Login issue

SdP

Hi all,

I searched over the forum and found some other people with the same issue.

I cannot login to my Zenphoto gallery anymore. Of course login/password are known. It seems that the captcha password recovery don't work too.

So, I'm looking for a solution to fix this log in issue. I tried also to remove the password directly in the database, but even this didn't work.

I can't understand why this don't work anymore.

So, I'm looking for some help...

Thanks in advance.

acrylian

http://www.zenphoto.org/news/i-am-having-problems-logging-into-the-zenphoto-administrative-pages
http://www.zenphoto.org/news/i-forgot-my-admin-password-now-what-do-i-do-

SdP

Thanks for the feeadback.

before I decide to post, I tried the first one : NOK : no email send (why ? no idea)

I tried the second one too and got a result in the debug.log file.
I compared the results in the debug file (checkAuthorization: admins => ( ... )and login data (login / password) in the database. There are the same.
But I still cannot connect to the ZenPhoto admin panel, I always come back to the login page.

I didn't try to delete the zp_administrators database. I will try with this additionnal step...

As additional information, the debug file:

{Tue, 21 Feb 2012 05:30:33 GMT} Zenphoto v1.4.1.2[7836]
zp_getCookie(dynamic_locale)::album_session=0; SESSION[]=, COOKIE=
zp_getCookie(zenphoto_ssl)::album_session=0; SESSION[]=, COOKIE=
zp_getCookie(zenphoto_auth)::album_session=0; SESSION[]=, COOKIE=
Backtrace: checkAuthorization(, )
Zenphoto_Authority->checkAuthorization called
from Zenphoto_Authority->checkCookieCredentials (lib-auth.php [742])
from require_once (auth_zp.php [71])
from require_once (functions.php [44])
from require_once (admin-functions.php [9])
from admin.php [31]
checkAuthorization: admins => (
7 => ( id => 7, user => Sdadm, pass => a606206301f044541cf4508bdbf8e9939d49fc38,
name => Yoda, email => theyoda@gmail.com, rights => 1961343989,
custom_data => NULL, valid => 1, group => NULL, date => 2011-08-11 10:20:11,
loggedin => 2012-02-20 07:25:01, quota => NULL, language => fr_FR, prime_album => NULL,
other_credentials => NULL ),
)
zp_setCookie(zenphoto_auth, , -368000, )::album_session=0
zp_setCookie(zenphoto_ssl, , -368000, )::album_session=0
{Tue, 21 Feb 2012 05:30:34 GMT}
zp_getCookie(dynamic_locale)::album_session=0; SESSION[]=, COOKIE=
zp_getCookie(zenphoto_ssl)::album_session=0; SESSION[]=, COOKIE=
zp_getCookie(zenphoto_auth)::album_session=0; SESSION[]=, COOKIE=
Backtrace: checkAuthorization(, )
Zenphoto_Authority->checkAuthorization called
from Zenphoto_Authority->checkCookieCredentials (lib-auth.php [742])
from require_once (auth_zp.php [71])
from require_once (functions.php [44])
from c.php [9]
checkAuthorization: admins => (
7 => ( id => 7, user => Sdadm, pass => a606206301f044541cf4508bdbf8e9939d49fc38,
name => Yoda, email => theyoda@gmail.com, rights => 1961343989,
custom_data => NULL, valid => 1, group => NULL, date => 2011-08-11 10:20:11,
loggedin => 2012-02-20 07:25:01, quota => NULL, language => fr_FR, prime_album => NULL,
other_credentials => NULL ),
)
zp_setCookie(zenphoto_auth, , -368000, )::album_session=0
zp_setCookie(zenphoto_ssl, , -368000, )::album_session=0
{Tue, 21 Feb 2012 05:30:39 GMT}
zp_getCookie(dynamic_locale)::album_session=0; SESSION[]=, COOKIE=
zp_getCookie(zenphoto_ssl)::album_session=0; SESSION[]=, COOKIE=
passwordHash(SdP, valsdp)[{HASH_SEED}]:a0b042ea9cf8d8b429515d716373784ef0d01a64
zp_getCookie(dynamic_locale)::album_session=0; SESSION[]=, COOKIE=
zp_setCookie(zenphoto_auth, , -368000, )::album_session=0
zp_setCookie(zenphoto_ssl, , -368000, )::album_session=0
{Tue, 21 Feb 2012 05:30:40 GMT}
zp_getCookie(dynamic_locale)::album_session=0; SESSION[]=, COOKIE=
zp_getCookie(zenphoto_ssl)::album_session=0; SESSION[]=, COOKIE=
zp_getCookie(zenphoto_auth)::album_session=0; SESSION[]=, COOKIE=
Backtrace: checkAuthorization(, )
Zenphoto_Authority->checkAuthorization called
from Zenphoto_Authority->checkCookieCredentials (lib-auth.php [742])
from require_once (auth_zp.php [71])
from require_once (functions.php [44])
from c.php [9]
checkAuthorization: admins => (
7 => ( id => 7, user => Sdadm, pass => a606206301f044541cf4508bdbf8e9939d49fc38,
name => Yoda, email => theyoda@gmail.com, rights => 1961343989,
custom_data => NULL, valid => 1, group => NULL, date => 2011-08-11 10:20:11,
loggedin => 2012-02-20 07:25:01, quota => NULL, language => fr_FR, prime_album => NULL,
other_credentials => NULL ),
)
zp_setCookie(zenphoto_auth, , -368000, )::album_session=0
zp_setCookie(zenphoto_ssl, , -368000, )::album_session=0

