Locked out of ACP

firebrand__ · Post by **firebrand__** » Fri Aug 17, 2018 10:33 pm

Support Request Template
What version of phpBB are you using? phpBB 3.2.2
What is your board's URL? https://evangelicalchat.com/forums
Who do you host your board with? godaddy
How did you install your board? I used the download package from phpBB.com
What is the most recent action performed on your board? Fresh Install
Is registration required to reproduce this issue? Yes
Do you have any MODs installed? No
Do you have any extensions installed? No
What styles do you currently have installed? prosilver
What language(s) is your board currently using? english
Which database type/version are you using? MySQL 5
What is your level of experience? New to PHP and phpBB
What username can be used to view this issue? No answer given
What password can be used to view this issue? No answer given
What actions did you take (updating your board; installing a MOD, style or extension; etc.) prior to this problem becoming noticeable? update server settings
Please describe your problem. I locked myself out of the ACP panel somehow. The board is new but I have made some changes to settings. I am using a custom stylesheet to be loaded over the original prosilver styles. That works fine.

I have cloudflare connected to the site which is the origin of my issue I think. I noticed that cloudflare was causing me to receive session cookies from another user. Luckily we both have the same account types and the boards are closed for everyone else. I fixed this issue by forcing cloudflare to bypass the cache for all evangelicalchat.com/forum pages (still want to use it for the main domain evangelicalchat.com).

Next, I was trying to figure out why sessions only lasted for a few minutes before expiring so I started experimenting with the server configuration settings. Not sure what I changed last exactly, but it had something to do with IP address validation. One setting I know I changed was validate full IP instead of a.b.c. or the other option.

This wasn't the only setting I changed though. I changed more options underneath it. As far as I know my cookie settings are correct and I set session cookies to expire after 1 day. I set them up according to <a href="https://www.phpbb.com/support/docs/en/3 ... s/">fixing incorrect cookie setting</a>.

I can login as admin still. I see ACP link at the top and bottom of the page. But once I click ACP and put in my password again, it logs me out and kicks me back to the home page. I've tried deleting everything in the cache folder except for the htaccess and index files. Not sure what else to do or how to access the settings I changed from the file manager.
Generated by SRT Generator

Post by **Kailey** » Sat Aug 18, 2018 1:31 am

In phpMyAdmin, run the following, which will create an admin user named Admin1 with a password of admin. From that point you should be able to get into the ACP.

Code: Select all

INSERT INTO phpbb_users (user_type, group_id, username, username_clean, user_regdate, user_password, user_email, user_lang, user_style, user_rank, user_colour, user_posts, user_permissions, user_ip, user_birthday, user_lastpage, user_last_confirm_key, user_post_sortby_type, user_post_sortby_dir, user_topic_sortby_type, user_topic_sortby_dir, user_avatar, user_sig, user_sig_bbcode_uid, user_jabber, user_actkey, user_newpasswd) VALUES (3, 5, 'Admin1', 'admin1', 0, '21232f297a57a5a743894a0e4a801fc3', '[email protected]', 'en', 1, 1, 'AA0000', 1, '', '', '', '', '', 't', 'a', 't', 'd', '', '', '', '', '', '');

Change your table prefix if it is not phpbb_

See Executing SQL Queries in phpMyAdmin if you are unfamiliar with running database queries.

As soon as you have done this, use the temporary admin account to change the details on the original admin account, then delete the temporary account.
This is because:

anyone could use that account to log in to your board if you didn't change the password.
this temporary user has not been fully set up (e.g. it is not a member of the "Registered users" group, so it won't have normal access to your forums).

To remove the account you will first need to remove "founder" status from it: ACP > USERS AND GROUPS tab > Manage Users > Admin1 > Overview > Founder = No

firebrand__ · Post by **firebrand__** » Sat Aug 18, 2018 2:02 am

Thanks. I'll give it a shot. Is it possible to input a unique password when executing the query? Otherwise, can I change the password immediately within phpMyAdmin or from the ACP panel?

Post by **Kailey** » Sat Aug 18, 2018 2:09 am

You are only supposed to use the Admin1 account to get into the ACP. Once you can access the ACP using your original account, remove the Admin1 account. See the notes I posted above.

firebrand__ · Post by **firebrand__** » Sat Aug 18, 2018 2:49 am

I ran the query and created the user, logged in, clicked acp, put pw in again, and the same thing happens. It logs me out and kicks me back to the index. Specifically, */forums/adm/index.php page.

Is there a way to access the server configuration options that were present in the ACP from my file manager? If I can change them back to what they were it might fix it.

2600 · Post by **2600** » Sat Aug 18, 2018 2:58 am

Perhaps it's a cookie issue.

Post by **Kailey** » Sat Aug 18, 2018 3:03 am

Have you tried doing another install (since you stated it's a fresh one)?

Information
Sorry but this board is currently unavailable.

Cookie Info
Cookie Domain:
Cookie Path:
Secure Cookies:

Raw cookie data
No phpBB cookies found

firebrand__ · Post by **firebrand__** » Sat Aug 18, 2018 3:06 am

John connor wrote: ↑Sat Aug 18, 2018 2:58 am Perhaps it's a cookie issue.

That's what I thought too. Pretty sure I set up my cookie right though. I think it has something to do with cloudflare still even though I'm forcing it to bypass the cache. Cloudflare is using its own cookies on the site. Plus I changed authentication methods in the ACP before it kicked me out. A combination of that and cloudflare is causing the issue I think.

