no admin rights after installation

[JPLABS]

Support Request Template
What version of phpBB are you using? phpBB 3.3.14
What is your board's URL? www.finmaker.co.uk
Who do you host your board with? heartinternet.co.uk
How did you install your board? I used the download package from phpBB.com
What is the most recent action performed on your board? Fresh Install
Is registration required to reproduce this issue? No
Do you have any MODs installed? No
Do you have any extensions installed? No
What styles do you currently have installed? none
What language(s) is your board currently using? czech, english
Which database type/version are you using? MariaDB
What is your level of experience? Comfortable with PHP and phpBB
What actions did you take (updating your board; installing a MOD, style or extension; etc.) prior to this problem becoming noticeable? none, except creating the database in MyPHPadmin
Please describe your problem. standard installation: (1) creating database in MyPHP Admin, (2) transfer files via FTP to server, (3) start install from web, writing data into forms and finishing the installation. That's easy. The installer reported this information: https://www.phpbb.cz/download/file.php? ... &mode=view
Once I continued with link Take me to ACP, I got answer that I have no administration rights. I have tested to install english version and czech version 3.3.14 with the same results. I have tried to install on various servers (finmaker.co.uk, then allfin.co.uk and than jplabs.co.uk ). Every time the same result.

Beside that I manage another forum: microforum.co.uk version 3.3.5 .There are no problems.
Generated by SRT Generator

[JPLABS]

I apologize for the inconvenience, but after preparing the above message and logging out, I returned to the Finmaker forum and tried to log in. To my great surprise, I was logged in. I don't understand why I haven't been able to log in now, while all day today, after numerous installation attempts, I kept getting the message that I don't have administrator rights...

Screenshot from 2025-05-08 09-27-06.png

[JPLABS]

Unfortunately, the forum is not working again. See here: http://www.finmaker.co.uk/forum/index.php The administrator cannot log in because the password is incorrect. It is possible to register, but it is not possible to log in again because the password is incorrect. You can try it yourself. The problem seems to be with the file.: .../phpbb/passwords/driver/base_native.php in line 57

[Madalin10]

Hmm.. not sure why is that issue but with a search I have found this topic: viewtopic.php?t=2649829

Also the latest version released is 3.3.15 and not 3.3.14. Try to download again the package from the phpbb.com/downloads/ page, drop all tables from your db / create a new one and install a fresh copy of the phpbb.

[JPLABS]

Hi,
thank you for link to the topic viewtopic.php?t=2649829. I also think, the problem is on server (provider: heartinternet). I opened the ticket last Sat, the staff said that there is all right.
On Thu I did many installation attempts on various servers and with various version of phpBB (3.3.5 and 3.3.14 and various language mutations of both versions). The result was every time the same: unknown password... as described in the topic you given me.

[Noxwizard]

Make a file called test.php in your forum root, put this in it, run it in your browser, and post the output:

Code: Select all

<?php
define('IN_PHPBB', true);
define('IN_INSTALL', true);
$phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './';
$phpEx = substr(strrchr(__FILE__, '.'), 1);
if (file_exists('install/startup.' . $phpEx))
{
	include('install/startup.' . $phpEx);
}
else
{
	include('common.' . $phpEx);
	include('includes/startup.' . $phpEx);
}

$config = new \phpbb\config\config(array());
$driver_helper = new \phpbb\passwords\driver\helper($config);
$passwords_drivers = array(
	'passwords.driver.bcrypt_2y'	=> new \phpbb\passwords\driver\bcrypt_2y($config, $driver_helper),
	'passwords.driver.bcrypt'		=> new \phpbb\passwords\driver\bcrypt($config, $driver_helper),
	'passwords.driver.salted_md5'	=> new \phpbb\passwords\driver\salted_md5($config, $driver_helper),
	'passwords.driver.phpass'		=> new \phpbb\passwords\driver\phpass($config, $driver_helper),
	'passwords.driver.argon2i'		=> new \phpbb\passwords\driver\argon2i($config, $driver_helper),
	'passwords.driver.argon2id'		=> new \phpbb\passwords\driver\argon2id($config, $driver_helper),
);

$passwords_helper = new \phpbb\passwords\helper;
// Set up passwords manager
$passwords_manager = new \phpbb\passwords\manager($config, $passwords_drivers, $passwords_helper, array_keys($passwords_drivers));

// Run a dummy password to initialize the manager
$passwords_manager->hash('test');

foreach ($passwords_drivers as $driver => $class)
{
	echo 'Driver: ' . $driver;
	flush();
	echo ' hash(test): ' . $passwords_manager->hash('test', $driver) . '<br>';
}

[JPLABS]

Result:

Driver: passwords.driver.bcrypt_2y hash(test): $2y$10$vgXlVL/VVjrVKzul3zeqrO2zzCNpGLHwgD4qmcjyd6esFgX7Axk06
Driver: passwords.driver.bcrypt hash(test): $2a$10$sX7o24/Nrd6Qw87vVrLAtOQQfR2vkpiltW7OrRzSCdKEgicJdht1W
Driver: passwords.driver.salted_md5 hash(test): $H$9O8ZHT5j1fU79B6T/51RZX/WCoQTxD0
Driver: passwords.driver.phpass hash(test): $P$9ohERsHsqBgGGZhG5OeNXwvGOK.F/H0
Driver: passwords.driver.argon2i[phpBB Debug] PHP Warning: in file [ROOT]/phpbb/passwords/driver/base_native.php on line 57: password_hash(): Unexpected failure hashing password
hash(test):
Driver: passwords.driver.argon2id[phpBB Debug] PHP Warning: in file [ROOT]/phpbb/passwords/driver/base_native.php on line 57: password_hash(): Unexpected failure hashing password
hash(test):

here is nothing ....
From internet provider (heartinternet) staff no answer yet.

[JPLABS]

From heartinternet staff I received this:

I’ve taken a look at the setup on finmaker.co.uk, and I can see that a fresh phpBB installation has now been put in place — so I assume you're in the process of rebuilding or testing.

While reviewing the configuration, I spotted something that may have caused the login issues you originally described. Your .htaccess file contained two conflicting PHP version handlers:

AddHandler application/x-httpd-php81 .php .php5
AddHandler application/x-httpd-php74 .php

The second line (PHP 7.4) would have overridden the first, causing your site to run on PHP 7.4 instead of PHP 8.1.

While PHP 7.4 can support modern password hashing algorithms like Argon2 if compiled with the right libraries, it's possible the server-side configuration didn’t fully support this — which could explain the sudden login failures around password verification.

I’ve now removed the second line, which was line 74 in your .htaccess, to ensure the site uses PHP 8.1 as intended.

This line wasn’t added by us - it was already in the file, likely from a previous setup. With the change now in place, login functionality should behave correctly in both new and existing installations.

Please, note, the test version on www.finmaker.co.uk/forum/ was installed in fresh created directory ../forum/ . This directory doesn't exitst before and was created only for purpose to install test version of the forum. There is now PHP 8.1.
Now, upon changes of .htaccess made by heartinternet staff manually , it is possible to make new user registration, logout and login again. Unfortunately, still is no possible to log in as administator with original password or user as user with password created before manually changes at .htaccess.

[Noxwizard]

This line wasn’t added by us - it was already in the file, likely from a previous setup.

These lines are often added automatically by whatever web panel management software is being used (ex. cPanel) when a PHP version change is made.

Unfortunately, still is no possible to log in as administator with original password or user as user with password created before manually changes at .htaccess.

You can use the "Forgot password" link on the login page to generate a temporary password and then reset it.

[rxu]

What will be the output of echo 'Argon2 provider: ', PASSWORD_ARGON2_PROVIDER; if you add this line to the very end script above?

[JPLABS]

You can use the "Forgot password" link on the login page to generate a temporary password and then reset it.

Yes, I used "Forgot password", received email, created new email. I have tried to log in with new password and received message: You did not provide a password reset token.
Than, as I clicked to username, I was logged-in. I log-out and tried to log-in again. Success, no message: You did not provide a password reset token. appears.

[JPLABS]

What will be the output of echo 'Argon2 provider: ', PASSWORD_ARGON2_PROVIDER; if you add this line to the very end script above?

I have added the above to the very end of the test.php and started
www.finmaker.co.uk/forum/test.php
and received:
Argon2 provider: sodiumDriver: passwords.driver.bcrypt_2y hash(test): $2y$10$NrBQt6SADAQFCAGk2xbNWuNBQ.QfyaUO5amOsum.1NzPLS3lQ7xMK
Driver: passwords.driver.bcrypt hash(test): $2a$10$Uf5f5M58SUJotN3khhF00.gdSM9h3gNWiU01cxSJXKmOGcCg1q.gO
Driver: passwords.driver.salted_md5 hash(test): $H$9vy0bELHV1x6BgaM1Nl7JoDMsAQcUW/
Driver: passwords.driver.phpass hash(test): $P$9NoztzrCijBK4BkTQbz1FBAC3hjpZO0
Driver: passwords.driver.argon2i hash(test): $argon2i$v=19$m=65536,t=4,p=1$7h0nNfpgvp2VvpJwYvjX6g$9amWH3USe9K7N94JjfA41XCNd6iwGJDwsF4lbsZadkU
Driver: passwords.driver.argon2id hash(test): $argon2id$v=19$m=65536,t=4,p=1$dDVayAGk5QpMSQVqx5gX7w$m7sx3ruaB8m6l/s4tlky6iCYbxC7A8xhVlO58X4SnCo
Argon2 provider: sodium