SdP

So, I tried by deleting the zp_administrator table.
Ran setup
re-create the admin login
no chance to log in :-(

Anyway, I came one step forward : now I can send a "new password request" email.
But, I changed the password 3 times, still unable to connect to zenphoto...

But now, I probably have an automatic ban due to to many login attempt. I just get blank pages...

acrylian

If no email is sent that means either hte mail handler plugin is not enabled or configured correctly and/or the admin account has no email address attached.

If you get blank pages you should look into your server's error log. Also clear the browser cookies and make sure cookies are allowed (unless set Zenphoto to use sessions). I have to pass this to my colleague sbillard who is the expert on this login stuff.

SdP

Of course I checked the cookies, I tried also with another browser : same result.

I continue to analyze and found this in the security log

2012-02-21 18:13:38 xxx.xxx.xxx.xxx L’accés XSRF est bloqué MyUser MyName Échec saveadmin

If this can help...

acrylian

Then you probably have the security logger plugin active and exceeded the limit of failed logins.

I think the easiest would be to delete the administrators database table and create a new accout as described on the links above.

sbillard

2012-02-21 18:13:38 xxx.xxx.xxx.xxx L’accés XSRF est bloqué MyUser MyName Échec saveadmin

This is a security block that happens when a `POST` appears to have been made by some client other than Zenphoto. XSRF stands for `Cross Site Reference Forgery`.

Whenever the Zenphoto admin pages make a `POST` a parameter is passed with a security code. The `POST` processing checks that the parameter is valid and if not, you get that message.

Looking at the debug log data you have posted I would guess that `SESSIONS` are not working on your server (and probably cookies not working either.) `SESSIONS` are required for the back-end to work. If neither `SESSIONS` nor cookies are working you will not be able to sustain a login as each time a page refreshes there will be no record of your prior login.

SdP

acrylian : As written above, I tried twice to delete the zp_administrator table. Same result. I cannot log in.

sbillard : I used zenphoto last year without any problem. Now I just want to and new pictures and I cannot log in anymore. Same server, same host...
On the same server, I use two wordpress blogs, two forums (SMF and IPB) and a CMS (NPDS). All these are working well (as Zenphoto until a few weeks). But now it should be a server issue ? Honnestly, I don't think so.

