CGIAuth Setup Please help

New Member Joined: May 11, 2006 Posts: 15

I have been reading all the posts about how to set up nuke sentinel to work with CGIAuth. My problem is that I get to the Admin login box and my user name/password do not work. I have checked everything possible, all my information seems to be correct. If it is not too much to ask, would someone mind figure out how to set up my .htaccess and .staccess files and get this to work. I would most truly appreciate it.

Site Admin Joined: Jun 04, 2004 Posts: 6432

Welcome.

The user ID and password used with admin authentication is separate from the admin user and from the site user. You can make them identical, but I highly recommend that the admin user / pw be different from the admin authentication user / pw.

Depending on your PHP configuration, the admin authentication user and encrypted password can be stored in a file like .staccess. You can create this file manually (see instructions and utilities in the forums here), or you can use NukeSentinel to maintain it. Other than possibly creating the password file and modifying the .htaccess file to use it, NukeSentinel doesn't really do anything else to "work with" admin authentication. The .htaccess / .staccess approach is actually supported by Apache.

Once you authenticate with the .staccess user and password, you can log on to admin.php using the admin user ID and password creating when you installed Nuke (or another author you've subsequently created).

Which posts did you use to check everything? Did you verify that the admin authentication user and password are stored correctly in .staccess?

Posted: Mon Nov 06, 2006 10:36 pm

So what do I need to do. I have set the admin name and password in the nuke menu, and sent it to my .staccess. I checked the file, it has the username and some type of encrypted password. I currently have .htaccess named sample.htaccess because otherwise I cannot access my admin at all. I am running a apache server and CGIAuth is the only auth available. What do I need to do to make sure sentinel is functioning correctly. At the moment I feel like it's not even working, I'm just trying to figure out what's left to configure.

Posted: Mon Nov 06, 2006 10:53 pm

Usually, if admin authentication isn't working (and you're using the correct password, of course), the problem is an incorrect path defined in the .htaccess (or the .staccess file isn't where .htaccess expects it). Check the path of your .staccess file and make sure the file is where it is expected (don't post the exact location here as it opens you up for certain attacks).

Posted: Mon Nov 06, 2006 11:05 pm

The .htaccess and .staccess are set correctly in the nuke menu, as well as the .htaccess file. Once I take the sample.htaccess and make it just .htaccess, the login box stars appearing and I cannot login.

Posted: Mon Nov 06, 2006 11:30 pm

Ahh, now that explains it. Click the setup .staccess button in nuke sentinel admin page. Now that will give you what to put in the .htaccess, then click Scan for New Admins, that will allow you to create the admin logins and setup the proper information in .staccess.

Dont forget before goin on, chmod both .htaccess and .staccess to 666.

Hope this fixes your error as it should.

Posted: Tue Nov 07, 2006 6:18 am

I emptied my .htaccess and .staccess files and uploaded them again, cmod 666. I went to nuke administration and selected CGIAuth for Admin Auth. I put the correct path to my .htaccess and .staccess files. Then I clicked CGIAuth Setup next to .staccess and it gave me this...I put this in my .htaccess and uploaded after completing the next few steps, otherwise it would not let me access admin.

Quote:

# -------------------------------------------
# Start of NukeSentinel(tm) admin.php Auth
# -------------------------------------------
<Files .staccess>
deny from all
</Files>

<Files admin.php>
<Limit GET POST PUT>
require valid-user
</Limit>
AuthName "Restricted by NukeSentinel(tm)"
AuthType Basic
AuthUserFile .staccess
</Files>
# -------------------------------------------
# End of NukeSentinel(tm) admin.php Auth
# -------------------------------------------

I then went to Scan For New Admins and the scan completed, then I clicked on Admin Auth List. It shows my Login Name and Password. I clicked Build CGIAuth file: .staccess. The process completed. Then uploaded my new .htaccess file and set it to .666 just to be safe. When i went to admin login, I got a login box...but the user name and password would not work again.

Posted: Tue Nov 07, 2006 6:44 am

Quote:

Then uploaded my new .htaccess file

I have a feeling that the path youhave set for the .staccess file is not the same as your local setup vs. your "uploaded" site. That path has to be right, or this will never work.

You are on the right track though so far that I can see...

Posted: Tue Nov 07, 2006 3:36 pm

Well I'm about ready to give up, can't spend a whole week worrying about this haha. Thank you Montego, kguske and darklord for all your help.

