Users can't stayed logged in, and errors on YA page

Hangin' Around Joined: Feb 28, 2006 Posts: 38

Hi there everyone,

A brand-spanking new install on the server, and I've run into a problem:

php: 4.4.2
MySQL: 4.1.21
Apache: 1.3.37

I've run the installer, and the front page shows fine, I logged in, and it gives me the user page, but after the "This is your personal page", I get the following error:

Quote:

Fatal error: Call to undefined function: nav() in /home/husaberg/public_html/modules/Your_Account/index.php on line 250

If I go back to the front page, I'm Mr. Anonymous again Very Happy

I've tried register_globals both on & off, but I'm getting the same problem either way.

I would really appreciate any help you can provide.

thanks,
json

Posted: Thu Aug 24, 2006 3:13 pm

I do not remember seeing a function with the name nav.
Are you using a custom theme?

Hmm, the function might be in navbar.php I'll have to look.

Posted: Thu Aug 24, 2006 4:09 pm

Hi there,

I have in no way added to, modified or removed any code. I unzipped, created the database and installed.

Please let me know if you need any more information, as I'm not really sure what might be pertinent. I thought it being a new install, there wouldn't be much that I could provide that you don't already have access to, aside from server conditions.

thanks very much for taking the time to help me,
json

Posted: Thu Aug 24, 2006 5:10 pm

Hi there guys,

I'm sorry to clutter up the thread, but I thought I'd mentions some other things I found relating to my problem.

With Raven's version, if I try to log into the admin section, I just get placed back to the admin login page. It seems as if my problems stem from the server's inability to place a cookie.

This is a relatively new server, and although I've installed shopping carts, PostNuke & some forums for sites residing on it, this is the first time that I've attempted to install a PHP-Nuke site. I tried RavenScript's version first, and you saw the errors above. This is an existing site that's moving to the new server, so I thought I would simply install the current script until we could get the RS version working. The existing version is patched 7.1.

Well, I get the same problem with attempting to log in. not the error, but when I try to log in, it shows me the user page, however when I travel to any other page, I'm anonymous again! As well, if I log in as admin, it will show me the admin page, but any time I click a link in it, I'm told that access is denied. I show up in the who's online block, but on the welcome line, it calls me anonymous.

Knowing this, is there any setting in php that could be causing my problems? I've compared the two server's phpinfo, and they seem close to identical. Y2K compliance differs between the two, but the rest seems the same.

thanks,
json

Posted: Thu Aug 24, 2006 7:12 pm

If you cannot log in as an admin or a normal user then the issue must be with cookies
Normally I would suggest clearing your cache and cookies but as another thought, have you tried logging in using a different browser?
If you can log in with a different browser then this would seem to support it being a cookie problm as different browsers store their cookies in different places.

Posted: Thu Aug 24, 2006 7:21 pm

Hi Guardian,

4 different computers, 6 browsers, and the same problem on each one :/.

thanks,
json

Posted: Thu Aug 24, 2006 7:33 pm

In that case it sounds like some of the files did not ftp up correctly which would also explain the undefined function - if the file the function is in did not upload correctly it would produce that error.

Posted: Thu Aug 24, 2006 7:42 pm

In the modules/your_account do you have the file navbar.php? That's where the nav function lives. The navbar.php is included if the is_user($user) function returns true. That function lives in mainfile. So unless the user matches what's in the user table this condition won't be satisfied. I believe that cookies not working could be one cause of this because the $user comes from a cookiedecode function in mainfile.

I think that probably what's happening is that cookies aren't set right, thus is_user isn't true so navbar is never included so when the index.php of your_account calls nav() it doesn't find it.

You might use Firefox tools/options privacy to look at cookies and see what's being set. I suspect that there may be some kind of problem with the domain name that's causing cookies not to get set. Sorry to be so vague but that's just a suggestion of what to look at.

Posted: Thu Aug 24, 2006 7:44 pm

Hi there Guardian,

I've uploaded 3 cms's twice each now, with uniform errors. I use CuteFTP Pro, which has never given me a problem like this. What would you suggest I do to ensure that the files aren't corrupted? Is there another method of uploading the files?

