ADM Console 401 error

Get help with installation and running phpBB 3.2.x here. Please do not post bug reports, feature requests, or extension related questions here.
User avatar
david63
Registered User
Posts: 16695
Joined: Thu Dec 19, 2002 8:08 am
Location: Lancashire, UK
Name: David Wood
Contact:

Re: ADM Console 401 error

Post by david63 » Tue Oct 15, 2019 6:06 am

softpronick wrote:
Tue Oct 15, 2019 12:35 am
Cannot delete the Cache or the /vendor folders. Says i need rights
Isn't this going back to the original problem? I would suggest that you get your server Admin to take a look.
David
Remember: You only know what you know and - you don't know what you don't know!
My CDB Contributions | How to install an extension
I will not be accepting translations for any of my extensions in Github - please post any translations in the appropriate topic.
No support requests via PM or email as they will be ignored

softpronick
Registered User
Posts: 22
Joined: Tue Oct 08, 2019 9:14 pm

Re: ADM Console 401 error

Post by softpronick » Tue Oct 15, 2019 6:58 pm

david63 wrote:
Tue Oct 15, 2019 6:06 am
softpronick wrote:
Tue Oct 15, 2019 12:35 am
Cannot delete the Cache or the /vendor folders. Says i need rights
Isn't this going back to the original problem? I would suggest that you get your server Admin to take a look.
I think it was because the site was using them. After an iisreset it opened up and i was able to complete the upgrade to 3.2.8

softpronick
Registered User
Posts: 22
Joined: Tue Oct 08, 2019 9:14 pm

Re: ADM Console 401 error

Post by softpronick » Tue Oct 15, 2019 6:59 pm

Ok so the upgrade is done. I am able to hit the ACP now but not after login. If i log in as admin, and then log in a second time for ACP it still fails. If i go back to the main page and then click on the acp it loads straight up as i have been authenticated but no redirect. Has anyone else seen this?
Thanks
Nick :?:

User avatar
EA117
Registered User
Posts: 1066
Joined: Wed Aug 15, 2018 3:23 am
Contact:

Re: ADM Console 401 error

Post by EA117 » Tue Oct 15, 2019 7:36 pm

softpronick wrote:
Tue Oct 15, 2019 6:59 pm
Ok so the upgrade is done. I am able to hit the ACP now but not after login. If i log in as admin, and then log in a second time for ACP it still fails. If i go back to the main page and then click on the acp it loads straight up as i have been authenticated but no redirect. Has anyone else seen this?
"It still fails" means the original 401 error, correct? Or is it failing in some other way now, with some other page or some other status.

What difference, if any, do you see in the URL after the successful ACP login (but which fails to open the ACP), as compared to the link you then see for entering the ACP (which happens successfully) from the main site page?

For example, after logging into the site as just a user, the ACP link would have /adm/index.php?sid=xxx (with xxx being your current session ID), and clicking on that ACP link would bring up the login page because you're not logged into ACP yet. After successfully filling out the login fields, phpBB would intend to redirect you to /adm/index.php?sid=yyy, where yyy is a new session ID which is known to have double-authenticated for ACP's purposes.

But you're saying "whatever page the successful ACP login attempts to redirect you to" never opens successfully. So is the URL showing during that failure the expected /adm/index.php?sid=yyy URL, or something else? Because then when you return to the main site page, and click on the ACP link there, we again expect "this should be the same /adm/index.php?sid=yyy URL again."

So is there any difference between the two URLs you are seeing there? Or is the site is reporting a 401 for the first attempt to access /adm/index.php?sid=yyy (the redirect after ACP login), but then simply attempting the exact same /adm/index.php?sid=yyy URL again (using the ACP link from the main site page) then just magically works?

softpronick
Registered User
Posts: 22
Joined: Tue Oct 08, 2019 9:14 pm

Re: ADM Console 401 error

Post by softpronick » Wed Oct 16, 2019 3:26 pm

EA,

Here is the addresses:

When logging into the ACP the first page is just this: https://devforum.softprocorp.com/adm/index.php and that is where i get the 401 error.

If i go back to the main page and then click on acp i get this link: https://devforum.softprocorp.com/adm/in ... d41ba19238

It looks to me that the redirect it not working correctly to the session ID.

Any more help would be awesome.
Nick

User avatar
warmweer
Registered User
Posts: 3006
Joined: Fri Jul 04, 2003 6:34 am
Location: Van Allen Belt ... well actually Belgium

Re: ADM Console 401 error

Post by warmweer » Wed Oct 16, 2019 3:46 pm

Where's your style.cfg?
Is the /prosilver folder uploaded completely? (compare that folder with a fresh 3.2.8 set)
The year is 2192. The British Prime Minister visits Brussels to ask for an extension of the Brexit deadline. No one remembers where this tradition originated, but every year it attracts many tourists from all over the world.

