to what we were allowed to do, we would have to request for them to do it, then they would charge an astronomical amount to do basic things like change a picture (4hrs @ $125 per hour to change the index main pic), I recently came into the company and quickly realized we needed to get away from it so I requested a copy of the site and I signed up a shared hosting account and did a site transfer, but once I got it moved I found out that they were using this version..
I would love to upgrade but I read somewhere that you cant upgrade anything below 5.7 past that point.
am I mistaken?? If I can, is there a tutorial on how to do it safely?
Thank you
Thank you,
Do you know what version of php it does run on?
Do you know what version of php it does run on?
I am not really sure where to put this, I go into themes and open the view.php and this is what I find:
Am I in the right place??
<?php defined('C5_EXECUTE') or die("Access Denied."); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1"> <link rel="stylesheet" href="<?=$this->getThemePath()?>/css/base.css" type="text/css" /> <link rel="stylesheet" href="<?=$this->getThemePath()?>/css/dropdown.css" type="text/css" /> <link rel="stylesheet" href="<?=$this->getThemePath()?>/css/skeleton.css" type="text/css" /> <link rel="stylesheet" href="<?=$this->getThemePath()?>/css/layout.css" type="text/css" /> <?php Loader::element('header_required'); ?> </head> <body <?php global $cp; echo ($cp->canWrite()) ? 'class="c5-edit-mode"' : ''; ?> > <div id="headerWrapper"> <div id="header" class="page"> <div id="logoDiv" class="three columns">
Viewing 15 lines of 96 lines. View entire code block.
Am I in the right place??
You can still upgrade all the way to 5.6.3.5 which is pretty stable. You'll also have access to more plugins in the marketplace.
It runs on PHP 5.6.x. Some have managed to make it work on PHP 7 but it is not necessarily recommended
Here are 2 links to explain the situation with that:
https://www.concrete5.org/community/forums/usage/php-7.0-and-concret...
https://github.com/concrete5/concrete5-legacy/pull/1927...
And the modifications that seem to work are here:
https://github.com/concrete5/concrete5-legacy/pull/1927/files...
As for a possible upgrade to Concrete5 5.7 and beyond, it depends on what is on your website. The core team has built a migration tool that takes care of everything core. So pages, users, files, core blocks... But anything from the marketplace or custom has to be taken care of by hand.
Maybe it's time for a redesign?
It runs on PHP 5.6.x. Some have managed to make it work on PHP 7 but it is not necessarily recommended
Here are 2 links to explain the situation with that:
https://www.concrete5.org/community/forums/usage/php-7.0-and-concret...
https://github.com/concrete5/concrete5-legacy/pull/1927...
And the modifications that seem to work are here:
https://github.com/concrete5/concrete5-legacy/pull/1927/files...
As for a possible upgrade to Concrete5 5.7 and beyond, it depends on what is on your website. The core team has built a migration tool that takes care of everything core. So pages, users, files, core blocks... But anything from the marketplace or custom has to be taken care of by hand.
Maybe it's time for a redesign?
Thank you,
very useful information.
Yes, it definitly is time for a redesign, and our goal is to rebuild using the newest version, however; the bosses are insisting we fix the current issue immedietely, the hope is to get this stable and us able to login long enough to build a new site using the new version so as not to have downtime.
I have the php version reset to 5.6 but i still am stuck in that endless loop, am i missing something else possibly?
very useful information.
Yes, it definitly is time for a redesign, and our goal is to rebuild using the newest version, however; the bosses are insisting we fix the current issue immedietely, the hope is to get this stable and us able to login long enough to build a new site using the new version so as not to have downtime.
I have the php version reset to 5.6 but i still am stuck in that endless loop, am i missing something else possibly?
also,
the temporary upgrade to 5.6.3 would be good as well, however, is there a way to upgrade without being able to login?
the temporary upgrade to 5.6.3 would be good as well, however, is there a way to upgrade without being able to login?
Updating without being able to log in is not possible as far as I know. Could you provide us with the website's address? Maybe something obvious will show itself that could help solve the issue
sure, itshttp://www.egtax.com/login
And that line that hutman suggested you add to your view.php, you can add it just before the line that says
print $innerContent;
I tried to log in with a bogus username and password and nothing weird happened. It rejected my attempt with a message to contact the administrator. There was no error of any kind.
If you want I can show you a quick trick to be able to log in so you at least have access to the dashboard but that won't solve the problem that's stopping you from logging in normally
If you want I can show you a quick trick to be able to log in so you at least have access to the dashboard but that won't solve the problem that's stopping you from logging in normally
that would be GREATLY appreciated!!!
ok but please keep in mind that, using this trick, if you don't follow the steps, you will allow anybody who visits your site to log in as the admin so make sure you follow the steps.
So in your view.php file in the theme, you are going to add a little piece of code but then don't save right away, keep reading first
The code is
You can put it at the top right after the line
So it will look like this
Like I said don't save yet.
Do you see where it says "randompassword"? Replace randompassword by anything you want that will serve as password just for this operation. It's a little safety precaution to make sure nobody else logs in like this.
This is not your account password, it's just a password. Letters and numbers, no spaces and no special characters.
For instance Myrand354mPass
and Make sure you keep the quotation marks around it.
Once that's done you can save.
Now you go to your login page but at the end of the URL you add
So in your case you go to
YourRandomPassword is the one you set up in the previous step. Like that nobody but you knows it and nobody can use this trick on your site.
Once the page is loaded you are logged in. You can check that by going to your home page for instance.
And now DELETE THE BIT OF CODE don't leave it there it is not safe
So in your view.php file in the theme, you are going to add a little piece of code but then don't save right away, keep reading first
The code is
<?php if (isset($_GET['pass']) && $_GET['pass'] === "myPaSs") { User::loginByUserID(USER_SUPER_ID); } ?>
You can put it at the top right after the line
So it will look like this
Like I said don't save yet.
Do you see where it says "randompassword"? Replace randompassword by anything you want that will serve as password just for this operation. It's a little safety precaution to make sure nobody else logs in like this.
This is not your account password, it's just a password. Letters and numbers, no spaces and no special characters.
For instance Myrand354mPass
and Make sure you keep the quotation marks around it.
Once that's done you can save.
Now you go to your login page but at the end of the URL you add
?pass=YourRandomPasswordSo in your case you go to
https://www.egtax.com/index.php/login/?pass=YourRandomPassword
YourRandomPassword is the one you set up in the previous step. Like that nobody but you knows it and nobody can use this trick on your site.
Once the page is loaded you are logged in. You can check that by going to your home page for instance.
And now DELETE THE BIT OF CODE don't leave it there it is not safe
Also, I believe that the version of C5 you're using might have been missing the error display on the login page, can you check the view.php in your theme and see if this line is in there?