Also, the fact that more than one cms has the exact same problem(cookies not being set) tells me that the chances that a random file got corrupted is very slim, wouldn't you agree?

thanks,
json

Posted: Thu Aug 24, 2006 7:57 pm

Sorry to butt in again and to not be more helpful or definitive. I use Cuteftp also and one thing that you can do is browse your files on the server with it. So I'd look to make sure that navbar.php is there and the nav() function is in it. I'd agree it's probably not file corruption.

Also take a look at the value of nukeurl in the nuke_config table. The load process puts it as mysite.com but then I believe set up is supposed to set it to whatever your domain is. If this didn't happen you could have a problem with cookies ... I think.

Posted: Thu Aug 24, 2006 8:13 pm

Hi there fkelly, thanks very much for the reply. As I was replying to guardian, I missed your first one Smile

I cleared my cookies for the site, went back and attempted to log in. I got the error, and I still show up as anon on the front page, so I thought for sure that there would be no cookie waiting for me....

But there is Smile

Lang cookie, and user cookie:

User cookie:

Name: user
Content: MjpzY2h3aW06YTg5MWI0ZmQxYWJjODJlOTBjZGE4ODAwYjYxYTRmODA6MTA6OjA6MDowOjA6OjQwOTY%3D
domain: www.husaberg.org(this is correct, BTW)
path: /
Send For: Any type of connection
Expires: 09/23/2006 10:09:34 PM

That's the data in the user cookie. The domain is right, the expire date is not past, path is what everyone says it should be..... so why isn't the site seeing the cookie that's set?

thanks,
json

Posted: Thu Aug 24, 2006 8:15 pm

fkelly - Agreed.
schwim - Agreed. It would be highly unlikely for it to be file corruption on different cms unless there is some fundamental problem with your ftp client and from what you have said, that is looking extremely remote.

So we are back to the original diagnosis of a cookie issue then.

Posted: Thu Aug 24, 2006 8:27 pm

Hi there guys,

I tried it again, and here's what I find, cookie-wise:

user cookie gets placed(as I posted above) when I attempt to log in as a user.

A lang cookie gets placed when I browse a page

When I attempt to log in as admin, I don't get a cookie at all. Nothing new shows up.

Here's where I sit. What can cause this? Can a firewall cause this sort of problem? PHP incorrect settings????

I'm at a total loss as to why this is happening, and worse, I can't pin down the problem enough to know who to ask Very Happy

.

Any thoughts would be greatly appreciated.

thanks,
json

Posted: Thu Aug 24, 2006 9:43 pm

Hey, there! I've been trying to help schwim with this problem and have tried all the suggestions above, plus trying two different browsers and checking the db. Everything seems normal, except that neither one of us can log in, the your_account module does not accept our passwords, even though we are both in the users table.

So I'm stumped, and looking for more expert advice.

Posted: Thu Aug 24, 2006 10:27 pm

And hey, I thought I had posted here before ... What up with this 1 posts, huh?

Posted: Fri Aug 25, 2006 6:22 am

Just to clarify, neither of you can log in as a normal user or as an admin.
If you try to log in as a normal user you get taken back to the your account page and if you try to log in as an admin on the the admin.php file it just refreshes back to the admin.php page.
If those scenarios are correct then it can only be a cookie problem or the passords are incorrect.

Can you post a link to your site or PM me the link please.

Posted: Fri Aug 25, 2006 7:24 am

I've sent you a pm guardian, thanks very much.

For clarification:

If I attempt to log in as a user, I get the user account page(with an error), but any page I go to after that, I'm anonymous.

If I attempt to log in as an admin, it loops straight back to the admin login page.

