Cannot login as admin

New Member Joined: Jan 23, 2004 Posts: 24

I have PHPNuke 7.6 (patched 2.7) installed which was working fine. But since yesterday I cannot login as admin - everytime I try to login as admin (www.xxx.com/admin), I get directed to the member/user login page. I donot get any password wrong message, simply get redirected to the member login page. Any idea why this is happening? Will appreciate a reply.

Site Admin/Owner Joined: Aug 27, 2002 Posts: 17088

What have you installed in-between?

Posted: Fri Dec 10, 2004 6:49 am

Nothing really that might have interfered with this. I installed 'gallery' module and block (randon block), a module called 'contentdue' (alternative content module) - that is all as far as I remember.

To be specific I get divereted from the /admin.php page to the [ Only registered users can see links on this board! Get registered or login! ] with this message 'Login Incorrect! Please Try Again...'. I have a admin and normal user account with same login detail. I can login as a user with this with no problem but not as a admin.

I wonder if some hacker somehow tampered with my admin password.

Posted: Fri Dec 10, 2004 7:00 am

If it were me, I would restore your backup, see if that fixes it, and then reapply those addons, 1 by 1 and check inbetween each one. Other than that you would have to to trace debug it by using echo and die statements.

Posted: Fri Dec 10, 2004 3:45 pm

Following is the code of the block (block-Site_Info) that caused the problem Once the block is deleted the login problem is gone. This block is exactly the that you have in this site except that I edited it to get rid of few display parametres to make it a bit compact. I will be grateful if you can have a quick look through the codes and find what it is that caused the login problem. Thanks.

Quote:

<?php

if (eregi("block-Site_Info.php",$_SERVER['PHP_SELF'])) {
Header("Location: index.php");
}

function convertIP ($xip) {
global $admin;
if (is_admin($admin)) return $xip;
$xipx = explode('.',$xip);
for ($i=2;$i<count($xipx);$i++) {
$xipx[$i] = preg_replace ('/(0|1|2|3|4|5|6|7|8|9)/', "x", $xipx[$i]);
}
return implode('.',$xipx);
}

$content = "";

mt_srand ((double)microtime()*1000000);
global $dbi, $nukeurl, $startdate, $user, $cookie, $prefix, $user_prefix, $db, $anonymous, $mode, $t, $f, $redirect, $random_num, $admin;
mt_srand ((double)microtime()*1000000);
$maxran = 1000000;
$random_num = mt_rand(0, $maxran);
$datekey = date("F j");
$rcode = hexdec(md5($_SERVER[HTTP_USER_AGENT] . $sitekey . $random_num . $datekey));
$code = substr($rcode, 2, 10);
cookiedecode($user);
$uname = $cookie[1];

$sql = "SELECT username,user_id FROM $user_prefix"._users." ORDER BY user_id DESC LIMIT 0,1";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);

$lastusername = $row[username];
$lastuser = $row[user_id];
$numrows = $db->sql_numrows($db->sql_query("SELECT user_id FROM $user_prefix"._users.""));
$numrows1 = $numrows-1;
$sql = "SELECT uname, guest FROM $prefix"._session." WHERE guest=0";
$result = $db->sql_query($sql);
$member_online_num = $db->sql_numrows($result);
$who_online_now = "";
$i = 1;
while ($session = $db->sql_fetchrow($result)) {
$sql = "select user_id, username from ".$user_prefix."_users where username='$session[uname]'";
$member_result = $db->sql_query($sql);
if (sql_num_rows($member_result, $dbi) == 1) {
$memberinfo = sql_fetch_array($member_result, $dbi);
}

if ($i < 10) $zi = "0$i";
else $zi = $i;
$who_online_now .= "$zi: <a href=\"userinfo-.html$session[uname]\"><img src=\"images/blocks/icon_mini_profile.gif\" border=\"0\" alt=\"Check the profile of $session[uname]\"></a> <a href=\"messages-post-.html$memberinfo[user_id]\"><img src=\"images/blocks/nopm.gif\" border=\"0\" alt=\"Send a quick private message to $session[uname]\"></a> <A HREF=\"forums.html?file=profile&mode=viewprofile&u=$memberinfo[user_id]\">$session[uname]</a> \n";
$who_online_now .= ($i != $member_online_num ? " " : "");
$i++;
}