All of the phpbb sessions are from the same two cloudflare ips in phpmyadmin which makes me think that's the problem. I dunno how to install the cloudflare mod unfortunately, but I did find an extension that reveals original ips for cloudflare which I uploaded to the extensions folder. Problem is that I can't install it without ACP access as far as I know.

firebrand__ · Post by **firebrand__** » Sat Aug 18, 2018 3:08 am

kinerity wrote: ↑Sat Aug 18, 2018 3:03 am Have you tried doing another install (since you stated it's a fresh one)?

Information
Sorry but this board is currently unavailable.

Cookie Info
Cookie Domain:
Cookie Path:
Secure Cookies:

Raw cookie data
No phpBB cookies found

I haven't tried to reinstall yet. I just don't want to lose all my forums and categories I've already setup and added permissions to. Also don't want to lose my custom styling. I see 9 cookies when I load the page. 4 from cloudflare and 3 from the site.

Lumpy Burgertushie · Post by **Lumpy Burgertushie** » Sat Aug 18, 2018 4:21 am

turn off cloudfare completely just to test. and also try to clear any and all cloudfare and/or other caches.

also, you can go into the database using phpmyadmin or whatever you have and reset the auth_method to db in the config table.

robert

firebrand__ · Post by **firebrand__** » Sat Aug 18, 2018 6:16 am

Lumpy Burgertushie wrote: ↑Sat Aug 18, 2018 4:21 am turn off cloudfare completely just to test. and also try to clear any and all cloudfare and/or other caches.

also, you can go into the database using phpmyadmin or whatever you have and reset the auth_method to db in the config table.

robert

Thanks everyone for all the replies so far. Disabling cloudflare didn't help any and the auth method was already db. I'd like to use cloudflare still for ddos protection and the web application firewall, etc.

I just made backups of all my custom css, deleted the forum folder from my file manager, deleted all entries from the database, and reinstalled. That seemed to fix it. I'll just have to rebuild the forums, but that won't be so bad.

Also, I think I changed a security setting now that I can see the ACP again. I was trying to sync everything up to work well with cloudflare. Not sure what I did though. I know I changed session IP validation to full, validate x_forwarded_for since that is supported by cloudflare, and also validate referrer to also validate path, and validate IP against DNS blackhole list (maybe this one did it).

Thanks for all the help everyone. Also, would anyone recommend the cloudflare IP mod from sitesplat? I'd really like to keep using the cdn since I'll need it for the main site.

2600 · Post by **2600** » Sat Aug 18, 2018 11:40 pm

There are many things to consider if using CloudFlare to help protect your IP origin. I use CloudFlare myself with zero issues. Are you using a VPS or is this a shared account?

Your host should have mod_cloudflare installed for proper IP addresses to appear. If not, then that extension should do it. But I'd have the host install mod_cloudflare.

When you update the forum or make any significant changes you need to use the pause button or the disable button in CloudFlare and clear CloudFlare's cache then when you're done clear the board's cache. You now have two caches.

Once you have all of your DNS settings in CloudFlare you need to then have your host give you a new IP address. If you created the domain and then added CloudFlare your IP is already known by DNS history sites. When you change the IP after the DNS entries are used in CloudFlare, then the IP is hidden.

If this is a VPS you need to block all IPs except CloudFlare's. And then stay abreast of all CloudFlare IP updates which is not often thankfully. Their website has the IPs they use.

You need to turn off the use of remote avatars. Otherwise your origin IP can be exposed. You may also want to turn off Gravatar.

You can't use your host's email. The MX record will expose your origin IP. You have to use SMTP with Gmail or maybe Namecheap's email service, but I haven't tried it. I use Gmail myself, but your limited at the amount of emails you can send/receive. You also have to go into Gmail's options and disable some of the security or something. Been awhile, but if you don't Gmail won't work. Giant PITA just to use Gmail's SMTP options.

I think that's about it. I may write a tutorial on my site about the proper use of CloudFlare so that your origin IP is safely hidden. Read my Sig on other stuff.

Lumpy Burgertushie · Post by **Lumpy Burgertushie** » Sat Aug 18, 2018 11:45 pm

and based on all of that, I once again suggest that unless you have some special need for all that security that you just ignore most, if not all, of cloudfare. hundreds of thousands of websites around the world are doing just fine without all of that.
just my unsolicited opinion.

robert

2600 · Post by **2600** » Sun Aug 19, 2018 4:28 am

I just want to add that if you want to bypass CloudFlare and get a direct connection you can do so by editing your hosts file on your computer.

The hosts file is located at system32/drivers/etc

Open it and add this line: 1.2.3.4 https://evangelicalchat.com/forums

Replace 1.2.3.4 with your real IP origin address. Save the hosts file and go to your site. This will bypass CloudFlare.

There is a space between 1.2.3.4 and the website name.

Post by **Kailey** » Sun Aug 19, 2018 5:05 am

John connor wrote: ↑Sun Aug 19, 2018 4:28 am editing your hosts file on your computer

This is not the recommended way of fixing this problem. The OP needs to either turn CloudFlare off or work with them to exclude the /forums/ directory. Please do not give incorrect (and possible harmful) advice.

All that being said, the OP has solved the issue, so no further actions need to be taken on their part.