MAXdev - Cannot login to 812

MAXdev

Other Support - Cannot login to 812

TheFatherMind - Nov 24, 2007 - 11:54 AM
Post subject: Cannot login to 812

Before I start I should mention that I have read every post I could find on this matter since 2005. I spent some time hacking the code and found some of the follwoing things....

The session variables do not match up so it dumps me right back to the login screen making it seem like it just refreshed.

Where it checks the session varable the..

Code:

list($module, $authid) = pnVarCleanFromInput('module', 'authid');

Is returning nothing for $module so I tried to add under it...

Code:

$module = pnVarCleanFromInput('module');

But that did not have a positive affect. I have no clue why this is happening. I have .76 running all over and they work perfectly. The 812 version was also logging in okay and then just stopped working and I cannot figure out why. I even went as far as to mind the database and disable almost all the modules and blocks. I did of course set it to the default theme. I tried the recommended fix for PHP5 even though it is running on

PHP 4.3.10
apache 2.0.52-3.1
Redhat Fedora Core Linux

I also tried the other recommendations I cleared cashes, session tables, did a full repair and optimize on the database and I removed my cookies.

I am open to any recommendations.

TiMax - Nov 24, 2007 - 12:13 PM
Post subject:

Can you post here session table structure

TheFatherMind - Nov 24, 2007 - 12:22 PM
Post subject:

Is this what you are after?

Code:

`pn_sessid` varchar(32) NOT NULL default '',
`pn_ipaddr` varchar(20) NOT NULL default '',
`pn_firstused` int(11) NOT NULL default '0',
`pn_lastused` int(11) NOT NULL default '0',
`pn_uid` int(11) NOT NULL default '0',
`pn_vars` blob,
PRIMARY KEY (`pn_sessid`),
KEY `idx_last` (`pn_lastused`)

TheFatherMind - Nov 27, 2007 - 05:15 PM
Post subject:

Further more, when I log into your site with a bad password I get an "Invalid Credentials" error above the login. I cannot get that to happen on my site.

TheFatherMind - Nov 30, 2007 - 08:53 AM
Post subject:

So is this a bug or something then? What can I do to help you resolve it?

TheFatherMind - Dec 02, 2007 - 04:18 PM
Post subject:

okay so here is my update on this login problem...
One of my ace programmers went through the code for me and we found 2 changes we had to make in order to allow the login to work.

The first thing we had to do was add
session_start();
to the top of pnSession.php

The second thing we had to do was add
return true;
to the top of the pnSecConfirmAuthKey() function in security.php

I am aware that this is likely breaking the security on the site at some level. But I am desperate here. There is clearly some sort of bug here and I have no idea how to fix it. Why do we have to add the session start to the top? Why does the pnSecConfirmAuthKey function never return true? What must we do to isolate the issue and fix it?

TiMax - Dec 04, 2007 - 11:36 AM
Post subject:

Man, your session table is wrong, this is your poblem, run this query to replace session table in your database

Code:

DROP TABLE IF EXISTS `md_session_info`;
CREATE TABLE `md_session_info` (
`pn_sessid` varchar(32) NOT NULL default '',
`pn_ipaddr` varchar(20) NOT NULL default '',
`pn_firstused` int(11) NOT NULL default '0',
`pn_lastused` int(11) NOT NULL default '0',
`pn_uid` int(11) NOT NULL default '0',
`pn_vars` blob,
`pn_antispider` varchar(64) NOT NULL default '',
PRIMARY KEY (`pn_sessid`),
KEY `idx_last` (`pn_lastused`),
KEY `pn_antispider` (`pn_antispider`)
);

Look in your session table, you don't have pn_antispider field

TheFatherMind - Dec 04, 2007 - 01:26 PM
Post subject:

Thank you for responding.
This did not resolve the problem.
I changed the prefix and imported that so that I now have (verified) an "pn_antispider" field.
I removed my local cookie file and cleared the site cache folders.
Is it possible that the "pn_antispider" was added in an upgrade between .75 and 812? If so, why do you suppose it did not get added in an upgrade? I noticed after I upgraded to 812 my md-config file had reset to defaults and I had to put the info back into it.

Is it possible that other new fields did not get created during the upgrade that could be causing or contributing to this?

Okay Master I am anxiously awaiting your next suggestion.

TiMax - Dec 04, 2007 - 06:30 PM
Post subject:

812 ?
You must install 1.082 for security reasons and because old versions are unsupported.

The best way, just try to install a new fresh installatio of MDPro 1.082 in a subdirectory, so you can be sure if the problem is your server or your installation

TheFatherMind - Dec 04, 2007 - 06:48 PM
Post subject:

I miss typed I am sorry.
This problem started after I patched my .075 to .076 and then applied the mdpro1082.tar.gz patch. So I am and have been version .082

I will do a fresh install to see if that has the same problem. I am sure that will help us know where to look. Thank you!

cdphreaker - Apr 15, 2008 - 05:55 AM
Post subject:

Hello Tim, I've tried everything which has been mentioned in here. I also reset the sessions table using both MDSOS and manually recreating the tables again. But, nothing seem to be working. Also after that i tried using the htaccess to put "php_flag register_long_arrays On" which also didn't have any effect. The site was perfectly functional and this is the second time this problem is happening.Previous time this thing happened it was fixed using MDSOS but this time it doesn't seem to do anything at all. Please advise.

TiMax - Apr 15, 2008 - 06:38 AM
Post subject:

md version please ..... with MD 1.08x MDsos is not good.
Have you tired to replace md_session table ?

cdphreaker - Apr 15, 2008 - 06:43 AM
Post subject:

Hi Tim. The version is MD 1.080. Yes i tried to replace the md_session table too. What else do you suggest?

TiMax - Apr 15, 2008 - 07:09 AM
Post subject:

sorry, MDPro 1.080 is not more supported, please upgrade to MDPro 1.0821

cdphreaker - Apr 15, 2008 - 07:15 AM
Post subject:

Well i'd love to upgrade but the files have been heavily modded. So don't have that option. But, the site was restored recently from another server. The site is getting about 200,000 hits a month so i'm really pressed to get the site up and running asap. Please do let me know what else can be done? Thanks.

TiMax - Apr 15, 2008 - 07:24 AM
Post subject:

just upgrade, also because your version contain some security problems

All times are GMT + 13 Hours
Powered by MDForum 2.0.8 © 2003-2007 based on phpBB © 2001, 2002 phpBB Team
and by MDRebel which uses Theme Graphics by Daz
and by Attachment-Mod 2.4.3