Login

Wesley · 2011-02-24, 08:54:12

Hello,

I can always access the admin pages even if I press the logout button. Is this normal?

Kind regards,

Wesley

***ccagle8*** · 2011-02-24, 21:30:58

No, what GS version are you using.

Wesley · 2011-02-24, 22:12:42

ccagle8 Wrote:No, what GS version are you using.

I am using 2.03.1 Latest Stable Version (GPL). I did a check with IE & FF.

revvion · 2011-02-26, 03:33:12

Same problem here, I am using 2.03.1 and checked with chrome & ie9

Wesley · 2011-03-01, 22:28:41

Anyone, please?

***ccagle8*** · 2011-03-02, 00:42:31

im stumped on this one... 2.03.1 only checks to see if the cookie is there before killing it. before we just blindly killed it if it was there or not originally... not exactly a change that should cause this.

Can someone confirm if this is still happening with the latest SVN build? http://get-simple.info/beta

coolkid · 2011-03-05, 21:28:35

I think I found the problem...

Take a look at cookie_functions.php line 39,

Quote:$saltCOOKIE = sha1($identifier.$SALT);

I think this is the problem, because when I do print_r($_COOKIE), the result of the hash was never there, instead it used the "$identifier.$SALT" form (confirmed it by looking at cookie_check functions line 69-70).

To repair it, I simply change line 39 from

Quote:$saltCOOKIE = sha1($identifier.$SALT);

to:

Quote:$saltCOOKIE = $identifier.$SALT;

Hope it helps Smile

***ccagle8*** · 2011-03-06, 23:18:33

does that mean your system does not have the ability to do a sha1() hash?

coolkid · (This post was last modified: 2011-03-07, 00:44:13 by Real Estate CoachZ.)

nope! it means u use sha1($saltCOOKIE) ONLY in kill_cookie function, and unhashed $saltCOOKIE form in the rest of them Smile

that's why the cookie_check would NEVER find the sha1($saltCOOKIE) because u used the unhashed $saltCOOKIE form in other (check_cookie, create_cookie, etc..) Big Grin

See it for yourself Smile

coolkid · 2011-03-07, 00:41:06

To make my point clearer, take a look at these codes:

Quote:function create_cookie() {
.....
global $cookie_name;
$saltUSR = $USR.$SALT;
$saltCOOKIE = $cookie_name.$SALT;
if ( defined('GSCOOKIEISSITEWIDE') && (GSCOOKIEISSITEWIDE == TRUE) ) {
setcookie($saltCOOKIE, sha1($saltUSR), time() + $cookie_time,'/');
}....
}

and this:

Quote:function cookie_check($cookie_name=FALSE) {
if($cookie_name==FALSE) { // Assume login cookie.
....
$saltCOOKIE = $cookie_name.$SALT;
if(isset($_COOKIE[$saltCOOKIE])&&$_COOKIE[$saltCOOKIE]==sha1($saltUSR)) {
return TRUE; // Cookie proves logged in status.
} else { return FALSE; }
}...

while in kill_cookie, we have:

Quote:function kill_cookie($identifier) {
global $SALT;
$saltCOOKIE = sha1($identifier.$SALT);
if (isset($_COOKIE[$saltCOOKIE])) {
if ( defined('GSCOOKIEISSITEWIDE') && (GSCOOKIEISSITEWIDE == TRUE) ) {
$_COOKIE[$saltCOOKIE] = FALSE;
setcookie($saltCOOKIE, FALSE, time() - 3600,'/');
} else {
$_COOKIE[$saltCOOKIE] = FALSE;
setcookie($saltCOOKIE, FALSE, time() - 3600);
}
}
}

See my point? Big Grin

***ccagle8*** · 2011-03-07, 02:11:13

i do... interesting as I am able to logout of my site... I will get this fixed immediately in the SVN.

krisu · 2011-03-09, 19:48:45

I got the same problem in version 2.03.1 and coolkid's fix fixed that problem for me.

***ccagle8*** · 2011-03-09, 23:27:11

ok, we will get this fixed in 3.0. Ive added it to the issue tracking list: http://code.google.com/p/get-simple-cms/...ail?id=141

Mateng · 2011-04-15, 20:44:01

Same Problem in 3.0, fix didn't help yet.

Connie · 2011-04-16, 04:05:38

Mateng Wrote:Same Problem in 3.0, fix didn't help yet.

did you clear the cache?
did you try with different browsers or with different computers?

I am sure it is a cache problem

Cheers, Connie

oeborg · 2011-04-20, 06:30:33

I had this problem as well.
It turned out to be the language file being saved in UTF-8 not UTF-8 Without BOM.

raginibora · 2011-05-05, 23:35:48

Hi,
i think its something related to cache.., try it once..,

direct loans consol · 2011-05-13, 17:04:18

hi.. i have the same problem, and got to clear the cache, and i log out sucessfully Smile

thanks

phm · 2011-05-30, 01:33:12

I have the same problem, using GS 3.0B and SimplePageContent + p01contact plugins
Tested on win IE8 and osx FF4 (different machines). Logout button reroutes to admin page.

Connie · 2011-05-30, 03:26:46

Try to use the released 3.0 version, as the beta version 3.0.B is not actual any more

phm · 2011-06-08, 05:05:22

Updating to 3.0 didn't help unfortunately. Curious thing: locally logout works, on the live site it doesn't.

Connie · 2011-06-08, 05:13:35

deactivate friendly urls
edit your .htaccess

clear all cache

logout = still not possible?

what is the info of the health check?

meetje · 2011-06-08, 06:53:42

Connie Wrote:deactivate friendly urls
edit your .htaccess

clear all cache

logout = still not possible?

what is the info of the health check?

Hi Connie

I have the same issue: can't log out. Did what you wrote, health check: all OK.
When deleting the rewrite rules, uncheck pretty URL's and clearing the cache I can log out one time but after that not any more (unless I repeat that procedure again).
Hans

Connie · 2011-06-08, 16:01:01

what is the info of the health check?

which browser?

did you check with different browsers?

meetje · (This post was last modified: 2011-06-08, 16:27:45 by jqple.)

Connie Wrote:what is the info of the health check?

which browser?

did you check with different browsers?

Hi Connie:

Tried with IE8, FF4 and latest Chrome, all the same.
Attached the contents of the healthcheck

Login
Username:
Password:	Lost Password?
	Remember me