0
Welcome Guest! Login
0 items Join Now

Permanently Logged in / No Logout

Last Post
Search Topic

  • Permanently Logged in / No Logout

    Posted 12 years 11 months ago
    • I'm being driven over the edge of insanity. For the life of me I cannot figure out why I can't logout of my newest site, and anybody can access the administrative backend, with full privelages, without even logging in. Am I missing something here? I really hope I've just been looking into this way to deeply and it's something on the surface ...

      I've been working on this on localhost, and just made this demo site to work out the bugs. Any advice would be greatly appreciated.

      Site: www.rc-east.com/demo/
      Admin: www.rc-east.com/demo/administrator
    #815148

  • Re: Permanently Logged in / No Logout

    Posted 12 years 11 months ago
    • Just for security, I password-protected the administrative area via cPanel. The login credentials are below. Please note the site is set to offline, yet everyone can still see it. When you plug in the username/password to the admin area, note you don't have to use any form of Joomla Credentials to login.

      Administrative Area Login Info:
      Link: www.rc-east.com/demo/administrator/
      Username: demo
      Password: chicago

      Another, perhaps connected, problem I'm dealing with is that I cannot "save" any of the configuration settings. I click different radio buttons in there, and when I click save, the screen flashes and the settings are back to original.
    #815164

  • Re: Permanently Logged in / No Logout

    Posted 12 years 11 months ago
    • I have a feeling the issue resides in the [Global Configuration][Permissions] area ... I was mucking around in there like a moron (my first site w/ J2.5) thinking I knew what I was doing without actually reading on the topic, and set all the Public Permissions to allowed ... now that I'm logged out of my Super Admin and "logged in" as a nobody, it won't let me revert those back to "Not Set" ....

      Does anybody know where those permissions are actually set in the SQL Database so I can go in and fix them?
    #815167

  • Re: Permanently Logged in / No Logout

    Posted 12 years 11 months ago
    • Ok, I fixed it. But I need some help refining the technique because I'm fairly certain I didn't do it right.

      The problem: Your [Global Configuration][Permissions] set allows every visitor to be automatically logged in as a super administrator. Due to Public Permissions all being set to "allow". This is preventing anyone from even seeing the login screen and people cannot even logout. You also cannot revert them back, getting the error: you cannot remove your own super administrator privelages (or something like that).

      Details: The permissions reside in the [TABLEPREFIX]_assetts table of your SQL Database.

      DRAFT | DRAFT | DRAFT
      The Fix: You'll need access to another Joomla 2.5 website, with good permission sets. Go to the good websites SQL database and export the [TABLEPREFIX]_assetts table to your computer. Then open the exported SQL file in a notepad program (I use Notepad++) Then, using the replace command, replace all the table prefixes from your "good" database" with the correct table prefix of the "broken database". Save the file. Then import that SQL file into the "broken database". This *should* overwrite the "bad" [TABLEPREFIX]_assetts table with the good.

      Concerns
      When I did this, I got a lot of errors upon import, I'm not exactly sure what they referencing or whether what I did actually overwrote anything. I'm definately more a graphic designer than a database guru. What I do know though, is that this worked.

      Other Notes:
      Another thing I did was mess around with the [TABLEPREFIX]_user_usergroup_map table. I noticed a disparity between my "good website" and my broken one. In my good website, there was only one row. Which was USERID 7 | GROUPID 8. But in my broken website, there were nine total rows, eight of which refrenced USERID 42, which was an old super administrator. So I deleted all of those rows, matching it to my "good website" table. I'm not sure if that played any role in this fix.

      Like mentioned above, I'm not a database guru ... I would really love it if someone could help refine this technique so if anyone in the world is as stupid as I am (I doubt it's possible), they can find a solution.
    #815743

  • Re: Permanently Logged in / No Logout

    Posted 12 years 10 months ago
    • Nathan,

      You're not alone in this!

      I got locked out of my backend and then tried this config.php hack to get back in:

      celtaweb.net/celtaweb-net-blog/i ... user-trick

      Well, it worked... but then I found I had exactly the same issue as you had - everyone had open access to the backend, every user gets admin emails, etc!

      I used akeeba admintools to protect the backend and disabled the emails, and I was thinking I'd have to start with a backup, and do tonnes of work again...

      But then I found your post....and a bit of hope!

      I've followed your notes to the letter, but when I try to upload and replace the _assetts file in phpmyadmin it throws a #1046 error.

      Did you encounter this one and if so how did you get past it?
      Thanks!

      Fultonmac :shock:
    #825160

Time to create page: 0.078 seconds