You are not logged in. Please login or register.
PunBB Forums → PunBB 1.4 bug reports → can't login after upgrade
I recently upgraded to the latest PunBB version on Apache server with PHP version: 5.3.29, MySQL: 5.5.32-cll-lve, PHP server API: cgi-fcgi. The forum seem to have worked for about a week but as from yesterday, o member can log in.
I checked that all files have been transferred properly via sftp and the update seem to have run smoothly during the update.
Could someone advice me on how we could regain the functionality?
In the log of server errors (error.log file), what is written?
Hi Visman, There are no relevant errors recorded in the logs.
I create TestUser. Login, logout, login - all OK.
P.S. Delete the cookies in your browser. Сlear your browser cache.
I create TestUser. Login, logout, login - all OK.
P.S. Delete the cookies in your browser. Сlear your browser cache.
I did both. I also used another browser and the problem remains both for me and all the members who are all locked out from the forum just now. I'm wondering if it has anything to do with the server specs. Can a dev advice on this?
Disconnect all extensions:
config.php file
//define('FORUM_DISABLE_HOOKS', 1);-->
define('FORUM_DISABLE_HOOKS', 1);and try again.
If after that login doesn't work, try recovery of the password.
If recovery of the password works, possibly a problem with hashes of passwords in DB. I won't be able to call the reason.
Hi Visman, firstly, many thanks for your suggestions which unfortunately did not get me anywhere yet.
Looking at the config.php file I see a difference from the old one:
$base_url = 'http://domain.tld/forum'. When I commented that line out I get the following error message:
Warning! The following errors must be corrected before you can login:
Incorrect username and/or password.
With the line in action when trying to login, nothing happens. Would this be giving some clues as to what I might be facing?
My local test forum in
http://localhost/punbb/and config have
$base_url = 'http://localhost/punbb';if delete $base_url in config, to url of the server is defined automatically.
P.S. Give the reference to forum with your problem.
My local test forum in
http://localhost/punbb/and config have
$base_url = 'http://localhost/punbb';if delete $base_url in config, to url of the server is defined automatically.
P.S. Give the reference to forum with your problem.
Hi Visman, thanks again. The forum is a private one with about 120 members. The owners unfortunately want to keep it such way.
I temporarily copied the forum on another url with higher versions of php and mysql on http://bit.ly/1ToCJlc
PHP version: 5.6.14
MySQL: 5.5.32-cll-lve
The error persists.
Login works, but
You see the same message?
Hi Visman, I can verify that new members can register too. The problem remains with the over 120 existing ones who can not login as the system returns the following error:
Warning! The following errors must be corrected before you can login:
Incorrect username and/or password.
Would this have something to do with the passwords in the db?
>Would this have something to do with the passwords in the db?
Compare the tables users, the columns "password" and "salt" for versions 1.4.2 and 1.4.4. You have a backup 1.4.2? 