User avatar
david63
Registered User
Posts: 16695
Joined: Thu Dec 19, 2002 8:08 am
Location: Lancashire, UK
Name: David Wood
Contact:

Re: ADM Console 401 error

Post by david63 » Wed Oct 16, 2019 4:36 pm

softpronick wrote:
Wed Oct 16, 2019 3:26 pm
It looks to me that the redirect it not working correctly to the session ID.
Or perhaps your cookie settings are wrong
David
Remember: You only know what you know and - you don't know what you don't know!
My CDB Contributions | How to install an extension
I will not be accepting translations for any of my extensions in Github - please post any translations in the appropriate topic.
No support requests via PM or email as they will be ignored

User avatar
EA117
Registered User
Posts: 1066
Joined: Wed Aug 15, 2018 3:23 am
Contact:

Re: ADM Console 401 error

Post by EA117 » Wed Oct 16, 2019 4:54 pm

softpronick wrote:
Wed Oct 16, 2019 3:26 pm
When logging into the ACP the first page is just this: https://devforum.softprocorp.com/adm/index.php and that is where i get the 401 error.

If i go back to the main page and then click on acp i get this link: https://devforum.softprocorp.com/adm/in ... d41ba19238
Okay, interesting. That "didn't make sense" to me on two fronts: 1) Why the SID didn't end up appended to the redirect URL in the first place; and 2) Why a redirect URL without the SID would have resulted in 401 rather than just returning you back to the login form again.

But I do see where phpBB's session_begin() has a failure path, specific to the /adm/index.php case, where if there isn't a SID in the URL, or if the SID in the URL doesn't match the SID phpBB learned from the "_sid" cookie, phpBB will set status 401 and redirect to index.php without any parameters.

I'm not positive that the necessary clues will be visible this way, but because I can't otherwise debug directly against your ACP login, I'm wondering if you can show this ACP login sequence from the perspective of Chrome's F12 "Network" tab. Meaning you would:
  • Login to the site as a normal user first.
  • Open Chrome's developer view by pressing F12.
  • Switch to the "Network" tab within the developer tools.
  • Ensure the "Preserve log" checkbox is set, so that the "Network" tab contents are not reset when you navigate to a new page.
  • Use the "Clear" icon to clear the "Network" tab, if you have a previous attempt's entries still showing.
  • Now without closing the F12 view, click on the ACP link to start the ACP login process.
  • Now perform the complete login process, including the failure page after the login, and finally going back to the board index and successfully accessing the ACP using the ACP link.
  • Once successfully viewing the ACP index page, now enter "index.php" in the filter/search box above the "Network" tab logged items.
This will give you a short list of just the index.php page load attempts, similar to what's shown in my successful ACP login here:

network.png

Yours will of course have additional entries, from the 401 and also from having to visit the board index again before entering the ACP successfully. But we want to see this list, specifically the status being returned at each step as well as the URL parameters at each step. The intention here is to try and catch that "maybe there was a redirect which included the new SID", but it failed for a different reason and ended up then hitting the session.php error path which returns 401 and no SID.

If you use the "down arrow" button (the one that shows "Export HAR" when you hover over it), this will allow you to export the "Network" tab contents to a json file. There shouldn't really be any sensitive information other than IP addresses, but if you're concerned about potential sensitive information, feel free to rename and PM this .HAR file to me as a .TXT file, and I'll see if there are any clues as to why we may have ended up in a state where phpBB wanted to return 401. (If that's what's even happening.) Or you can just put the file's contents in a [code][/code] block here for anyone to analyze.

(The only "not as recommended" cookie setting I see is that "cookie_secure" is not enabled. But that's not a "will equal failure" situation, and just means the cookies are allowed to be sent even when not accessing the site over HTTPS. i.e. The cookie data is allowed to be exposed even over non-encrypted connections, if you were using one. Your current cookies are being successfully saved and sent, at least in my non-ACP-related access to your site. But that's one of the things the .HAR file contents are going to confirm during your ACP access attempt, too.)

softpronick
Registered User
Posts: 22
Joined: Tue Oct 08, 2019 9:14 pm

Re: ADM Console 401 error

Post by softpronick » Wed Oct 16, 2019 5:00 pm

warmweer wrote:
Wed Oct 16, 2019 3:46 pm
Where's your style.cfg?
Is the /prosilver folder uploaded completely? (compare that folder with a fresh 3.2.8 set)
They look the same.