But, if I understand you right (my english is far from perfect) there is nothing to do on zenphoto side.

So, I will stop spending your time (and my time) and will start to search another gallery where I can log in, even a few months after installation.

Thanks for the help.

acrylian

Well, we surely want to help you to get Zenphoto running again. We cannot test every possible server setup so either something is different on yours or it changed recently. My collegue hinted that sessions somehow might not work correctly on your server. You should ask your host about that.

I can assure you that Zenphoto works on pretty standard shared hosts, at least the ones I am using. So don't abandon ZP too fast.

SdP

I know that you do your best to help, but in fact my host is the N°1 in the world : 1and1
Ok, it doesn't mean that it's the best, but I rent 1 dedicated server and 8 different shared server there. Each server hosts multiple of my websites, blogs or forums. I never had an issue with cookies or session (which are used with no issue by other hosted application on same server)

I'm working in an IT dept and I know how it is difficult to find a solution with such kind of "strange" issues (it worked, now it don't work anymore, and no changes done simply because I cannot log on).

As you said, you cannot test every possible server/theme and so on configuration. I totally agree with that.

But looking deeper in the forum, I find a lot of people with login issues. So I think (maybe i'm wrong)) it's not only server configuration.
If it would be, why deleting a table and running setup to recreate the table would solve (unfortunatly not in my case) some of the login issues. The server configuration didn't change between : "can't log in", delete table, create table, logged in.

I'm fine with IT, but I imagine people (with no IT knowledge ) faces when you ask for tables deletion to solve an log in problem. It's probably like if you would ask me for a cooking issue lol

Maybe it's also because I'm the admin of these servers/websites that it's more dificult to accept that I can't log in.

I can/will do all the tests you want if this can help. But at this moment, honestly I'm in doubt about ZP. I never got such kind of login issues with my other applications.

I started my search for another gallery. I will need some time to install/tests the other I roughly selected in the first list.
Let's see if we will find a solution for ZP or if I will migrate to another one after all these tests.

acrylian

Yes, 1and1 is present over here (Germany) as one of the biggest as well. I never used it for ZP though. But I used servers of the 2nd biggest host over here and all worked as expected. (Generally I personally prefer alternative smaller hosts).

I cannot answer to your issue. We try to make all of this bullet proof but as you know as working in IT it will never be. If we can we surely would like to sort out this respectively your issue. My collegue sbillard is the expert on these things so I can only pass this to him.

I understand your thoughts regarding non IT users (and the cooking example..;-)): I think if one installs and maintains a software that needs to be installed on a server one should have some knowledge about this stuff. At least knowing how to delete a database table and what that actually is as well!.

If not one should have someone for the technical side or probably a pure hosted service is the more convenient choice as you need to perform updates with ZP yourself as well.

SdP

My 1and1 servers are hostet in Germany (Karlsruhe) but I live 5km from the Saarland German border (and I work for a German Group ).
I rent also dedicated servers at keyweb (so also in Germany) but as game servers, no web application installed.

As mentionned before, I will do all the tests you will ask for if this can help. But if no solution can be found, I have to find one, even if it's not directly a software issue.

I will try to do a complete new installation in another folder and let's see what happen.

sbillard

The debug log snippet you have provides shows only that there is no cookie nor session containing the saved authroization code. Of coure it is impossible to know why this is not present. But there is nothing in what you have shown indicating that there was any login processed--that is there is no recording of the saving of the password cookie.

So what you need to do is to clear out the debug log so that we have only fresh relevent data. Then attempt to login. Post the results of that.

