Error while loggin in and in admin panel (blank pages) Error while loggin in and in admin panel (blank pages)
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Error while loggin in and in admin panel (blank pages)

Started by wipqozn1, May 02, 2007, 01:44:38 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

wipqozn1

I've got a little problem. When user try to log in everything goes fine, but after clicking on "Log in" a blank page is displaying. When user type url of gallery in browser - works fine and he is logged.

The same is fith admin.php - when I do some changes in admin panel and click "save" - blank page appear (but changes are saved).

This blank pages really sux - for new users it can looks like site doesn't work at all, for me it's terrible too.

I did some modifications in code while install some mods or plugins. But when I restore ALL files form main directory and /include/ - nothing happens, still this ugly blank page is showing after logging in.

URL (don't laught, it's at develop stage ;-) ):

This is my login.php file (if it's important, if no please tell me what should I post here (since this blank page not only appear after loging in, as I explained above)) :

<?php
/*************************
  Coppermine Photo Gallery
  ************************
  Copyright (c) 2003-2006 Coppermine Dev Team
  v1.1 originally written by Gregory DEMAR

  This program is free software; you can redistribute it and/or modify
  it under the terms of the GNU General Public License as published by
  the Free Software Foundation; either version 2 of the License, or
  (at your option) any later version.
  ********************************************
  Coppermine version: 1.4.10
  $Source$
  $Revision: 3275 $
  $Author: gaugau $
  $Date: 2006-09-03 12:10:47 +0200 (So, 03 Sep 2006) $
**********************************************/

define('IN_COPPERMINE'true);
define('LOGIN_PHP'true);

require(
'include/init.inc.php');

if (
USER_IDcpg_die(ERROR$lang_login_php['err_already_logged_in'], __FILE____LINE__);

if (
defined('UDB_INTEGRATION')) $cpg_udb->login_page();

$referer $_GET['referer'] ? $_GET['referer'] : 'index.php';
if (
strpos($referer"http") !== false) {
  
$referer "index.php";
}
$login_failed '';
$cookie_warning '';

if (isset(
$_POST['submitted'])) {
    if ( 
$USER_DATA $cpg_udb->loginaddslashes($_POST['username']), addslashes($_POST['password']), isset($_POST['remember_me']) ) ) {
        
$referer=preg_replace("'&amp;'","&",$referer);
        
pageheader($lang_login_php['login'], "<META http-equiv=\"refresh\" content=\"3;url=$referer\">");
        
msg_box($lang_login_php['login'], sprintf($lang_login_php['welcome'], $USER_DATA['user_name']), $lang_continue$referer);
        
pagefooter();
        exit;
    } else {
        
log_write("Failed login attempt with Username: {$_POST['username']} from IP {$_SERVER['REMOTE_ADDR']} on " localised_date(-1,$log_date_fmt),CPG_SECURITY_LOG);

        
$login_failed = <<<EOT
                  <tr>
                          <td colspan="2" align="center" class="tableh2">
                        <span style="color:red"><b>
{$lang_login_php['err_login']}<b></span>
                        </td>
                  </tr>
EOT;

        
// get IP address of the person who tried to log in, look it up on the banning table and increase the brute force counter. If the brute force counter has reached a critical limit, set a regular banning record
        
$result cpg_db_query("SELECT * FROM {$CONFIG['TABLE_BANNED']} WHERE ip_addr='$raw_ip' OR ip_addr='$hdr_ip'");
        
$failed_logon_counter mysql_fetch_array($result);
        
mysql_free_result($result);
        
$expiry_date date("Y-m-d H:i:s"mktime(date('H'), date('i')+$CONFIG['login_expiry'], date('s'), date('m'), date('d'),date('Y')));

        if (
$failed_logon_counter['brute_force']) {
            
$failed_logon_counter['brute_force'] = $failed_logon_counter['brute_force'] - 1;
            
$query_string "UPDATE {$CONFIG['TABLE_BANNED']} SET brute_force='".$failed_logon_counter['brute_force']."',  expiry='".$expiry_date."' WHERE ban_id=".$failed_logon_counter['ban_id'];
        }else{
            
$failed_logon_counter['brute_force'] = $CONFIG['login_threshold'];
            
$query_string "INSERT INTO {$CONFIG['TABLE_BANNED']} (ip_addr, expiry, brute_force) VALUES ('$raw_ip', '$expiry_date','".$failed_logon_counter['brute_force']."')";
        }

        
//write the logon counter to the database
        
cpg_db_query($query_string);
    }
}

if (!isset(
$_COOKIE[$CONFIG['cookie_name'] . '_data'])) {
    
$cookie_warning = <<<EOT
                  <tr>
                          <td colspan="2" align="center" class="tableh2">
                        <span style="color:red"><b>
{$lang_login_php['cookie_warning']}</b></span>
                        </td>
                  </tr>

