The Sessions ID is passed

algarotti · Post by **algarotti** » Fri Feb 27, 2004 2:46 pm

Hello,

I have upgraded from phpMyFAQ 1.3.8dev to 1.3.10. Since the upgrade, I have a problem with the admin account.

I can login to the admin account without problem, but when I want to do something in any of the admin menu, the login window of phpmyfaq appears with the message:

The Sessions ID is passed.

what can must do to have access to the admin menu ? (The admin menu has worked when we were in 1.3.8 version)

Thank for your help

Best regards

Serge Algarotti ENSMP

Post by **Thorsten** » Fri Feb 27, 2004 7:35 pm

Hi,

open the config.php and edit this entry:

Code: Select all

$ipcheck = "true";

in

$ipcheck = "";

bye
Thorsten

algarotti · Post by **algarotti** » Mon Mar 01, 2004 11:30 am

Hello,

I have modify :

# DÃ©sirez vous vÃ©rifier l'adresse IP afin d'identifier le UINs dans la page admin.php?
$ipcheck = "";

but there is always the same problem.

I have try with another brower on another machine, it's the same problem.

Thank for your help

Post by **Thorsten** » Mon Mar 01, 2004 11:31 am

Hi,

ist the server time correct on your server?

bye
Thorsten

algarotti · Post by **algarotti** » Mon Mar 01, 2004 12:33 pm

Hello,

yes, we use ntp on our network. I have verified, the time is
exactly the same on:
- the machine with the browser
- the web server machine
- the mysql machine

It's strange because we have 2 virtuals hosts with 2 phpMyFAQ (with 2 differents database of course) and the problem appears only on one.

On the 2 virtuals hosts, it was the same upgrade (from 1.3.8 dev to 1.3.10).

thanks

--
Serge

Post by **Thorsten** » Mon Mar 01, 2004 12:42 pm

Hi!

This is really strange. Could yopu please enable the DEBUG MODE in both FAQs? Then please post the SQL querie when you're automatically logged out.

bye
Thorsten

algarotti · Post by **algarotti** » Mon Mar 01, 2004 1:10 pm

Hello,

*********************************** on the FAQ with the problem:

after login succesfull:

DELETE FROM faqadminsessions WHERE TIME < '1078140938'
SELECT id, name, realname, email, pass FROM faquser WHERE name = 'admin' AND pass = '88a93408a0dfb56cff34d324e40933ce'
SELECT uin FROM faqadminsessions WHERE UIN='a2521b787f7cf9d464c74e498c25566d'
INSERT INTO faqadminsessions (UIN,TIME,IP,USER,PASS) VALUES ('a2521b787f7cf9d464c74e498c25566d','1078142738','193.54.112.111','admin','88a93408a0dfb56cff34d324e40933ce')
SELECT sid FROM faqsessions ORDER BY sid DESC
SELECT id FROM faqdata ORDER BY id DESC
SELECT id FROM faqcomments ORDER BY id DESC

7 Queries executed

after clic on "user administration" i have the login screen with The Sessions ID is passed. and the debug is:

DELETE FROM faqadminsessions WHERE TIME < '1078140957'
SELECT user, pass FROM faqadminsessions WHERE UIN='a2521b787f7cf9d464c74e498c25566d'
UPDATE faqadminsessions SET TIME='1078142757' WHERE UIN='a2521b787f7cf9d464c74e498c25566d'
SELECT id, name, realname, email, pass FROM faquser WHERE name = 'admin' AND pass = '88a93408a0dfb56'
INSERT INTO faqadminlog (ID,TIME,USER,TEXT,IP) VALUES ('','1078142757','','Session expired
UIN: a2521b787f7cf9d464c74e498c25566d
User: admin
Pass: ******','193.54.112.111')

5 Queries executed

******************************* on the FAQ without the problem:

after a succesdfull login:

DELETE FROM faqadminsessions WHERE TIME < '1078141078'
SELECT id, name, realname, email, pass FROM faquser WHERE name = 'admin' AND pass = '88a93408a0dfb56cff34d324e40933ce'
SELECT uin FROM faqadminsessions WHERE UIN='bab9737c4fa417496c42998af019a380'
INSERT INTO faqadminsessions (UIN,TIME,IP,USER,PASS) VALUES ('bab9737c4fa417496c42998af019a380','1078142878','193.54.112.111','admin','88a93408a0dfb56cff34d324e40933ce')
SELECT sid FROM faqsessions ORDER BY sid DESC
SELECT id FROM faqdata ORDER BY id DESC
SELECT id FROM faqcomments ORDER BY id DESC

7 Queries executed

after a successfull clic on "user administration":

