Cannot sign into the admin login directly.

[dimante]

Can sign in main site then go to admin, but the admin login page seems to be broken. Latest GIT, Google Chrome 56.0.2924.87 (64-bit), Firefox, Edge, all same issue.

[CaMer0n]

@dimante please update and try again. thanks

[dimante]

I just upgraded this yesterday. Has something changed overnight?

[CaMer0n]

Something changed 3 mins ago ;-)

[dimante]

LOL. Nice I will update right now.. Looks like I am back in testing again ;-)

[dimante]

Something is out of synch with the error checking. A username and password is provided, but the screen is getting hung up in validation it seems to me...

[dimante]

Yes, the cache was cleared first ;-)

[dimante]

Also, not sure if this is contributing... But the folders on the left are my production version, folders on the right are the latest git. Are the left folders no longer used, or are you simply just not including them for another reason???

[dimante]

Let me know your thoughts. I still cannot log in with the admin page.

[LaocheXe]

It might be your end, or ur web host. I can login just fine, are you using CloudFlare? Are you using cookies?

[dimante]

I am self hosted... Guess I am not following what could cause the heading not to show up and just the number...

[dimante]

Oh this is the admin sign on issue..

To replicate this. Sign out of your mail site

then log back into yoursite\e107_admin see if you don't have the same signin problem..

[LaocheXe]

@dimante sing out and sign back in sounds more like a cookie issue, Im already signed in and used another internet browser (Microsoft Edge) and was able to login via e107_admin/

[dimante]

I tried 4 browers not one worked when going to e107_admin directly

[LaocheXe]

@dimante - have you tried another computer or device?

[dimante]

Yes.. Mac, PC, iPad, iPhone all same.

[LaocheXe]

Then it sounds like a server issue, because I haven't notice any changes to the admin login section

[Moc]

@dimante Is this related to the PW encoding/CHAP issue? (#1984)

[dimante]

I just checked and it does work now that the it is set to plaintext. So both issues I identified seem to be based on the same area. e107 is said to be Windows compatible, correct? I am good with digging in but something in the windows delivered PHP is having a fit when CHAP is enabled... Still odd how the main page worked with MD5 and CHAP but the admin page did not. All I know is they both work now with the following settings:

[image: Inline image 1]

[Moc]

e107 is said to be Windows compatible, correct?

Well, the recommended OS to use is Linux. When using Windows, you're likely to run into issues (especially when using IIS rather than Apache).

CHAP is a bit strange for me. I know no other CMS using it (and by default it's disabled anyway). It's written for v1 mostly, and made to work with v2. This work was done by Steve but is not really maintained. Hence the issues.

Still odd how the main page worked with MD5 and CHAP but the admin page did not.

If I remember correctly, both are using different procedures to login, so it's not that odd after all. For example, the admin area uses e107_admin/auth.php. Frontend login uses different routines.

[dimante]

If it's plaintext delivered over SSL that's good. If it's plaintext delivered over base HTTP then it's a security issue. I think that is why CHAP was introduced. Keep in mind I asked someone to do some testing and even on Debian Linux they had trouble with CHAP... Not sure where to go from here. If you don't really endorse it on WIndows, I am not sure it is worth investigating any further.

[Moc]

I understand your point.

I'll test CHAP as well asap on my Linux e107 installs. If I can reproduce it, I'll label it as a bug so it can be looked into further.

[dimante]

To truly test set it to PHP Default, which is bcrypt and change from plain text to CHAP. Give the main page signon a go and see how you do. I know when playing with this once you get that error message you have to clear the TMP and Session directories even after you restore the database settings...

Best Regards,

John Gates, CISSP

Let’s Connect!

https://twitter.com/johngatesIII http://www.linkedin.com/in/JohnGates

This email may contain information that is confidential or attorney-client privileged and may constitute inside information. The contents of this email are intended only for the recipient(s) listed above. If you are not the intended recipient, you are directed not to read, disclose, distribute or otherwise use this transmission. If you have received this email in error, please notify the sender immediately and delete the transmission. Delivery of this message is not intended to waive any applicable privileges.

On Tue, Feb 14, 2017 at 7:06 AM, Tijn Kuyper notifications@github.com wrote:

I'll test CHAP as well asap on my Linux e107 installs. If I can reproduce it, I'll label it as a bug so it can be looked into further.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/e107inc/e107/issues/2419#issuecomment-279702220, or mute the thread https://github.com/notifications/unsubscribe-auth/AD5SaxGrho5tF3HqqtKpzdjMmH96c2gdks5rcabegaJpZM4L-f2k .

[Moc]

I'm closing this issue in favour of #1984

[Moc]

Thanks for the additional testing info. Will do asap (may take a while, got a backlog)