Correct ACP password stopped working

Get help with installation and running phpBB 3.3.x here. Please do not post bug reports, feature requests, or extension related questions here.
kb58
Registered User
Posts: 40
Joined: Sat Dec 20, 2008 11:43 pm

Correct ACP password stopped working

Post by kb58 »

Support Request Template
What version of phpBB are you using? v3.2.7, then upgraded to v3.3.11 in attempt to fix issue
What is your board's URL? http://midlana.kimini.com/forum is the problem page
Who do you host your board with? HostPapa
How did you install your board? I installed 3.2.7, then recently used the webhost's one-button upgrade to 3.3.11
What is the most recent action performed on your board? Nothing
Is registration required to reproduce this issue? Yes, and I cannot grant access to anyone without me accessing the ACP
Do you have any MODs installed? No
Do you have any extensions installed? No
What extensions do you have installed? None
What styles do you currently have installed? Default
What language(s) is your board currently using? English
Which database type/version are you using? MySQL 8.0.36
What is your level of experience? Slight experience with phpBB
What username can be used to view this issue? "Midlana1"
What password can be used to view this issue? None, all appear incorrect
What actions did you take (updating your board; installing a MOD, style or extension; etc.) Prior to this problem becoming noticeable? Nothing
Please describe your problem:

I have run several versions of phpBB over the years, upgrading without issue, and accessing the ACP with a password auto-populate function, which worked perfectly fine - until it didn't. Starting about four days ago, it suddenly says that the password is wrong and yet nothing has changed. I confirmed with HostPapa that they didn't make any recent changes, and I have not made any either.

In short, their Support was useless, offering advice like "if you log us in maybe we can help"... which I can't do since I can't access the ACP (facepalm). They did offer to load a one-week-old backup copy of the forum, but I rather not do that unless there is no other choice, and suspect that won't fix it, eitheer.

I found the numerous threads regarding lost ACP passwords (mine is not lost, it no longer works). I went ahead and tried the work around, loading the script that creates an Admin1 entry in the user database. I confirmed it appeared correctly in the database, but unfortunately, its password failed as well. NOTE: After upgrading to 3.3.11, the problem remains (that said, it's currently unclear whether it's actually upgraded, because the issue is in a subdomain of my main domain, kimini.com. It appears it may have only updated that site, which I'm presently dealing with. For the purposes of this thread, it's probably best to assume that I'm still on 3.2.7, but will be upgrading, but don't want to be changing too many things at a time.

I'm at a complete loss about what to do next. If I had changed something immediately before it failed, fine. If HostPapa had recently changed something, fine, I get that and can deal with it. But this, this is out of the blue. It seems as if there are three different possibilities:
1. My account was hacked (hard to believe because the pw was very cryptic).
2. Something within phpBB sw at the webhost's end broke
3. Both Microsoft's and Google's password function stopped working - highly unlikely

Thanks.
Last edited by kb58 on Wed Mar 06, 2024 6:06 am, edited 2 times in total.
User avatar
durangod
Registered User
Posts: 804
Joined: Tue Nov 03, 2009 1:26 pm
Location: USA East Texas
Name: Dave

Re: Correct ACP password stopped working

Post by durangod »

Hi, i did not notice if you tried to recover the password via the forgot password option on the login page, have you tried that? You seem to have access to the database so use that email and set a new password. Does this help?
Username is short for durango dave
User avatar
warmweer
Jr. Extension Validator
Posts: 11650
Joined: Fri Jul 04, 2003 6:34 am
Location: Van Allen Bel ... gium

Re: Correct ACP password stopped working

Post by warmweer »

https://midlana.kimini.com/forum/ isn't setting cookies
https://www.midlana.com/forum is setting cookies but cookie secure is set to false (it should be set to true).
The content seems to be the same so I suspect the same database is being used (which will cause problems)

BTW using the host 1-click install (or 1-click upgrade) is not recommended at all as these (in many cases) are not installed the recommended way and can have non-documented edits to suit the host (usually undocumented).
Spelling is freeware, which means you can use it for free.
On the other hand, it is not open source, which means you cannot change it or publish it in a modified form.


