CGIAuth *issues* ...

Involved Joined: Feb 08, 2005 Posts: 290 Location: USA

I rec'd this via email from my admin account ...
____________________________________________________________
The below information pertains to the HTTPAuth system in NukeSentinel(tm) only!
It does not affect your normal admin login information.

HTTPAuth Login: mysecondaryusername (not God but Admin)
Auth Password: xxxxxxxxxxxxxxxxxxxx
Protected: No
____________________________________________________________

What does all this mean? The pw is wrong, it's numbers, letters and characters and looks like the long number we're told to make a few changes to in config file, which I did of course.

I was getting Authentication failed after doing the CGIAuth instructions, my path was correct (I tested that with realpath), my login name for God was correct as was the pw I was trying to enter but the box just kept coming up until the third time when it would display the Authentication Failed page.

I dunno what I did but somehow I think I fixed that ... so I went in to NS Admin and looked to see if that user name was in there for Auth Admins and that's what it had (what shows above, and I got that in an email also. I went in to NS and changed the pw to what that login name has for a pw and then selected Is Protected ... was that the right thing to do?

This can be so danged complicated and confusing to us non-PHP scripters

: o/

I've since (making the change shown above) rec'd another email that says ...

The below information pertains to the HTTPAuth system in NukeSentinel(tm) only!
It does not affect your normal admin login information.

HTTPAuth Login: mysecondaryusername (not God but Admin)
Auth Password: xxxxxxx (corrected pw)
Protected: Yes

Did I do the change right or should I have done something else???

BTW, thanks to all who are helping me ... sorry if I'm frustrating you but I'm relatively new at this ... hugzzz

Site Admin/Owner Joined: Aug 27, 2002 Posts: 17088

As to "why", I can't yet answer that. But you did the right thing if it's working Smile

. The first pasword email you received was actually your [en]crypted password, that's why it looked so strange. We'll have to check the program to see why it's passing the encrypted password and not the plain one.

registered · Posted: Sun Aug 27, 2006 7:14 am

Looks to me like you added a new admin to nuke and then to NukeSentinel (through "Scan for New Admins") and then gave them a password (through "Admin Auth List"). When you are in "Admin Auth List", the critical step that is to click on the link which says to generate your .staccess file. Everytime a NukeSentinel admin user password is changed or a new admin is added, you need to ensure that the user/password is generated and written to .staccess through that admin function (.staccess file needs to be writable, which usually requires 666 for permissions on most systems).

If the right users and their hashed passwords are in the .staccess file, you/they should have no problems logging in with the password that was given them (the non-"hashed" password).

Posted: Sun Aug 27, 2006 12:47 pm

The secondary login was done according to instructions when installing RN76 though, it wasn't added later. I did change permissions later in Forums for that username. I don't think that should have affected NS because I apparently didn't even have it running until yesterday when I tackled the CGIAuth issue.

My config file doesn't like being messed with, I'm not sure why that is : o/ I commented out the 8 lines I had generated during the CGIAuth process and now I can get into admin ... yes, I know, that's not right ... now admin isn't being protected.

Other instructions said that .staccess needed to be 777 and that is what I had changed it to, as well as .htaccess and ultramode.txt

So how do I fix the config file so it will allow admin.php to be protected and allow me to log in under either God or the 2nd admin? This is all so complicated, and is probably the reason I've not tackled this kind of site for almost 2 years. Unfortunately I need this database system so I must press on.

Thank you all tho, and Raven ... nice to finally *see you* ... I was starting to worry if you were still around or not LOL.

And I assume then, that I should NOT have changed the pw in Nuke for the 2nd admin? It should have stayed the hashed one? That's not the one I'm trying to log in as btw, I'm trying to log in under God one.

Posted: Sun Aug 27, 2006 1:33 pm

Which *loign* is being asked for in that popup box? I've tried several since I had to create several during installation: God username/pw; NS God username/pw; regular username/pw ... and then there's the database login/pw ... when that box comes up WHAT login username/pw am I suppose to be giving it? BTW I tried all the God ones and combos thereof, no go : o/ I would expect it wants the regular God login/pw?

I've since uncommented those NS lines so I can get back into admin! If I leave them in I can't login (the box just keeps popping up asking for username/pw even tho I know I've entered the right one, and then Authorization Failed page after third attempt).

And there's another issues with the Forums, Journal, or Private Messages links where when I go from the main page to one of those pages I get a mess of these errors at the tops of the pages ... oddly enough, IE is OK but these show up for FF and NS browsers (yes, I've deleted cache, followed ALL the suggestions here, etc, I even commented on one fix recently but alas that didn't stick once I made the change for CGIAuth):

Warning: Cannot modify header information - headers already sent by (output started at
/----/*****/xxxxxx/pnuke/header.php:32) in
/----/*****/xxxxxx/pnuke/includes/sessions.php on line 254

I know these issues have been discussed, and believe me I've been reading and reading and reading ... and have tried all the suggestions but alas I'm stuck. I did the realpath suggestion and my path info IS correct. My God login/pw is also correct, I'm logged in with that normally, although NS shows the NS God/pw but I tried even that and no go. *Sigh*

And then there's the Forums backup issue (still need to research this one, security is first priority right now) ... I click on that link, I get the page that says backup is about to proceed in a couple of minutes ... and then the browser window (only tried in IE so far) just closes!? As far as I remember I should have been offered a file to d/l so I can keep that on my harddrive ... so many problems!

Just the other day I was up for 40 hours straight ... no sleep! This is almost as bad as having a *real job* LOL

Posted: Tue Sep 05, 2006 10:53 pm

Bluezzz wrote:

Warning: Cannot modify header information - headers already sent by (output started at
/----/*****/xxxxxx/pnuke/header.php:32) in
/----/*****/xxxxxx/pnuke/includes/sessions.php on line 254

Are you saying you followed the suggestions at http://www.ravenphpscripts.com/faq-2-.html#17 and none of them worked? I would find that nearly impossible to believe unless there's some funky setup issues with your host.

Posted: Tue Sep 05, 2006 11:53 pm

This has been resolved, I think I posted elsewhere (sorry if double posted). I can't remember right off hand what the *cure* was tho. I don't think I saw the page you quoted but I believe the 'buffering on' thing is what worked for me, not sure now LOL sorry. I am ok in this regard tho ... thanks for asking Raven!