DELETE FROM faqadminsessions WHERE TIME < '1078141118'
SELECT user, pass FROM faqadminsessions WHERE UIN='bab9737c4fa417496c42998af019a380'
UPDATE faqadminsessions SET TIME='1078142918' WHERE UIN='bab9737c4fa417496c42998af019a380'
SELECT id, name, realname, email, pass FROM faquser WHERE name = 'admin' AND pass = '88a93408a0dfb56cff34d324e40933ce'
SELECT faquser.rights, faqrights.id FROM faquser, faqrights WHERE faquser.ID = '1' AND faqrights.SHORT = 'edituser'
SELECT id FROM faquser
SELECT id, name, realname, rights FROM faquser LIMIT 0, 20

7 Queries executed

thank you very much for your help

Post by **Thorsten** » Mon Mar 01, 2004 3:16 pm

Hi,

algarotti wrote:SELECT id, name, realname, email, pass FROM faquser WHERE name = 'admin' AND pass = '88a93408a0dfb56'

this is the problem, the password string ist too short. I'm looking for a fix. Stay tuned!

bye
Thorsten

Post by **Thorsten** » Mon Mar 01, 2004 3:20 pm

Hi,

some questions:

- are these virtual hosts on the same machine?
- what MySQL database you are using?

bye
Thorsten

algarotti · Post by **algarotti** » Mon Mar 01, 2004 4:02 pm

Hello,

* yes the virtual hosts are on the same machine
* MySQL 3.23.58 on a dedicated machine

MySQL server and web server (apache) are Linux Redhat 9

>this is the problem, the password string ist too short.
>I'm looking for a fix. Stay tuned!

thank you very much for your quick analyze !!!

algarotti · Post by **algarotti** » Mon Mar 29, 2004 9:31 am

Hi,

>this is the problem, the password string ist too short. I'm looking
>for a fix. Stay tuned!

is the version 1.3.11 RC2 resolved my problem ?

best regard

Post by **Thorsten** » Mon Mar 29, 2004 9:46 am

Hi,

maybe... please test it and report the result here...

bye
Thorsten

algarotti · Post by **algarotti** » Tue Mar 30, 2004 9:10 am

Hello

>maybe... please test it and report the result here...

It is exactly the same problem.

I have deleted all the old install, I have installed the 1.3.11RC2 and I have restored my config.php and data.php.

Best regard

Serge

Post by **Thorsten** » Tue Mar 30, 2004 10:30 am

Hi,

okay, I set the release for 1.3.11 on hold.

Are the queries still the same? Please post your exact PHP and Server configuration.

bye
Thorsten

algarotti · Post by **algarotti** » Wed Mar 31, 2004 9:24 am

Hello,

>Are the queries still the same? Please post your exact PHP and >Server configuration.

I put DEBUG to TRUE in admin/index.php

* here is the debug when I load the admin home page /admin/index.php

DELETE FROM faqadminsessions WHERE TIME < '1080718875'

1 Queries executed

* here is the debug after the login:

DELETE FROM faqadminsessions WHERE TIME < '1080719064'
SELECT id, name, realname, email, pass FROM faquser WHERE name = 'admin' AND pass = '88a93408a0dfb56cff34d324e40933ce'
SELECT uin FROM faqadminsessions WHERE UIN='9c80da7d2cd592cb4a08a27ccfdda63e'
INSERT INTO faqadminsessions (uin, user, pass, ip, time) VALUES ('9c80da7d2cd592cb4a08a27ccfdda63e', 'admin', '88a93408a0dfb56cff34d324e40933ce', '193.54.112.111', '1080720864')
SELECT sid FROM faqsessions ORDER BY sid DESC
SELECT id FROM faqdata ORDER BY id DESC
SELECT id FROM faqcomments ORDER BY id DESC

7 Queries executed

* Here is the debug when I click one line of the admin menu

DELETE FROM faqadminsessions WHERE TIME < '1080719085'
SELECT user, pass FROM faqadminsessions WHERE UIN='9c80da7d2cd592cb4a08a27ccfdda63e'
UPDATE faqadminsessions SET TIME='1080720885' WHERE UIN='9c80da7d2cd592cb4a08a27ccfdda63e'
SELECT id, name, realname, email, pass FROM faquser WHERE name = 'admin' AND pass = '88a93408a0dfb56'
INSERT INTO faqadminlog (ID,TIME,USER,TEXT,IP) VALUES ('','1080720885','','Session expired
UIN: 9c80da7d2cd592cb4a08a27ccfdda63e
User: admin','193.54.112.111')

5 Queries executed

and after that, I have the login admin menu with:

The Sessions ID is passed.

* The apache and php version are:

Apache/1.3.29 (Unix) PHP/4.3.4 mod_perl/1.29 configured -- resuming normal operations

* the phpMyFAQ version is 1.3.11RC2

If you want, I can send you to a email adress, the phpinfo display

thank very much for your help

--
Serge