Updating to 2.0.15 - Common Problems

Read me first before posting anywhere!
Subscribe to the feed, available in Image Atom or Image RSS format.
Get Involved
Post Reply
Graham
Former Team Member
Posts: 8462
Joined: Tue Mar 19, 2002 7:11 pm
Location: UK
Contact:

Updating to 2.0.15 - Common Problems

Post by Graham » Sat May 21, 2005 4:55 pm

Hello users.

Since the release of phpBB 2.0.15, we have seen a number of users having issues with updating to this release so we have decided to make this post explaining the main change in 2.0.15 which is causing this and common explnations of the problem.

The main change to this release apart from a collection of bug-fixes is the addition of re-authentication to access the administration panel. This is a feature from phpBB 3.0.0 (Olympus), which has been backported to 2.0.x (in the same way as the visual confirmation system before it) to provide you with some additional protection on your board from common problems people had seen in earlier versions. In simple terms, once logged in as an administrator, you had access to everything on the board, including the admin panel. Unfortunately, this meant that if someone was able to visit the board as you - perhaps because you had logged on from a public computer and told it to remember you by mistake, or because they had been able to fake a cookie to pretend to be you - they were also able to do this, even if they didn't know your password. Now, to access the ACP, a user must know the password of the account they are logged in as, which provides an additional level of defence.

Some users have asked if it is possible to disable this, and the answer is yes - it can be disabled by making some small changes to the code.
However, we strongly discourage you from doing so unless you have a stronger method in place to replace it.

With the update to 2.0.15, it has become more apparent that many people are not running the update_to_latest.php script which is included with all updates to make the required changes to the database. If you are receiving an error about the session_admin column not existing this is probably the source of the problem. Please run install/update_to_latest.php to address the problem. It is important that you run this file on all updates since it makes any required database changes and these can be as important as updating the files.


And lastly, we have noticed users who for whatever reason did not have the updated files. In some cases, this was due to a webhost error, other times an FTP client messing up, or something else happening. Regardless of the cause, users need to ensure they have the latest files. There are several ways to do this, such as checking the timestamps on the files, checksums, etc. However you do it, this should become a habit everytime you update.
This will not only ensure you are protected from the non-security related bug, or a vulnerability, but help those supporting you to get you the answer that much faster.

If you are having problems logging into the admin panel, this is probably the issue. You should make sure that all files are up to date, but login.php, includes/session.php, includes/functions.php and admin/pagestart.php are the most relevant.

If you have done all this and still have problems, please help us to help you by completing the Support Request Template when you post for assistance.

Sincerely,
The phpBB Team

Post Reply

Return to “Announcements”

Who is online

Users browsing this forum: No registered users and 35 guests