I didn't mention in the pm, but the admin.php is now control.php... sorry for that.

thanks,
json

Posted: Fri Aug 25, 2006 7:54 am

Hi there guys,

In my attempt to understand how wide spread this problem is, I've tried installing a couple more scripts. Here are the results:

e107: logging in created a loop
Post Nuke: Logged in A-OK! admin privs are intact, and Nothing seems to be wrong!
OSCommerce: Login A-OK!
Zen-Cart: Login A-OK!

Some scripts can successfully log in, while others can't I don't know if this helps at all or not, but I thought I'd try to see if any script at all could log in.

thanks,
json

Posted: Fri Aug 25, 2006 9:57 am

I think this is getting to the point where you need to stick some diagnostics into the programs to see what is really going on. I created the following ad hoc that might help you get started:

Code:

<?


echo 'in mainfile <br>';


$user = "MjpzY2h3aW06YTg5MWI0ZmQxYWJjODJlOTBjZGE4ODAwYjYxYTRmODA6MTA6OjA6MDowOjA6OjQwOTY%3D";


if (!is_array($user)) {


        $user = base64_decode($user);


        $user = addslashes($user);


        echo 'user after addslashes ' . $user . '<br>';


        $user = explode(":", $user);


    }


    $uid = $user[0];


    $pwd = $user[2];


    echo 'uid and pwd ' . $uid . ' ' . $pwd . '<br>';


?>

Of course, as an adhoc it is not "in mainfile" but I think you need to do something like this to the is_user() function of mainfile to see what's happening. Maybe, like Guardian says, your passwords aren't right. Note: this exposes the encrypted value of your password but essentially by posting that string earlier you did that.

Just put some echoes like this into mainfile, after backing up your "official" version. Looking further, in the is_user function, after the $uid and $pwd variables are set, the function reads the users table to find the record where the value for the uid field equals the $uid variable. Then if the passwords match between that record and the $pwd variable the function returns the a "success" indicator. So you could echo out the value of row[0] to determine whether the record is being read successfully. Or for that matter you could just bring the table up in phpmyadmin in another window and check the values manually while you are running the diagnostics.

Posted: Fri Aug 25, 2006 11:42 am

Hi there fkelly,

How would I implement this exactly? I'm not sure where to put it, and what you meant by "not in mainfile".

I thought the same thing might be happening, and after looking at the db, I noticed that the MySQL db got created in latin1 collation/format, so I dropped the entire db, reran the install after making the db UTF8 Unicode_ci(the same as the MySQL connection collation), and tried it again, but I still have the same problem with logging in after the db is in the correct format.

So now the db is in the right collation format(I believe), but the problem persists, so I think you're right that we need to see if the password is getting corrupted. Should I just put that block of code at the top of mainfile?

thanks,
json

Posted: Fri Aug 25, 2006 2:04 pm

I meant that I had put the code into an adhoc instead of in mainfile. If you want to try this substitute the following code for the is_user() function in mainfile. You could comment the existing is_user function out and copy this in or you could delete the existing and substitute this or you could just make the changes and reverse them later. In any event make a backup of mainfile first.

Code:

function is_user($user) {


      echo 'in mainfile is_user function <br>';


    if (!$user) { return 0; }


    if (isset($userSave)) return $userSave;


    if (!is_array($user)) {


        $user = base64_decode($user);


        $user = addslashes($user);


         echo 'user after addslashes ' . $user . '<br>';


        $user = explode(":", $user);


    }


    $uid = $user[0];


    $pwd = $user[2];


    echo 'uid and pwd ' . $uid . ' ' . $pwd . '<br>';


    $uid = intval($uid);


    if (!empty($uid) AND !empty($pwd)) {


        global $db, $user_prefix;


        $sql = "SELECT user_password FROM ".$user_prefix."_users WHERE user_id='$uid'";


        $result = $db->sql_query($sql);


        $row = $db->sql_fetchrow($result);


        echo 'this is the password returned from the user table ' . $row[0] . '<br>';


        $db->sql_freeresult($result);


        if ($row[0] == $pwd && !empty($row[0])) {


            static $userSave;


           return $userSave = 1;


        }


    }


    static $userSave;


    return $userSave = 0;


}

This should give you a better idea what's going on.

