Jump to content
Froxlor Forum
  • 0
robertr

can not log in after update to newest version

Question

Hi there,

first thanks for your excelent work.

I just upgraded to the newest Frolor version.

When try to log in, I now get a yellow warning: A newer version of Froxlor has been installed but not yet set up.
Only the administrator can log in and finish the update.

However I can not login. I always get a : Error The username or password you typed in is wrong. Please try it again!

I did try to set the password of the Admin user in mysql using:

mysql> UPDATE `panel_admins` SET `password` = MD5('XXXXX') where `adminid`='1';
Query OK, 1 row affected (0.00 sec)
Rows matched: 1  Changed: 1  Warnings: 0

mysql> select adminid,loginname,name,password from panel_admins where adminid='1';
+---------+-----------+------------+----------------------------------+
| adminid | loginname | name       | password                         |
+---------+-----------+------------+----------------------------------+
|       1 | Admin     | Rottermann | d21c9d881eba6988be480efab45de2b9 |
+---------+-----------+------------+----------------------------------+
1 row in set (0.00 sec)

 

could anybody please help

thanks

Robert

 

Share this post


Link to post
Share on other sites

10 answers to this question

Recommended Posts

  • 0

Ahhhhhhhhhhhhhhhh

As so very often in such cases, it was mere stupidity ..

I copied a wrong userdata.inc.php, which still had syscp as databse. And mysql still has such a database.

Time to clean up

 

thanks for your support

robert

Share this post


Link to post
Share on other sites
  • 0

Anything in the syslog/Apache error log? Remember the login name is also case sensitive

Share this post


Link to post
Share on other sites
  • 0

Thanks a lot

Using the old version of froxlor (Installierte Version:     0.9.38-rc2 (DB: 201610070), this is what I found in the pannel)

I can easily login as Admin, with the password I set.

When I swap the froxlor folder with the newest version, and restart apache2, I can not login anymore.

In the syslog file I get the following error:

/var/log/syslog
102756:Feb 28 17:37:32 susanne froxlor[32103]: froxlor.WARNING: User 'Admin' tried to login with wrong password. {"source":"login","action":"50","user":"46.140.127.198"} []

 

robert

Share this post


Link to post
Share on other sites
  • 0

The login procedure did not change from 0.9.x to 0.10.x - this should still work just fine (and does so for most of the users I guess or else I would have many more reports about that here).

What setting according to Password Hash Algorithm do you have enabled? Froxlors default is SHA256 - possibly, if set to BLOWFISH it can happen that the system does not support it (as froxlor tries to update the given password from md5 - if still stored in that format to the currently used). But froxlor's settings should only show you the available hashes - maybe it's set to a prior available setting and it was never changed?

Share this post


Link to post
Share on other sites
  • 0

Where would I find out what algorithm should be used?

In v0.9 I used:

mysql> UPDATE `panel_admins` SET `password` = MD5('XXXXX') where `adminid`='1';

so for v0.9 it is MD5.

Where in the settings can I see/set the used algorithm?

Is there a way to hack a bypass?

I am a programmer myself, but unfortunately I never learned about php...

robert

Share this post


Link to post
Share on other sites
  • 0
Just now, robertr said:

so for v0.9 it is MD5.

not necessarily, was a setting even in 0.9.x, as said, if froxlor finds "old" md5 it tries to update it to the currently used hash-algorithm (if not set to md5)

You can find the corresponding option in Settings -> Seurity Options

Share this post


Link to post
Share on other sites
  • 0

You can read that from mysql directly: 

SELECT `value` FROM `panel_settings` WHERE `varname` = 'passwordcryptfunc'

The result is mapped as following:

0 => system default
1 => MD5
2 => BLOWFISH
3 => SHA-256
4 => SHA-512

 

Share this post


Link to post
Share on other sites
  • 0

the result is 1, so it is MD5

I now even set a new password from froxlor itself, with which I can login in the old version

in the new version, this credentials are not accepted.

Is there a way to tell froxlor to create more debug info?

Share this post


Link to post
Share on other sites
  • 0

No, the little information on failed logins is intended. If you want you can PM me the server credentials (root) and I can debug live to see what's wrong there

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...