Time flies like an arrow, but fruit flies like a banana.
User avatar
ssl
Registered User
Posts: 1979
Joined: Sat Feb 08, 2020 2:15 pm
Location: Le Lude, Pays de la Loire - France
Name: Fred Rimbert

Re: Correct ACP password stopped working

Post by ssl »

warmweer wrote: Mon Mar 04, 2024 11:52 pm BTW using the host 1-click install (or 1-click upgrade) is not recommended at all as these (in many cases) are not installed the recommended way and can have non-documented edits to suit the host (usually undocumented).
Agree with this

You can try this solution to try to access the ACP: viewtopic.php?p=15620966&sid=c7db60ee82 ... #p15620966
Sorry for my English ... I do my best! :anger_right:

:point_right_tone3: phpBB: 3.3.13 | PHP: 8.3.9
:point_right_tone4: [Kill spam on phpBB] - [Some French translation of extensions]
"Mistress, Mistress someone is bothering me in pm"
kb58
Registered User
Posts: 40
Joined: Sat Dec 20, 2008 11:43 pm

Re: Correct ACP password stopped working

Post by kb58 »

durangod wrote: Mon Mar 04, 2024 11:22 pm Hi, i did not notice if you tried to recover the password via the forgot password option on the login page, have you tried that? You seem to have access to the database so use that email and set a new password. Does this help?
The problem is that it's the Admin password, and the Admin sign in page has no "Forgot Password" button.
kb58
Registered User
Posts: 40
Joined: Sat Dec 20, 2008 11:43 pm

Re: Correct ACP password stopped working

Post by kb58 »

ssl wrote: Mon Mar 04, 2024 11:55 pm
warmweer wrote: Mon Mar 04, 2024 11:52 pm BTW using the host 1-click install (or 1-click upgrade) is not recommended at all as these (in many cases) are not installed the recommended way and can have non-documented edits to suit the host (usually undocumented).
Agree with this

You can try this solution to try to access the ACP: viewtopic.php?p=15620966&sid=c7db60ee82 ... #p15620966
I did try that (Admin1 user with admin as pw) and somewhat surprisingly, it did not work, failing the same way.

Maybe this is a clue: When I enter the password on the Admin sign-in page and hitting Enter, the password field clears, then repopulates to what it had before hitting Enter. There is no "Wrong Password" message... no message at all. That seems odd in itself.

My experience with the operations side of forum software is extremely limited, so I have little idea of what I'm doing or what I should be seeing.
kb58
Registered User
Posts: 40
Joined: Sat Dec 20, 2008 11:43 pm

Re: Correct ACP password stopped working

Post by kb58 »

warmweer wrote: Mon Mar 04, 2024 11:52 pm https://midlana.kimini.com/forum/ isn't setting cookies
https://www.midlana.com/forum is setting cookies but cookie secure is set to false (it should be set to true).
The content seems to be the same so I suspect the same database is being used (which will cause problems)

BTW using the host 1-click install (or 1-click upgrade) is not recommended at all as these (in many cases) are not installed the recommended way and can have non-documented edits to suit the host (usually undocumented).
Thanks. I passed on your comments to the webhost and will see what they say, because I've never messed with cookies and don't know enough to know what I don't know. I had no idea there was even a midlana.kimini.com site! I assume that cookie settings are set on the Admin side, which of course I'm locked out of right now. How did you view their status?

I'm holding off on upgrading to 3.3.11 for now in order to keep from changing too many things at one time. Once the problem gets fixed, or if all attempts fail, I will go ahead and self-install 3.3.11.

Thank you for the replies!
Last edited by kb58 on Tue Mar 05, 2024 5:04 pm, edited 1 time in total.
User avatar
Mick
Support Team Member
Support Team Member
Posts: 26825
Joined: Fri Aug 29, 2008 9:49 am

Re: Correct ACP password stopped working

Post by Mick »

kb58 wrote: Tue Mar 05, 2024 5:09 amThe problem is that it's the Admin password, and the Admin sign in page has no "Forgot Password" button.
The ACP password is the same as the admin uses as a normal user. log out and go from there, if that doesn’t work use the query ssl posted. Be warned messing with the database can end up destroying your board, proceed with caution.