User avatar
warmweer
Registered User
Posts: 3006
Joined: Fri Jul 04, 2003 6:34 am
Location: Van Allen Belt ... well actually Belgium

Re: ADM Console 401 error

Post by warmweer » Wed Oct 16, 2019 5:17 pm

softpronick wrote:
Wed Oct 16, 2019 5:00 pm
warmweer wrote:
Wed Oct 16, 2019 3:46 pm
Where's your style.cfg?
Is the /prosilver folder uploaded completely? (compare that folder with a fresh 3.2.8 set)
They look the same.
strange that I can 't get your style.cfg to show the version

https://devforum.softprocorp.com/styles ... /style.cfg
added:
navigating to https://devforum.softprocorp.com/adm/index.php should redirect me to the login page or to the site index but gives a blank page. that doesn't happen on other sites: this makes me think there's something's wrong with your subdomain redirect.
The year is 2192. The British Prime Minister visits Brussels to ask for an extension of the Brexit deadline. No one remembers where this tradition originated, but every year it attracts many tourists from all over the world.

User avatar
EA117
Registered User
Posts: 1066
Joined: Wed Aug 15, 2018 3:23 am
Contact:

Re: ADM Console 401 error

Post by EA117 » Wed Oct 16, 2019 5:33 pm

warmweer wrote:
Wed Oct 16, 2019 5:17 pm
softpronick wrote:
Wed Oct 16, 2019 5:00 pm
They look the same.
strange that I can 't get your style.cfg to show the version
We probably should ask to see the contents of the web.config at the root of the phpBB site.

It's not immediately clear to me either why the attempt to access style.cfg is being bounced through app.php, as though the "if exists as a file" and "if exists as a directory" tests are both failing. It's certainly entirely legitimate that a web server could be configured to not serve .cfg file content of any sort; or even to have a configuration to not deliver non-html/js/css/resource files from the /styles path.

But the "redirect the path through app.php" does seem a bit unusual; or at least that we might see the web.config going out of its way to make that happen for these additional cases.

User avatar
warmweer
Registered User
Posts: 3006
Joined: Fri Jul 04, 2003 6:34 am
Location: Van Allen Belt ... well actually Belgium

Re: ADM Console 401 error

Post by warmweer » Wed Oct 16, 2019 5:45 pm

EA117 wrote:
Wed Oct 16, 2019 5:33 pm
It's certainly entirely legitimate that a web server could be configured to not serve .cfg file content of any sort; or even to have a configuration to not deliver non-html/js/css/resource files from the /styles path.
True but this is a first time for me (so now I'm not a virgin anymore ;) ) . Also just noticed IIS which I have no experience at all (I think, I don't know what it is - some Googling to do) - so I'm a virgin again and should better stick to reading only in this topic :oops:
The year is 2192. The British Prime Minister visits Brussels to ask for an extension of the Brexit deadline. No one remembers where this tradition originated, but every year it attracts many tourists from all over the world.

User avatar
david63
Registered User
Posts: 16695
Joined: Thu Dec 19, 2002 8:08 am
Location: Lancashire, UK
Name: David Wood
Contact:

Re: ADM Console 401 error

Post by david63 » Wed Oct 16, 2019 8:52 pm

david63 wrote:
Wed Oct 16, 2019 4:36 pm
Or perhaps your cookie settings are wrong
Have you checked your cookie settings yet?

https://www.phpbb.com/support/docs/en/3 ... -settings/

Cookie domain looks wrong to me.
David
Remember: You only know what you know and - you don't know what you don't know!
My CDB Contributions | How to install an extension
I will not be accepting translations for any of my extensions in Github - please post any translations in the appropriate topic.
No support requests via PM or email as they will be ignored

User avatar
Mick
Support Team Member
Support Team Member
Posts: 21676
Joined: Fri Aug 29, 2008 9:49 am
Location: Cardiff

Re: ADM Console 401 error

Post by Mick » Wed Oct 16, 2019 8:59 pm

Cookies look good to me.
"The more connected we get the more alone we become" - Kyle Broflovski

User avatar
warmweer
Registered User
Posts: 3006
Joined: Fri Jul 04, 2003 6:34 am
Location: Van Allen Belt ... well actually Belgium

Re: ADM Console 401 error

Post by warmweer » Wed Oct 16, 2019 9:01 pm

david63 wrote:
Wed Oct 16, 2019 8:52 pm
Cookie domain looks wrong to me.
yep: should be devforum.softprocorp.com instead of .softprocorp.com
The year is 2192. The British Prime Minister visits Brussels to ask for an extension of the Brexit deadline. No one remembers where this tradition originated, but every year it attracts many tourists from all over the world.

Post Reply

Return to “[3.2.x] Support Forum”