$sql = "SELECT uname, guest FROM $prefix"._session." WHERE guest=1";
$result = $db->sql_query($sql);
$gmember_online_num = $db->sql_numrows($result);
$gwho_online_now = "";
while ($session = $db->sql_fetchrow($result)) {
if (isset($session["guest"]) and $session["guest"] == 1) {
if ($i < 10) $zi = "0$i";
else $zi = $i;
$gwho_online_now .= "$zi: <a href=\"http://www.samspade.org/t/lookat?a=". convertIP($session[uname])."\" target=\"_blank\">". convertIP($session[uname])."</a> \n";
$gwho_online_now .= ($i != $gmember_online_num ? " " : "");
$i++;
}
}

$Today = getdate();
//Formatting Current Date
$month = $Today['month'];
$mday = $Today['mday'];
$year = $Today['year'];
//Formatting Previous Date
$pmonth = $Today['month'];
$pmday = $Today['mday'];
$pmday = $mday-1;
$pyear = $Today['year'];
//Month conversion into numeric mode
if ($pmonth=="January") { $pmonth=1; } else
if ($pmonth=="February") { $pmonth=2; } else
if ($pmonth=="March") { $pmonth=3; } else
if ($pmonth=="April") { $pmonth=4; } else
if ($pmonth=="May") { $pmonth=5; } else
if ($pmonth=="June") { $pmonth=6; } else
if ($pmonth=="July") { $pmonth=7; } else
if ($pmonth=="August") { $pmonth=8; } else
if ($pmonth=="September") { $pmonth=9; } else
if ($pmonth=="October") { $pmonth=10; } else
if ($pmonth=="November") { $pmonth=11; } else
if ($pmonth=="December") { $pmonth=12; };
$test = mktime (0,0,0,$pmonth,$pmday,$pyear,1);

//Creating SQL parameter
$test = mktime (0,0,0,$pmonth,$pmday,$pyear,1);
$curDate2 = "%".$month[0].$month[1].$month[2]."%".$mday."%".$year."%";
$preday = strftime ("%d",$test);
$premonth = strftime ("%B",$test);
$preyear = strftime ("%Y",$test);
$curDate3 = "%".$premonth[0].$premonth[1].$premonth[2]."%".$preday."%".$preyear."%";

//Executing SQL Today
$sql = "SELECT COUNT(user_id) AS userCount FROM $user_prefix"._users." WHERE user_regdate LIKE '$curDate2'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$userCount = $row[userCount];
//end

//Executing SQL Yesterday
$sql = "SELECT COUNT(user_id) AS userCount FROM $user_prefix"._users." WHERE user_regdate LIKE '$curDate3'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$userCount2 = $row[userCount];
//end

$sql = "SELECT uname FROM ".$prefix."_session WHERE guest=1";
$result = $db->sql_query($sql);
$guest_online_num = $db->sql_numrows($result);
$sql = "SELECT uname FROM ".$prefix."_session WHERE guest=0";
$result = $db->sql_query($sql);
$member_online_num = $db->sql_numrows($result);
$who_online_num = $guest_online_num + $member_online_num;

$sql = "SELECT username FROM ".$prefix."_users_temp";
$result = $db->sql_query($sql);
$waiting = $db->sql_numrows($result);

$content .= "<form action=\"account.html\" method=\"post\">";