SdP

Done:

I did a password reset and ttried to log in with the new password

{Thu, 23 Feb 2012 06:45:04 GMT} Zenphoto v1.4.1.2[7836]
zp_getCookie(dynamic_locale)::album_session=0; SESSION[]=, COOKIE=
zp_getCookie(zenphoto_ssl)::album_session=0; SESSION[]=, COOKIE=
passwordHash(SdP, montoto$)[{HASH_SEED}]:1a5a4ebcacd8107cc35117c883fb79dd379f48ae
zp_getCookie(dynamic_locale)::album_session=0; SESSION[]=, COOKIE=
zp_setCookie(zenphoto_auth, , -368000, )::album_session=0
zp_setCookie(zenphoto_ssl, , -368000, )::album_session=0
{Thu, 23 Feb 2012 06:45:04 GMT}
zp_getCookie(dynamic_locale)::album_session=0; SESSION[]=, COOKIE=
zp_getCookie(zenphoto_ssl)::album_session=0; SESSION[]=, COOKIE=
zp_getCookie(zenphoto_auth)::album_session=0; SESSION[]=, COOKIE=
Backtrace: checkAuthorization(, )
Zenphoto_Authority->checkAuthorization called
from Zenphoto_Authority->checkCookieCredentials (lib-auth.php [742])
from require_once (auth_zp.php [71])
from require_once (functions.php [44])
from c.php [9]
checkAuthorization: admins => (
7 => ( id => 7, user => SAdm, pass => 0943884975a3dfaaf08a10ac3c04c7933b3ab481,
name => Moi, email => theyoda@gmail.com, rights => 1961343989,
custom_data => NULL, valid => 1, group => NULL, date => 2012-02-21 08:03:02,
loggedin => 2012-02-21 08:03:20, quota => NULL, language => NULL, prime_album => NULL,
other_credentials => NULL ),
)
zp_setCookie(zenphoto_auth, , -368000, )::album_session=0
zp_setCookie(zenphoto_ssl, , -368000, )::album_session=0

SdP

Additional information.

I deleted the cookie I had for the gallery. I was asked to save a cokkie. So it look like if the cookie is generated.

acrylian

Thanks so far, sbillard will surely respond later (different time zone).

sbillard

I deleted the cookie I had for the gallery. I was asked to save a cokkie. So it look like if the cookie is generated.

The only problem is that the above log does not show a cookie being stored and the it does show that when Zenphoto tries to retrieve the cookie it is not being presented by the system.

In addition, there is no session variable present. Was your logon from the Admin pages (zp-core/admin.php)?

Can you locate the cookie on your client? It will be named `zenphoto_auth`.

SdP

Yes I tried to log on from zp-core/admin.php

I'm using firefow (so cookies are stored in the sql db)

I don't have a cookie named zenphoto_auth.

Just one cookie with the name of the gallery and the cookie information is PHPSESSID, nothing else

sbillard

No zenphoto_auth cookie means that the logon did not succeed. Unfortuantely there is not a debug entry for the actual POST handling, only when the cookie is stored. I will add that debug in tonight's nightly build, though.

Does your security log have any cross site reference forgery entries? I still think there is something wrong that there is no session id showing in your logs.

Here is what a successful logon normally looks like. (Note that this does have the new debug code.) The bold items are of interest. In particular, the 6mu3qvu3icqesaru0dqodvu8j5
which is the session id.

Maybe you can install tonight's nightly build and try this again. Maybe the extra debug information will show something.