Also, did you ask your host if they changed anything like the spate of problems we’re seeing with mod_security (there’s at least two or three topics posted about it this week) or PHP versions etc?
  • "The more connected we get the more alone we become” - Kyle Broflovski© 🇬🇧
kb58
Registered User
Posts: 40
Joined: Sat Dec 20, 2008 11:43 pm

Re: Correct ACP password stopped working

Post by kb58 »

Mick wrote: Tue Mar 05, 2024 9:48 am The ACP password is the same as the admin uses as a normal user. log out and go from there, if that doesn’t work use the query ssl posted. Be warned messing with the database can end up destroying your board, proceed with caution.
I logged out of the Midlana forum, successfully logged in, then tried logging into the ACP using the same password,, and it fails every time. As mentioned, after hitting Enter, the password entry page sits static for about three seconds, then reverts back to as it was before pressing Enter. This seems very strange. Anyway, I'll look into the query ssl thing but as noted, I never lift the hood on server side stuff so am extremely clueless about touching things in dark scary places.
Mick wrote: Tue Mar 05, 2024 9:48 am Also, did you ask your host if they changed anything like the spate of problems we’re seeing with mod_security (there’s at least two or three topics posted about it this week) or PHP versions etc?
Yes, and they said that they changed nothing, but I asked again, specifically about mod_security.
kb58
Registered User
Posts: 40
Joined: Sat Dec 20, 2008 11:43 pm

Re: Correct ACP password stopped working

Post by kb58 »

durangod wrote: Tue Mar 05, 2024 5:46 am You can view the cookie info and session via the console, thats how he saw cookie secure was set to false.
Great... where do I access "the console?"
kb58
Registered User
Posts: 40
Joined: Sat Dec 20, 2008 11:43 pm

Re: Correct ACP password stopped working

Post by kb58 »

I should also note that the issue occurs whether accessed from a Win 7 laptop, Win 10 desktop, or iPhone. Each have their own version of password storage, Google, Microsoft, and Apple, and all have the same failure.
User avatar
thecoalman
Community Team Member
Community Team Member
Posts: 6291
Joined: Wed Dec 22, 2004 3:52 am
Location: Pennsylvania, U.S.A.

Re: Correct ACP password stopped working

Post by thecoalman »

kb58 wrote: Tue Mar 05, 2024 4:59 pm Yes, and they said that they changed nothing, but I asked again, specifically about mod_security.
mod_security rules are constantly updated. You can check the server error logs. You can search the log for ./../adm/, if there is an error about path traversal then this is the issue.

Most hosting panels allow you turn off mod_security but it turns it off entirely. If that fixes the problem report it to your hosting support so they can deal with the specific rule causing the problem so you can re-enable it.
“Results! Why, man, I have gotten a lot of results! I have found several thousand things that won’t work.”

Attributed - Thomas Edison
User avatar
Mick
Support Team Member
Support Team Member
Posts: 26825
Joined: Fri Aug 29, 2008 9:49 am

Re: Correct ACP password stopped working

Post by Mick »

kb58 wrote: Tue Mar 05, 2024 4:59 pmYes, and they said that they changed nothing
And that was the answer to everyone who’s had this issue from every host, look at some of the other topics on the subject. Most of the hosts need to be prodded with a sharp stick for some reason for something that takes five minutes or less to fix.

And, on top of that, obviously you havn’t caused the problem so there can only be one culprit.
kb58 wrote: Tue Mar 05, 2024 4:59 pmI logged out of the Midlana forum, successfully logged in
I meant for you to log out then try the forgotten password routine.
  • "The more connected we get the more alone we become” - Kyle Broflovski© 🇬🇧
kb58
Registered User
Posts: 40
Joined: Sat Dec 20, 2008 11:43 pm

Re: Correct ACP password stopped working

Post by kb58 »

I checked the server error log, and while there are errors "Client denied by server configuration", they appear unrelated to the log-in attempts (different time stamps).

I'll try the Forgot Password path.

I will say though that it seems very strange to have the same password for both logging into the forum and accessing the ACP, but it is what it is, and was working...
Last edited by kb58 on Tue Mar 05, 2024 7:04 pm, edited 1 time in total.
User avatar
thecoalman
Community Team Member
Community Team Member
Posts: 6291
Joined: Wed Dec 22, 2004 3:52 am
Location: Pennsylvania, U.S.A.

Re: Correct ACP password stopped working

Post by thecoalman »

Mick wrote: Tue Mar 05, 2024 6:25 pmMost of the hosts need to be prodded with a sharp stick for some reason for something that takes five minutes or less to fix.
To be fair Mick disabling a rule typically affects the entire server which might have hundreds of accounts on it, a single set of rules might even be replicated across their entire network. This particular rule is to prevent tricking a vulnerable script from accessing or executing files it shouldn't. e.g.

example.com/vulnerable_file_serving_script.php?file=./../phpbb_directory/config.php
“Results! Why, man, I have gotten a lot of results! I have found several thousand things that won’t work.”

Attributed - Thomas Edison

Return to “[3.3.x] Support Forum”