Jump to content
Froxlor Forum
  • 0

can not log in after update to newest version


robertr

Question

Hi there,

first thanks for your excelent work.

I just upgraded to the newest Frolor version.

When try to log in, I now get a yellow warning: A newer version of Froxlor has been installed but not yet set up.
Only the administrator can log in and finish the update.

However I can not login. I always get a : Error The username or password you typed in is wrong. Please try it again!

I did try to set the password of the Admin user in mysql using:

mysql> UPDATE `panel_admins` SET `password` = MD5('XXXXX') where `adminid`='1';
Query OK, 1 row affected (0.00 sec)
Rows matched: 1  Changed: 1  Warnings: 0

mysql> select adminid,loginname,name,password from panel_admins where adminid='1';
+---------+-----------+------------+----------------------------------+
| adminid | loginname | name       | password                         |
+---------+-----------+------------+----------------------------------+
|       1 | Admin     | Rottermann | d21c9d881eba6988be480efab45de2b9 |
+---------+-----------+------------+----------------------------------+
1 row in set (0.00 sec)

 

could anybody please help

thanks

Robert

 

Link to comment
Share on other sites

12 answers to this question

Recommended Posts

  • 0

Thanks a lot

Using the old version of froxlor (Installierte Version:     0.9.38-rc2 (DB: 201610070), this is what I found in the pannel)

I can easily login as Admin, with the password I set.

When I swap the froxlor folder with the newest version, and restart apache2, I can not login anymore.

In the syslog file I get the following error:

/var/log/syslog
102756:Feb 28 17:37:32 susanne froxlor[32103]: froxlor.WARNING: User 'Admin' tried to login with wrong password. {"source":"login","action":"50","user":"46.140.127.198"} []

 

robert

Link to comment
Share on other sites

  • 0

The login procedure did not change from 0.9.x to 0.10.x - this should still work just fine (and does so for most of the users I guess or else I would have many more reports about that here).

What setting according to Password Hash Algorithm do you have enabled? Froxlors default is SHA256 - possibly, if set to BLOWFISH it can happen that the system does not support it (as froxlor tries to update the given password from md5 - if still stored in that format to the currently used). But froxlor's settings should only show you the available hashes - maybe it's set to a prior available setting and it was never changed?

Link to comment
Share on other sites

  • 0

Where would I find out what algorithm should be used?

In v0.9 I used:

mysql> UPDATE `panel_admins` SET `password` = MD5('XXXXX') where `adminid`='1';

so for v0.9 it is MD5.

Where in the settings can I see/set the used algorithm?

Is there a way to hack a bypass?

I am a programmer myself, but unfortunately I never learned about php...

robert

Link to comment
Share on other sites

  • 0
Just now, robertr said:

so for v0.9 it is MD5.

not necessarily, was a setting even in 0.9.x, as said, if froxlor finds "old" md5 it tries to update it to the currently used hash-algorithm (if not set to md5)

You can find the corresponding option in Settings -> Seurity Options

Link to comment
Share on other sites

  • 0

Same I have here with an account from a client. From my linux machine the login works fine, from a windows machine not. I didn't dive into the used login procedure, but I guess that the cause is something with the character set.
I've noticed issues with an previous froxlor version from the last year, where it helped to remove the browser cache. On both machines, Linux and Windows, I've been using Firefox.

Link to comment
Share on other sites

  • 0

Now I have had a look at the HTTP requests. What happens is not the same as when I try to log in with the wrong password. In summary, the following happens:

Request: POST index.php, what is striking here is the cookie line of the request, in which the PHPSESSID variable is set twice with two different values!
Response: 302 to customer_index.php, Set-Cookie: PHPSESSID=(new value)

Request: customer_index.php, Cookie: PHPSESSID set twice again
Response: 302 to index.php

No error message appears, as after entering an incorrect password,

After deleting the cookies in the browser, the login also worked under Windows!

Conclusion: something messes up the Session Cookie.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×
×
  • Create New...