1

Topic: can't login after upgrade

I recently upgraded to the latest PunBB version on Apache server with PHP version: 5.3.29, MySQL: 5.5.32-cll-lve, PHP server API: cgi-fcgi. The forum seem to have worked for about a week but as from yesterday, o member can log in.

I checked that all files have been transferred properly via sftp and the update seem to have run smoothly during the update.

Could someone advice me on how we could regain the functionality?

Re: can't login after upgrade

In the log of server errors (error.log file), what is written?

ForkBB
I speak only Russian  :P

3

Re: can't login after upgrade

Hi Visman, There are no relevant errors recorded  in the logs.

Re: can't login after upgrade

I create TestUser. Login, logout, login - all OK.
P.S. Delete the cookies in your browser. Сlear your browser cache.

ForkBB
I speak only Russian  :P

5 (edited by colak 2015-12-02 18:11)

Re: can't login after upgrade

Visman wrote:

I create TestUser. Login, logout, login - all OK.
P.S. Delete the cookies in your browser. Сlear your browser cache.

I did both. I also used another browser and the problem remains both for me and all the members who are all locked out from the forum just now. I'm wondering if it has anything to do with the server specs. Can a dev advice on this?

Re: can't login after upgrade

Disconnect all extensions:
config.php file

//define('FORUM_DISABLE_HOOKS', 1);

-->

define('FORUM_DISABLE_HOOKS', 1);

and try again.

If after that login doesn't work, try recovery of the password.

If recovery of the password works, possibly a problem with hashes of passwords in DB. I won't be able to call the reason.

ForkBB
I speak only Russian  :P

7 (edited by colak 2015-12-02 18:24)

Re: can't login after upgrade

Hi Visman, firstly, many thanks for your suggestions which unfortunately did not get me anywhere yet.

Looking at the config.php file I see a difference from the old one:

$base_url = 'http://domain.tld/forum'

. When I commented that line out I get the following error message:

Warning! The following errors must be corrected before you can login:
Incorrect username and/or password.

With the line in action when trying to login, nothing happens. Would this be giving some clues as to what I might be facing?

Re: can't login after upgrade

My local test forum in

http://localhost/punbb/

and config have

$base_url = 'http://localhost/punbb';

if delete $base_url in config, to url of the server is defined automatically.


P.S. Give the reference to forum with your problem.

ForkBB
I speak only Russian  :P

9 (edited by colak 2015-12-04 08:41)

Re: can't login after upgrade

Visman wrote:

My local test forum in

http://localhost/punbb/

and config have

$base_url = 'http://localhost/punbb';

if delete $base_url in config, to url of the server is defined automatically.


P.S. Give the reference to forum with your problem.

Hi Visman, thanks again. The forum is a private one with about 120 members. The owners unfortunately want to keep it such way.

10

Re: can't login after upgrade

I temporarily copied the forum  on another url with higher versions of php and mysql on http://bit.ly/1ToCJlc

PHP version: 5.6.14
MySQL: 5.5.32-cll-lve

The error persists.

11

Re: can't login after upgrade

Login works, but
http://jpegshare.net/images/f4/a5/f4a52b08ac34dc7600333c2ca9c2b8bc.png
You see the same message?

ForkBB
I speak only Russian  :P

12

Re: can't login after upgrade

Hi Visman, I can verify that new members can register too. The problem remains with the over 120 existing ones who can not login as the system returns the following error:

Warning! The following errors must be corrected before you can login:
Incorrect username and/or password.

Would this have something to do with the passwords in the db?

13

Re: can't login after upgrade

>Would this have something to do with the passwords in the db?
Compare the tables users, the columns "password" and "salt" for versions 1.4.2 and 1.4.4. You have a backup 1.4.2? wink

In authorization of changes isn't present for version 1.4.4
1.4.2 == 1.4.4

// Login
if (isset($_POST['form_sent']) && empty($action))
{
    $form_username = forum_trim($_POST['req_username']);
    $form_password = forum_trim($_POST['req_password']);
    $save_pass = isset($_POST['save_pass']);

    ($hook = get_hook('li_login_form_submitted')) ? eval($hook) : null;

    // Get user info matching login attempt
    $query = array(
        'SELECT'    => 'u.id, u.group_id, u.password, u.salt',
        'FROM'        => 'users AS u'
    );

    if (in_array($db_type, array('mysql', 'mysqli', 'mysql_innodb', 'mysqli_innodb')))
        $query['WHERE'] = 'username=\''.$forum_db->escape($form_username).'\'';
    else
        $query['WHERE'] = 'LOWER(username)=LOWER(\''.$forum_db->escape($form_username).'\')';