if (is_user($user)) {
$sqlp = "SELECT user_posts AS posts FROM $user_prefix"._users." WHERE username = '$uname'";
$result = $db->sql_query($sqlp);
$row = $db->sql_fetchrow($result);
$posts = $row[posts];
$sql = "SELECT user_avatar FROM " . $prefix."_users WHERE username='$uname' AND user_avatar IS NOT NULL";
$result = $db->sql_query($sql);
if ($result) {
$userinfo = $db->sql_fetchrow($result);
if ( ereg( "(http)", $userinfo[user_avatar]) ) {
$content .= " <center><img src=\"$userinfo[user_avatar]\" /></center>\n";
}
else
if ($userinfo[user_avatar]) {
$content .= " <center><img src=\"modules/Forums/images/avatars/$userinfo[user_avatar]\" /></center>\n";
}
}
if ($posts>0) $content .= " <center>$posts post(s)</center>\n";
$content .= " <img src=\"images/blocks/group-4.gif\" height=\"14\" width=\"17\"> "._BWEL.", $uname. \n\n";
$content .= "<a href=\"modules.php?name=Your_Account&op=logout\"><img src=\"images/blocks/arrow-blk.gif\" width=\"17\" border=0> Logout</a>\n<hr>\n";
$sql = "SELECT user_id FROM $user_prefix"._users." WHERE username='$uname'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$uid = $row[user_id];
$sql = "SELECT privmsgs_to_userid FROM $prefix"._bbprivmsgs." WHERE privmsgs_to_userid='$uid' AND privmsgs_type='5'";
$result = $db->sql_query($sql);
$een = $db->sql_numrows($result);
$sql = "SELECT privmsgs_to_userid FROM $prefix"._bbprivmsgs." WHERE privmsgs_to_userid='$uid' AND privmsgs_type='1'";
$result = $db->sql_query($sql);
$twee = $db->sql_numrows($result);
$newpms = $een + $twee;
$sql = "SELECT privmsgs_to_userid FROM $prefix"._bbprivmsgs." WHERE privmsgs_to_userid='$uid' AND privmsgs_type='0'";
$result = $db->sql_query($sql);
$oldpms = $db->sql_numrows($result);
$content .= "<img src=\"images/blocks/email-y.gif\" height=\"10\" width=\"14\"> <a href=\"messages.html\">"._BPM."</a> \n";
$content .= "<img src=\"images/blocks/email-r.gif\" height=\"10\" width=\"14\"> "._BUNREAD.": $newpms \n";
$content .= "<img src=\"images/blocks/email-g.gif\" height=\"10\" width=\"14\"> "._BREAD.": $oldpms \n<hr>\n";
} else {
$content .= "<img src=\"images/blocks/group-4.gif\" height=\"14\" width=\"17\"> "._BWEL.", $anonymous\n<hr>";
}
$content .= "<img src=\"images/blocks/group-2.gif\" height=\"14\" width=\"17\"> "._BMEMP.": \n";
$content .= "<img src=\"images/blocks/ur-moderator.gif\" height=\"14\" width=\"17\"> "._BLATEST.": <a href=\"userinfo-.html$lastusername\"><img src=\"images/blocks/icon_mini_profile.gif\" border=\"0\" alt=\"Check the profile of $lastusername\"></a> <A HREF=\"forums.html?file=profile&mode=viewprofile&u=$lastuser\">$lastusername</a> \n";
$content .= "<img src=\"images/blocks/ur-guest.gif\" height=\"14\" width=\"17\"> "._BOVER.": $numrows1 \n<hr>\n";
$content .= "<img src=\"images/blocks/group-3.gif\" height=\"14\" width=\"17\"> "._BVISIT.":\n \n";
$content .= "<img src=\"images/blocks/ur-anony.gif\" height=\"14\" width=\"17\"> "._BVIS.": $guest_online_num \n";
$content .= "<img src=\"images/blocks/ur-member.gif\" height=\"14\" width=\"17\"> "._BMEM.": $member_online_num \n";
$content .= "<img src=\"images/blocks/ur-registered.gif\" height=\"14\" width=\"17\"> "._BTT.": $who_online_num \n<hr noshade>\n";

/* Hits for Today */
$t_time = time();
$t_year = date("Y", $t_time);
$t_month = date("n", $t_time);
$t_date = date("j", $t_time);
$result = sql_query("SELECT hits FROM $prefix"._stats_date." WHERE year='$t_year' AND month='$t_month' AND date='$t_date'", $dbi);
list($today) = sql_fetch_row($result, $dbi);
/* Hits for Yesterday */
$y_time = $t_time - 86400;
$y_year = date("Y", $y_time);
$y_month = date("n", $y_time);
$y_date = date("j", $y_time);
$result = sql_query("SELECT hits FROM $prefix"._stats_date." WHERE year='$y_year' AND month='$y_month' AND date='$y_date'", $dbi);
list($yesterday) = sql_fetch_row($result, $dbi);
/* Hits in Total */
$totalhits = 0;
$result = sql_query("SELECT sum(hits) FROM $prefix"._stats_year."", $dbi);
list($totalhits) = sql_fetch_row($result, $dbi);
$content .= "<center>"._BHITS." "._BTD.": <a href=\"stats.html?op=DailyStats&year=$t_year&month=$t_month&date=$t_date\">$today</a> ";
$content .= ""._BHITS." "._BYD.": <a href=\"stats.html?op=DailyStats&year=$y_year&month=$y_month&date=$y_date\">$yesterday</a> </center>";

?>