I AM BLOCKED OUT!!

Hangin' Around Joined: Aug 02, 2004 Posts: 36

Ok i enabled http auth which I used to use np with admin secure (now uninsatlled) but I insalled sentinel RC6 turned on http auth and the auth screen pops up but wont accept my pass!!! then tells me to leave now. wtf?

Posted: Wed Aug 04, 2004 10:01 am

btw went into phpmyadmin and changed http_auth from a 1 to a 0 now im in again but why wont it accept my pass in http_auth mode?

Posted: Wed Aug 04, 2004 11:08 am

k i set up the http passwords and got an email confirming my http_auth pass and uname but they dont work. Where does sentinel store this info, maybe its not getting stored properly?

Involved Joined: Jul 15, 2004 Posts: 252 Location: OKC, OK

there are 4 tables nuke_nsnst_?????

in nuke_nsnst_authors is where it stores the login info

New Member Joined: Aug 10, 2004 Posts: 13

I'm also having the same problem as fuzzylogic. I went into phpmyadmin, made my user a God, and turned on "Admin HTTP Auth". When I try to log into the admin panel, I get the popup dialog box asking me for the user and pass for my account as a result of the http auth being turned on. I type in the correct info, but it won't accept it. I've tried numerous times, so I know what I was entering was correct. I ended up having to go back into phpmyadmin and turn http_auth from 1 to 0 as well so I could access my admin panel again. Any idea on what's going on? Btw, I checked the encrypted database entries for user passwords for both the admin account and the HTTP Auth account, and they are identical. Thanks.

Site Admin/Owner Joined: Aug 27, 2002 Posts: 17088

The usernames are case sensitive in http auth but not in nuke. In other words raven and Raven work in nuke admin panel, but in http auth only the exact way it reads in th auth table will work. Is that perhaps the problem?

Posted: Tue Aug 10, 2004 10:00 am

Nope, I type it in the right case. I also just noticed I can't even log into the site anymore.

Posted: Tue Aug 10, 2004 10:04 am

Are you using my old hack alert script or some other protection system that may be conflicting with Sentinel? Nothing in Sentinel should interfere with reular logging on though.

Posted: Tue Aug 10, 2004 10:06 am

I closed the window and opened the site in a new one, and I can log into the site now. No, Sentinel is the only security fix I've installed on the site.

I just tried to activate HTTP Auth and log in again but no luck.

Posted: Tue Aug 10, 2004 10:13 am

Try deleting the 4 tables and reinstalling them. I can't think of anything that might be causing this.

Posted: Tue Aug 10, 2004 10:15 am

Do you mean dropping the 4 nsnst tables and uploading them from the sql file? Will doing so reset all my settings?

Posted: Tue Aug 10, 2004 10:20 am

Yes on dropping.

Use nsnst.php.

Yes it will reset your settings.

Posted: Tue Aug 10, 2004 10:23 am

I noticed in a post I read earlier that there are some stipulations on whether you can use the HTTP Auth setting or not. Something about CGI, but I can't really recall. Could that have anything to do with it?

Once I do what you said, the first thing I want to do is set up the HTTP Auth to make sure nothing else is conflicting with it. Please tell me the exact steps to activate it correctly. Also, is there another way to make users "Gods" without editing db tables?

I would like to comment on how nice the prompt responses are.

Posted: Tue Aug 10, 2004 10:32 am

MrHahn wrote:

I noticed in a post I read earlier that there are some stipulations on whether you can use the HTTP Auth setting or not. Something about CGI, but I can't really recall. Could that have anything to do with it?

No. If you're seeing the http auth popup, you are running PHP as an Apache module.

Quote:

Once I do what you said, the first thing I want to do is set up the HTTP Auth to make sure nothing else is conflicting with it.

No, since you are having problems I would set up the other things to get the site protection working.

Quote:

Also, is there another way to make users "Gods" without editing db tables?

There is no other way as that would open up MAJOR security issues.

Quote:

I would like to comment on how nice the prompt responses are.

Thanks. We try to provide that 'down home feeling' Wink

Posted: Tue Aug 10, 2004 10:42 am

All the blockers are activated again. For the .htaccess, do I have to list the full path (ie. /home/user/etc...) or just the file name, ".htaccess"?

As for the HTTP Auth, I want to be clear on how to activate it properly.
1) Make account a "God" account in phpmyadmin.
2)Turn "Admin HTTP Auth" on with the drop-down menu under the "NukeSentinel™ Administration" section.

Is that correct?
Anything else I need to do?

Posted: Tue Aug 10, 2004 10:49 am

Also, as for making the account a "God" account, am I corrent in editing the nuke_authors table? In the table, there are the "aid" and "name" columns, both of which have the username in them by default. I then edit the entry under the "name" column next to the user I want to change to "God" without the quotes. Is that correct?

Posted: Tue Aug 10, 2004 11:12 am

If these thre options are hyperlinks in your control panel then you are logged in as a God admin.

Protected Admins List
Admin HTTPAuth List
Scan for New Admins

Yes, you select On. At that point, the userid/pass is the same as your nuke admin userid/pass. You can modify that later if you wish. You will then want to protect the admin accounts as that will allow you to run tests on sentinel w/o being banned.

God is in the 'name' column, yes.

Posted: Tue Aug 10, 2004 11:30 am

I reset the nuke_authors afte rthe mishap. Is that the correct way to make an acount a "God" account? Also, could you please answer the post I made before the one you addressed last?

Posted: Tue Aug 10, 2004 11:33 am

I thought I had addressed all the questions in the 2 posts. The .htaccess path shoud just be .htaccess . What else is still unanswered?

Posted: Tue Aug 10, 2004 11:40 am

The problem is still present. I had to go back into phpmyadmin and turn http_auth from 1 to 0 again. I guess I can just leave it disabled.

Posted: Tue Aug 10, 2004 11:49 am

I just tried to edit a previous post of mine, and I got a page that said "Method Not Implemented" with the post mixed with symbols below it.

Posted: Tue Aug 10, 2004 11:53 am

I signed out of both the site and admin panel accounts, closed the browser, opened the site in a new browser window, and I'm able to edit the post now.

Posted: Tue Aug 10, 2004 12:30 pm

Have you made all the manual changes required in the README?

Posted: Tue Aug 10, 2004 12:31 pm

As far as I know. I read the entire thing.

Posted: Tue Aug 10, 2004 1:11 pm

Everyone having problems with HTTPAuth, please do the following:

1) Open a text editor and create a new empty document.
2) Enter the following in that new document:

Code:

<?php


phpinfo();


?>

3) Save this as myphpinfo.php or something like that.
4) Upload it to your server and call it in yoru browser.
5) Look at the Server API. It will be about the 4th line.
6) If this reports anything other then Apache or Apache Handler you can not use HTTPAuth.

Let us know if you have the above issue, if so there is nothing we can do to help except recommend you ask your host to recompile PHP as an Apache module.

If it reports Apache as the server api then we will do what we are able to do to get you up and running with HTTPAuth.