    ($hook = get_hook('li_login_qr_get_login_data')) ? eval($hook) : null;
    $result = $forum_db->query_build($query) or error(__FILE__, __LINE__);
    list($user_id, $group_id, $db_password_hash, $salt) = $forum_db->fetch_row($result);

    $authorized = false;
    if (!empty($db_password_hash))
    {
        $sha1_in_db = (strlen($db_password_hash) == 40) ? true : false;
        $form_password_hash = forum_hash($form_password, $salt);

        if ($sha1_in_db && $db_password_hash == $form_password_hash)
            $authorized = true;
        else if ((!$sha1_in_db && $db_password_hash == md5($form_password)) || ($sha1_in_db && $db_password_hash == sha1($form_password)))
        {
            $authorized = true;

            $salt = random_key(12);
            $form_password_hash = forum_hash($form_password, $salt);

            // There's an old MD5 hash or an unsalted SHA1 hash in the database, so we replace it
            // with a randomly generated salt and a new, salted SHA1 hash
            $query = array(
                'UPDATE'    => 'users',
                'SET'        => 'password=\''.$form_password_hash.'\', salt=\''.$forum_db->escape($salt).'\'',
                'WHERE'        => 'id='.$user_id
            );

            ($hook = get_hook('li_login_qr_update_user_hash')) ? eval($hook) : null;
            $forum_db->query_build($query) or error(__FILE__, __LINE__);
        }
    }

    ($hook = get_hook('li_login_pre_auth_message')) ? eval($hook) : null;

    if (!$authorized)
        $errors[] = sprintf($lang_login['Wrong user/pass']);

    // Did everything go according to plan?
    if (empty($errors))
    {
        // Update the status if this is the first time the user logged in
        if ($group_id == FORUM_UNVERIFIED)
        {
            $query = array(
                'UPDATE'    => 'users',
                'SET'        => 'group_id='.$forum_config['o_default_user_group'],
                'WHERE'        => 'id='.$user_id
            );

            ($hook = get_hook('li_login_qr_update_user_group')) ? eval($hook) : null;
            $forum_db->query_build($query) or error(__FILE__, __LINE__);

            // Remove cache file with forum stats
            if (!defined('FORUM_CACHE_FUNCTIONS_LOADED'))
            {
                require FORUM_ROOT.'include/cache.php';
            }

            clean_stats_cache();
        }

        // Remove this user's guest entry from the online list
        $query = array(
            'DELETE'    => 'online',
            'WHERE'        => 'ident=\''.$forum_db->escape(get_remote_address()).'\''
        );

        ($hook = get_hook('li_login_qr_delete_online_user')) ? eval($hook) : null;
        $forum_db->query_build($query) or error(__FILE__, __LINE__);

        $expire = ($save_pass) ? time() + 1209600 : time() + $forum_config['o_timeout_visit'];
        forum_setcookie($cookie_name, base64_encode($user_id.'|'.$form_password_hash.'|'.$expire.'|'.sha1($salt.$form_password_hash.forum_hash($expire, $salt))), $expire);

        ($hook = get_hook('li_login_pre_redirect')) ? eval($hook) : null;

        redirect(forum_htmlencode($_POST['redirect_url']).((substr_count($_POST['redirect_url'], '?') == 1) ? '&' : '?').'login=1', $lang_login['Login redirect']);
    }
}

Check forum_hash() function for 1.4.2 and 1.4.4

// Generates a salted, SHA-1 hash of $str
function forum_hash($str, $salt)
{
    $return = ($hook = get_hook('fn_forum_hash_start')) ? eval($hook) : null;
    if ($return != null)
        return $return;

    return sha1($salt.sha1($str));
}

Check 'fn_forum_hash_start' Hook.

P.S. If that doesn't help, let all use recovery of the password.

ForkBB
I speak only Russian  :P

14 (edited by colak 2015-12-04 14:49)

Re: can't login after upgrade

OK:) The problem seems to have sorted itself out but I now see another one. In the downloaded folder found on http://punbb.informer.com/ - actual url, http://punbb.informer.com/download/punbb-1.4.4.zip, the admin folder does not contain any styles and the administration side of the forum appears unstyled. I found the css by checking the source code here but I think that the issue needs to be addressed. I am also checking other minor problems which I will report here.

15

Re: can't login after upgrade

Return back $base_url variable, only specify right value (on the end there shouldn't be a slash).

ForkBB
I speak only Russian  :P