Posted: Tue Nov 07, 2006 5:54 pm

If you would, please post the path of your .staccess and your .htaccess files (with your account name removed for security purposes). Is your .staccess file in the same directory as .htaccess?

Posted: Tue Nov 07, 2006 6:43 pm

.htaccess (nuke root)

Quote:

<Files .staccess>
deny from all
</Files>

<Files admin.php>
<Limit GET POST PUT>
require valid-user
</Limit>
AuthName "Restricted"
AuthType Basic
AuthUserFile /home/www/wilray.freehostia.com/.staccess
</Files>

.staccess (nuke root)

Quote:

fakename:encryptedpassword (real name and password in my file)

Nuke Administration Settings

Admin Auth: Admin CGIAuth

.htaccess Path: /home/www/wilray.freehostia.com/.htaccess

.staccess Path: /home/www/wilray.freehostia.com/.staccess

Sells PC To Pay For Divorce Joined: Posts: 5661

but should i be able to read his .staccess file?
im sure something is wrong there...
cause with the info inside i know now what i shouldnt know....

Posted: Tue Nov 07, 2006 7:20 pm

I took away the permissions to the file altogether. Until I can get this figured out I'm not going to allow staccess or htaccess at all. I'm about to get rid of nuke altogether, cause this is starting to aggravate me.

Posted: Tue Nov 07, 2006 7:26 pm

Well take it easy mainvent ,they are trying to help you.....
and dont get frustrated cause there's no need for that...
there are a few who replied here with enough knowledge that can solve it...
but maybe you can give one of them access....that works much faster then this....

Posted: Tue Nov 07, 2006 7:28 pm

I'd be glad to give someone access. I will need to know who exactly and we can set that up. Sorry for getting frustrated, been a long weekend to have to be worrying with all this. I appreciate everyone's help.

Posted: Tue Nov 07, 2006 7:35 pm

well you could PM kguske.
do that with all the full info...site/ftp.... so he can login....
thats faster then posting all the time......

Posted: Tue Nov 07, 2006 8:00 pm

Ok I sent kguske a pm with my ftp and site info. Hopefully he can figure out what the problem is.

Posted: Tue Nov 07, 2006 8:02 pm

ok thats nice....
as soon as he gets the mail and gets online im sure he will help...

Posted: Wed Nov 08, 2006 6:41 am

I have seen, at times, where "www" is really a symbolic link to the real path. You might want to see if that is the case (I can tell using the FileZilla FTP tool on some of my own sites). You may need to use the full path which does NOT use the link. On some of my sites "www" is a symbolic link to "public_html".

I recall seeing a post from Raven about this issue awhile back, so be sure to use the full, real (not link) path if you can.

Posted: Wed Nov 08, 2006 7:08 am

Got the info and will take a look today.

Posted: Wed Nov 08, 2006 10:41 am

Thank you kguske.

Posted: Wed Nov 08, 2006 9:17 pm

Pretty strange. I copy a file, say 1.htaccess to your server. Fine. As soon as I rename it .htaccess, it disappears. I don't think it's an FTP thing, either, since the space indicates that the file was removed.

I'd suggest contacting your webhost about this. I checked the forums there, and they recommend using a control panel tool for protecting folders (which, of course, isn't what you're trying to do). But there are several references to .htaccess and how it might conflict with that function. It may be that they no longer support .htaccess, but it appears to be something else...

Posted: Wed Nov 08, 2006 9:37 pm

I've decided I'm going to change hosts. Thank you very much for your support everyone. Top notch!

Posted: Thu Nov 09, 2006 7:25 am

Did you find out anything from your host? If so, it would help us in the future.

Posted: Thu Nov 09, 2006 2:48 pm

Sent them a message, waiting on a reply. I'll post the results once they come back.

Message Sent

Quote:

I have set up php-nuke on my website, and I am trying to install Nuke Sentinel (Security Addon) for php-nuke. Nuke Sentinel requires .htaccess to set file and folder permissions, but for some reason once I upload the .htaccess file to my website, it disappears? I don't think it's an FTP thing, either, since the space indicates that the file was removed. I understand that you recommend using the control panel tool for protecting folders, but that isn't what I'm trying to do.I am trying to figure out what might be conflicting with the .htaccess function. It may be that you no longer support .htaccess, but it appears to be something else...