Posted: Fri Aug 25, 2006 3:02 pm

Hi there guys,

Here's the data I'm getting back from the modification in the mainfile:

First, for reference, here's the actual data:

actual login: admin
actual pass: 5f4dcc3b5aa765d61d8327deb882cf99

Now for what the is_user mod provides:

cookie login: admin
cookie pass: 5f4dcc3b5aa765d61d8327deb882cf99

So you don't have to hop back and forth Smile

5f4dcc3b5aa765d61d8327deb882cf99 <~~actual
5f4dcc3b5aa765d61d8327deb882cf99 <~~cookie

They are identical Sad

I've moved the test site over to another URL, so I can put a temp page up at the current location(it's a live site, and was supposed to be a quick move. A couple thousand people want to know where it went!). You can get to the site here: http://www.roughingthesuspect.com

I've created the db, changed the collation to utf8_unicode_ci as it got created as latin1_swedish_ci. I have no idea as to why my db's default to that. I'm coming from mysql3.23, so I never had to bother with this before.

Anyways, I created the db, fixed the collation, and ran raven's install. You can check the results by creating a user account, or, if you'd rather, use the one I created already, that being:

user: admin
pass: password

Same problems, different URL Smile

. You'll see that in the upper left hand corner, it welcomes you by name, so the cookie is there, but you are anonymous any time it has to check the password.

If anyone wants the ftp login, phpmyadmin info, or anything else, please let me know. I'd be happy to provide it.

thanks,
json

Posted: Fri Aug 25, 2006 4:20 pm

First of all, the collation thing has been fixed in the next release of Ravennuke and it is not what was causing the problem.

Sorry you are having all these problems but it's great that you have a test site cause now we can keep diagnosing. We've now determined that the password in the user table matches the ... no wait a minute, Raven always tells me not to assume. Did you get the line back where it says:

"'this is the password returned from the user table ' . $row[0] . '<br>';'

or are we just seeing the first echo I put in where I echoed the values of the $uid and $pwd? I'm asking this because we need to make sure that record is in the user table.

If we are seeing the value from the user table record then I was going to say: "okay, so that means is_user would be returning a positive to the your_acccount index.php when it calls that function. So then I'd look at the section of code in /modules/your_account/index.php where it says:

Code:




if(is_user($user)) {


  include("modules/$module_name/navbar.php");


}

and I'd change it to say

Code:




if(is_user($user)) {


  include("modules/$module_name/navbar.php");


echo 'including navbar.php from YA index.php <br>';


}





From what you've said, I really don't think that inclusion is ever taking place but it's worth verifying.  





You could also add an echo of a similar nature to navbar.php to indicate that it's being executed.  Just stick it near the top outside of any functions.  





Later:  well I just decided to register for your site and did (the test one).  If you look at the diagnostic line that echoes $row[0] which is supposed to be the password you'll see it's blank.  I have to leave for the evening and it's always possible I made a syntatical mistake but it doesn't look to me like the password is being stored in the users table.  Anyone see a mistake in that diagnostic code????





If password isn't stored then the is_user function will always return a logical false and the problems you are seeing will continue.  Sorry I don't have more time now but I'll look at again tomorrow if no one else has jumped in or you haven't figured it.  You could look at the field in the table with phpmyadmin and you could even force feed a value in there using the md5 function to translate encrypt the "normal" string into the md5 version.

Posted: Fri Aug 25, 2006 11:26 pm

Hi there fkelly,

I'm not sure how to insert the value with md5, but when you're available again, I'd be happy to make any alterations to the code that you need. I can also provide you ftp access to the script, if that will help at all.

I'm truly flabbergasted at the stubbornness of this problem. bummed too Smile

thanks,
json

Posted: Sat Aug 26, 2006 12:15 am

I created an account and it keeps me logged in without any ptoblems.
However there does seem to be an issue with the YA module not including the navbar.php - if I got to the YA module it still shows me logged in as a user but the navbar is missing so it is only displaying the log-in box.
I have PM'd you.