In authorization of changes isn't present for version 1.4.4
1.4.2 == 1.4.4
// Login
if (isset($_POST['form_sent']) && empty($action))
{
$form_username = forum_trim($_POST['req_username']);
$form_password = forum_trim($_POST['req_password']);
$save_pass = isset($_POST['save_pass']);
($hook = get_hook('li_login_form_submitted')) ? eval($hook) : null;
// Get user info matching login attempt
$query = array(
'SELECT' => 'u.id, u.group_id, u.password, u.salt',
'FROM' => 'users AS u'
);
if (in_array($db_type, array('mysql', 'mysqli', 'mysql_innodb', 'mysqli_innodb')))
$query['WHERE'] = 'username=\''.$forum_db->escape($form_username).'\'';
else
$query['WHERE'] = 'LOWER(username)=LOWER(\''.$forum_db->escape($form_username).'\')';
($hook = get_hook('li_login_qr_get_login_data')) ? eval($hook) : null;
$result = $forum_db->query_build($query) or error(__FILE__, __LINE__);
list($user_id, $group_id, $db_password_hash, $salt) = $forum_db->fetch_row($result);
$authorized = false;
if (!empty($db_password_hash))
{
$sha1_in_db = (strlen($db_password_hash) == 40) ? true : false;
$form_password_hash = forum_hash($form_password, $salt);
if ($sha1_in_db && $db_password_hash == $form_password_hash)
$authorized = true;
else if ((!$sha1_in_db && $db_password_hash == md5($form_password)) || ($sha1_in_db && $db_password_hash == sha1($form_password)))
{
$authorized = true;
$salt = random_key(12);
$form_password_hash = forum_hash($form_password, $salt);
// There's an old MD5 hash or an unsalted SHA1 hash in the database, so we replace it
// with a randomly generated salt and a new, salted SHA1 hash
$query = array(
'UPDATE' => 'users',
'SET' => 'password=\''.$form_password_hash.'\', salt=\''.$forum_db->escape($salt).'\'',
'WHERE' => 'id='.$user_id
);
($hook = get_hook('li_login_qr_update_user_hash')) ? eval($hook) : null;
$forum_db->query_build($query) or error(__FILE__, __LINE__);
}
}
($hook = get_hook('li_login_pre_auth_message')) ? eval($hook) : null;
if (!$authorized)
$errors[] = sprintf($lang_login['Wrong user/pass']);
// Did everything go according to plan?
if (empty($errors))
{
// Update the status if this is the first time the user logged in
if ($group_id == FORUM_UNVERIFIED)
{
$query = array(
'UPDATE' => 'users',
'SET' => 'group_id='.$forum_config['o_default_user_group'],
'WHERE' => 'id='.$user_id
);
($hook = get_hook('li_login_qr_update_user_group')) ? eval($hook) : null;
$forum_db->query_build($query) or error(__FILE__, __LINE__);
// Remove cache file with forum stats
if (!defined('FORUM_CACHE_FUNCTIONS_LOADED'))
{
require FORUM_ROOT.'include/cache.php';
}
clean_stats_cache();
}
// Remove this user's guest entry from the online list
$query = array(
'DELETE' => 'online',
'WHERE' => 'ident=\''.$forum_db->escape(get_remote_address()).'\''
);
($hook = get_hook('li_login_qr_delete_online_user')) ? eval($hook) : null;
$forum_db->query_build($query) or error(__FILE__, __LINE__);
$expire = ($save_pass) ? time() + 1209600 : time() + $forum_config['o_timeout_visit'];
forum_setcookie($cookie_name, base64_encode($user_id.'|'.$form_password_hash.'|'.$expire.'|'.sha1($salt.$form_password_hash.forum_hash($expire, $salt))), $expire);
($hook = get_hook('li_login_pre_redirect')) ? eval($hook) : null;
redirect(forum_htmlencode($_POST['redirect_url']).((substr_count($_POST['redirect_url'], '?') == 1) ? '&' : '?').'login=1', $lang_login['Login redirect']);
}
}Check forum_hash() function for 1.4.2 and 1.4.4
// Generates a salted, SHA-1 hash of $str
function forum_hash($str, $salt)
{
$return = ($hook = get_hook('fn_forum_hash_start')) ? eval($hook) : null;
if ($return != null)
return $return;
return sha1($salt.sha1($str));
}Check 'fn_forum_hash_start' Hook.
P.S. If that doesn't help, let all use recovery of the password.
OK:) The problem seems to have sorted itself out but I now see another one. In the downloaded folder found on http://punbb.informer.com/ - actual url, http://punbb.informer.com/download/punbb-1.4.4.zip, the admin folder does not contain any styles and the administration side of the forum appears unstyled. I found the css by checking the source code here but I think that the issue needs to be addressed. I am also checking other minor problems which I will report here.
PunBB Forums → PunBB 1.4 bug reports → can't login after upgrade
Powered by PunBB, supported by Informer Technologies, Inc.