EOT;
}

pageheader($lang_login_php['login']);
$referer urlencode($referer);
echo 
'<form action="login.php?referer='.$referer.'" method="post" name="loginbox">';

starttable('-1'$lang_login_php['enter_login_pswd'], 2);
echo <<< EOT
                  $login_failed
                  
$cookie_warning
                  <tr>
                        <td class="tableb" width="40%">
{$lang_login_php['username']}</td>
                        <td class="tableb" width="60%"><input type="text" class="textinput" name="username" style="width: 100%" tabindex="1" /></td>
                  </tr>
                  <tr>
                          <td class="tableb">
{$lang_login_php['password']}</td>
                        <td class="tableb"><input type="password" class="textinput" name="password" style="width: 100%" tabindex="2" /></td>
                  </tr>
                  <tr>
                    <td colspan="2" align="center" class="tableb">
{$lang_login_php['remember_me']} <input name="remember_me" type="checkbox" class="checkbox" value="1" tabindex="3" /></td>
                  </tr>
                  <tr>
                    <td align="center" class="tablef"><a href="forgot_passwd.php" class="topmenu">
{$lang_login_php['forgot_password_link']}</a></td>
                    <td align="left" class="tablef"><input name="submitted" type="submit" class="button" value="
{$lang_login_php['login']}" tabindex="4" /></td>
                  </tr>

EOT;

endtable();

echo <<< EOT

</form>
<script language="javascript" type="text/javascript">
<!--
document.loginbox.username.focus();
-->
</script>
EOT;

pagefooter();
ob_end_flush();

?>



wipqozn1

URL: http://gryz.pl

user: fan_gier

pass: 123456

Just try and You'll get the image.


Nibbler

What is this doing at the top of the page?


<script language="javascript" type="text/javascript">
<!--
var win=null;
function NewWindow(mypage,myname,w,h,scroll,pos){
if(pos=="random"){LeftPosition=(screen.width)?Math.floor(Math.random()*(screen.width-w)):100;TopPosition=(screen.height)?Math.floor(Math.random()*((screen.height-h)-75)):100;}
if(pos=="center"){LeftPosition=(screen.width)?(screen.width-w)/2:100;TopPosition=(screen.height)?(screen.height-h)/2:100;}
else if((pos!="center" && pos!="random") || pos==null){LeftPosition=0;TopPosition=20}
settings='width='+w+',height='+h+',top='+TopPosition+',left='+LeftPosition+',scrollbars='+scroll+',location=no,directories=no,status=yes,menubar=no,toolbar=no,resizable=no';
win=window.open(mypage,myname,settings);}
// -->
</script>

wipqozn1

Well.... calling of this script is in a classic-theme template file template.html by default :-)

<script type="text/javascript" src="scripts.js"></script>
<!-- $Id: template.html 2688 2005-12-04 03:22:35Z donnoman $ -->


I've removed this line anyway - no changes as you can see by logging in.

Nibbler

I don't understand. The code I posted is still there and I'm fairly sure it is the reason for the blank pages. Remove it.

wipqozn1

My mistake - this script was included by tagblitz plugin. I've removed it - have no idea why it was there and what it was supposed to do.

But those blank pages still appear after logging in, take a look :-/

Nibbler

Looks like you have added some blank lines when you removed the javascript. Check any files you have modified or added for blank lines before the <?php at the start or after the ?> (if present) at the end.

wipqozn1

Well...

There was no file with blank lines before <?php and almost all files (provided with plugins and cpg) had blank lines after last ?> tag. I remove these.

No changes. Anyway, if there would be a blank lines before <?php then a blank page wouldn't only appear when user try to log in - at least I think so.

So there are no changes. I really appreciate your help and still hope that you'll find out what the problem is :-)

Nibbler

I'm not sure what the problem is, I thought it was an issue with redirecting after login but it is something bigger than that. If you are happy to PM me FTP access to the gallery I can take a closer look.

Nibbler


wipqozn1


wipqozn1

UPDATE:

problem caused by a POTD (picture of the day/week) plugin.

It's important since this plugin requires one hack in functions.inc.php file and word is on the street that this hack is being considered for inclusion in the next  version of Coppermine (in fact, readme said that).

So meybe one of You (devs) would like to analise this problem in detail before decide to implement this one constantly.

wipqozn1

Okay, the hack has nothing to do with these blank pages. It's a foult of this line in codebase.php:

$thisplugin->add_filter('page_html','potd_filter_page');

To bad, 'cause removing of this line make the plugin useless (we can't see "set as POD", etc in album menu under every file).