`
{Thu, 23 Feb 2012 23:23:31 GMT} Zenphoto v1.4.3-DEV[9301]
zp_getCookie(dynamic_locale)::album_session=0; SESSION[6mu3qvu3icqesaru0dqodvu8j5]=, COOKIE=
zp_getCookie(zenphoto_ssl)::album_session=0; SESSION[6mu3qvu3icqesaru0dqodvu8j5]=, COOKIE=
`
zp_getCookie(zp_user_auth)::album_session=0; SESSION[
6mu3qvu3icqesaru0dqodvu8j5]=, COOKIE=
`
Backtrace: checkAuthorization(, )
Zenphoto_Authority->checkAuthorization called
from Zenphoto_Authority->checkCookieCredentials (lib-auth.php [793])
from require_once (auth_zp.php [75])
from require_once (functions.php [44])
from require_once (admin-functions.php [9])
from require_once (admin-globals.php [27])
from admin.php [12]
zp_setCookie(zp_user_auth, , -368000, /dev/)::album_session=0; SESSION=6mu3qvu3icqesaru0dqodvu8j5
zp_setCookie(zenphoto_ssl, , -368000, /dev/)::album_session=0; SESSION=6mu3qvu3icqesaru0dqodvu8j5
{Thu, 23 Feb 2012 23:23:37 GMT}
zp_getCookie(dynamic_locale)::album_session=0; SESSION[6mu3qvu3icqesaru0dqodvu8j5]=, COOKIE=
zp_getCookie(zenphoto_ssl)::album_session=0; SESSION[6mu3qvu3icqesaru0dqodvu8j5]=, COOKIE=
passwordHash(stephenbillard, slb_zen)[{HASH_SEED}]:9ac7b0dd3bf9a3a8d8fa515dc62599d6c5f6606d
checkLogon(stephenbillard, 9ac7b0dd3bf9a3a8d8fa515dc62599d6c5f6606d)->74E8EFED
zp_getCookie(dynamic_locale)::album_session=0; SESSION[6mu3qvu3icqesaru0dqodvu8j5]=, COOKIE=
Zenphoto_Administrator->save()

object(Zenphoto_Administrator)[9]
{ edited for brevity }
`
zp_setCookie(zp_user_auth, 9ac7b0dd3bf9a3a8d8fa515dc62599d6c5f6606d, 5184000, /dev/)::album_session=0; SESSION=6mu3qvu3icqesaru0dqodvu8j5
`
{Thu, 23 Feb 2012 23:23:37 GMT}
zp_getCookie(dynamic_locale)::album_session=0; SESSION[6mu3qvu3icqesaru0dqodvu8j5]=, COOKIE=
zp_getCookie(zenphoto_ssl)::album_session=0; SESSION[6mu3qvu3icqesaru0dqodvu8j5]=, COOKIE=
zp_getCookie(zp_user_auth)::album_session=0; SESSION[6mu3qvu3icqesaru0dqodvu8j5]=9ac7b0dd3bf9a3a8d8fa515dc62599d6c5f6606d, COOKIE=9ac7b0dd3bf9a3a8d8fa515dc62599d6c5f6606d
Backtrace: checkAuthorization(9ac7b0dd3bf9a3a8d8fa515dc62599d6c5f6606d, )
Zenphoto_Authority->checkAuthorization called
from Zenphoto_Authority->checkCookieCredentials (lib-auth.php [793])
from require_once (auth_zp.php [75])
from require_once (functions.php [44])
from require_once (admin-functions.php [9])
from require_once (admin-globals.php [27])
from admin.php [12]
checkAuthorization: admins => (
{ edited for brevity }
)
checkAuthorization: from 9ac7b0dd3bf9a3a8d8fa515dc62599d6c5f6606d->74E8EFED
`

SdP

I cannot understand why, but, I did a fresh installation in another folder on the same web server and it works fine.
So, basically, I would say that the issue is not related to the host (it didn't change) and not related to my local browser or something else (it didn't change too).

The issue could only be on zenphoto side. Something was going wrong, but what...

sbillard

Have you re-installed zenphoto on the site that fails? If so, then it cannot be related to zenphoto either!

SdP

So if it's not the host, not ZP and not local, it's a ghost ?

The only thing I changed : new ZP installation in a new folder with a new DB on the same host with the same client.

So the new installation works (as the old one for few months). It cannot be related to the host or to the client.

sudhirsingh

album password not working please help me

acrylian

sudhirsingh, please open a new topic (this is not about your problem) and add some details (if you are serious...