Coppermine CRUSHED!? Coppermine CRUSHED!?
 

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Main Menu

Coppermine CRUSHED!?

Started by matija, December 03, 2005, 04:08:19 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

matija

Hi!

I updated from Coppermin 1.3.3 to 1.4.2 and everything was working with some small problems. Then I went to the admin panel and clicked 'Restore Defaults' instead of 'Update settings' and coppermine CRUSHED. I could login as a admin and now it says that 'You are banned from using coppermine'. The URL is: http://www.ana-ivanovic.net/gallery/ . PLEASE HELP ME!

Thanks in advance,
Matija.

Paver

#1
OK, my guess is that the "enable_encypted_passwords" configuration option did you in.  Looking at the update script, this option is turned off since previous versions did not use encrypted passwords, but since 1.4.2 now does, the factory default is to have this option on.  So your users table has the passwords not encrypted, Coppermine with its new default option thinks they are and so when you login it encrypts what you type in, compares it, and it doesn't match ... you're banned (after 5 attempts).  The default ban time is 10 minutes, but that doesn't help because you'll never get in just by logging in.

Oops, I may have overstepped my boundaries.  I just tried (right now), update.php on your site and it executed.  I guess that's by design (update.php doesn't check for admin access so you should remove it once you are done).  I may have just fixed your problem by running update.php which sets the "enable_encrypted_passwords" to OFF.  I didn't mean to do it myself.  I was going to recommend you do so.  Sorry about that.  I should look (more carefully) before I leap.

By the way, phpMyAdmin.net is a useful tool for modifying the database directly in case you get stuck. You could remove your ban for example and not wait 10 minutes for it to expire on its own.  Your web host probably has phpMyAdmin already installed but if it doesn't, you can download it and put it in a subdirectory on your web account and use it yourself.  Very very useful.

Nibbler

Running update.php won't turn encrypted passwords off. There is a bug filed for the factory defaults issue though, that should be fixed in 1.4.3

Paver

Quote from: Nibbler on December 03, 2005, 04:44:10 PM
Running update.php won't turn encrypted passwords off.

Isn't sql/update.sql run from update.php?

Nibbler

Yes

INSERT INTO CPG_config VALUES ('enable_encrypted_passwords','0');

If that's what you were looking at then that won't change the value, it will just insert a new row for the setting if one doesn't exist already.

Paver

Quote from: Nibbler on December 03, 2005, 04:49:51 PM
Yes

INSERT INTO CPG_config VALUES ('enable_encrypted_passwords','0');

If that's what you were looking at then that won't change the value, it will just insert a new row for the setting if one doesn't exist already.

Oh, of course.  I could blame the hour of the morning, but it's not fair to externalize my failings.

So do you recommend to Matija to use phpMyAdmin to change this option in CPG_CONFIG to 0?  I guess you could also add the following line to sql/update.sql and then run update.php:

UPDATE `CPG_config` SET `value` = '0' WHERE `name`= 'enable_encrypted_passwords' LIMIT 1 ;

(if you don't have phpMyAdmin on hand).  Of course using phpMyAdmin is much safer in general.

Nibbler

Yes, that would work. It would need to be CPG_ though.

Paver

Roger.  Modified as specified.

matija

I quite dont understand what should I do. I cant access the admin mode and I guess my ip is temporarily banned. So could you please tell me more precisly what to do (I am a dumb I know). Also why is the default language of coppermine polish now and I also couldn't change it. I would appriciate your kind help. The site is quite popular and it doesnt look to good right now.

Paver

Matija: I see English on your site right now.

If you have never used phpMyAdmin before (or never heard of it), you might want to put it on your "to do" list because it's a handy tool.

For now, a quicker fix (but a little riskier if you are not careful) is to modify this file on your web account: "update.sql" in your SQL folder (under coppermine).  This file is a text file so open it in a text editor and add the following line (at the bottom or anywhere really):

UPDATE CPG_config SET value = '0' WHERE name = 'enable_encrypted_passwords' LIMIT 1 ;

Make sure it's on a line by itself.  (You could put blank lines around it to make sure.)  If you modify the file on your home computer, upload the file to your web account in the SQL folder overwriting the previous file.

Then, in your web browser, go to http://www.ana-ivanovic.net/gallery/update.php.  That should fix the problem.  If you are still banned, you'll have to wait until the ban clears (up to 10 minutes), then try again.  I could give you another line to add to update.sql to remove the ban, but that's not safe because then anyone could clear the bans using this file.  After you are done and everything is working, I'd move update.php and upgrade-1.0-to-1.2.php out of your web folder so no one else can run them in the future.


matija

Thank you for a wonderful response Paver! You see it in english cause I put different url: http://www.ana-ivanovic.net/gallery/index.php?lang=english&theme=water_drop. If you clean cookies or register it will be polish. I dont know how to solve it and it seems to be a major problem. Any ideas? Once more thank you!

Paver

You're welcome.  Are you able to log in as admin now?  If so, this thread is "solved".

If you want to ask a question about language issues, you should start a new thread.  One of the rules is "one question per thread".  It keeps things organized and easy to read & search later.  If you start another thread, a more detailed subject would be more helpful.   ;)

matija