#3 Unsuccessful Login Attempts

open
nobody
None
5
2003-10-31
2003-10-31
Daniel Laurie
No

It seems that there is a loop. I have installed 3.0.3 and
found that if I use phpmyadmin to import the
AWOL.schema the Admin password in placed in the table
encrypted BUT if I use the /setup/index.php script the
Admin password is inserted into the table unincrypted.
Regardless, once the password is in the users table and
an Admin login is attempted the interface just goes thru
the authentication process, appears to successfully
authenticate but returns to the login screen.

Discussion

  • Logged In: YES
    user_id=908690

    The problem is (as explained to me by the developers) that your
    version of PHP has "register_globals" turned "Off". Go into PHP.ini
    and set it to "On".
    Another step they gave me (you can probably skip this step and be
    fine but may as well do this too) was as follows:

    + You can run the following string in the "SQL" tab of your
    phpMyAdmin interface (note that this assumes you're using the
    default
    table names):

    UPDATE awol3_users SET users_password = md5('passwd')
    WHERE
    users_username = 'Admin' limit 1;

    + Alternatively, you can delete the whole awol3_users table, and
    use
    the following schema (save it as anyname.schema) to recreate it
    from scratch:

    =========================================

    CREATE TABLE awol3_users (
    users_id int(11) NOT NULL auto_increment,
    users_username varchar(60) NOT NULL default '',
    users_password varchar(60) NOT NULL default '',
    users_global_priv enum('standard','full') NOT NULL default
    'standard',
    users_default_group varchar(255) NOT NULL default '',
    users_firstname varchar(100) NOT NULL default '',
    users_nick varchar(255) default NULL,
    users_lastname varchar(100) default NULL,
    users_spouse varchar(255) default NULL,
    users_children varchar(255) default NULL,
    users_birthday varchar(255) default NULL,
    users_anniversary varchar(255) default NULL,
    users_fav_food text,
    users_address text,
    users_per_email varchar(255) default NULL,
    users_quickdial char(2) default NULL,
    users_extension varchar(4) default NULL,
    users_area_code char(3) default NULL,
    users_homephone varchar(20) default NULL,
    users_cell varchar(20) default NULL,
    users_pager varchar(20) default NULL,
    users_return varchar(255) default NULL,
    users_status enum('out','in') NOT NULL default 'out',
    users_comment text,
    PRIMARY KEY (users_id)
    ) TYPE=MyISAM;

    INSERT INTO awol3_users (
    users_username,
    users_password,
    users_global_priv,
    users_firstname,
    users_lastname
    ) VALUES (
    'Admin',
    md5('passwd'),
    'full',
    'Admin',
    'Istrative'
    );

    =========================================

    -Stuart

     
  • jim burns
    jim burns
    2005-01-12

    Logged In: YES
    user_id=1195291

    a backend long way to work around login
    ** make back of login.php before doing anything !!!!!!!!!!!!!

    starting on lin 53 ish in login.php

    1) comment out with // line 53 if(!error_str && ....
    2) add line 54 $error_str = null;
    3) add line 55 if(!$error_str){ ....
    4) login with admin user name ( don't worry about entering p/w)
    5) add new user with full rights
    6) logout and then login as the new user
    7) remove admin
    8) add new admin
    9) remove lines 54 and 55 you added to login.php
    10) uncomment line 53
    11) logout and in as new user
    12) remove temp user you added.

    you should be good to go-login with admin shou

    ** new modified code should look something like this
    line 52- // If no errors have been encountered, then login
    the user
    line 53- // if(!$error_str && $awol_password ==
    $user_check['users_password']) {
    line 54- $error_str = null;
    line 55- if(!$error_str) {

    don't forget to make the changes back or your open to
    security risks.