Invalid Cookie message appears when trying to login

Permalink
Hi,

I'm currently looking into to fixing one of my companies older sites built with Concrete5 (way before me, I've never used C5 before.)

Anyway, when the user tries to login they keep receiving this message:

"Your browser's cookie functionality is turned off. Please turn it on."

I have also tried in multiple browsers, double checking that my cookie functionality is enabled, yet I cant login.

Their website is:http://www.rrgconsultancy.com/

Is there anything in the core files I can disable? If anyone could shine some light on this, I would be very grateful.

Thanks in advance.

View Replies:
hutman replied on at Permalink Reply
hutman
There was one version of C5 that would show this error if you had a wrong password, do you know what version of C5 the site is using?
Mercedes92 replied on at Permalink Reply
Well looking in the updater folder via my ftp there the latest version by date is:

concrete5.6.3.1_updater

But there is also these two in the same folder:

concrete5.4.2.2 and concrete5.5.2.1

I never got to see what version was being ran on the front end.
Is there something wrong with any of these versions, or a better way to check via the ftp?

Thanks,
hutman replied on at Permalink Reply
hutman
In the FTP if you open /config/site.php does it have a line in there that tells you the installed version? Usually if you upgrade the way that you are describing that variable gets set.

If you think you might have the wrong password you could try the Forgot Password link, assuming you have access to the old admin email.
Mercedes92 replied on at Permalink Reply
Sadly does not say, however just tried the password reset (found admin email in clients database) but still not working.

Any other ideas?

The client said that they ran an update last week and everything was working ok.
It's only been yesterday and today that they've not been able to login.
hutman replied on at Permalink Reply
hutman
When you access the site are you going to it through a url likehttp://yoursite.com and then after a "failed" login being redirected tohttp://www.yoursite.com? What browser are you using to try to login?
Mercedes92 replied on at Permalink Reply 1 Attachment
I login viahttp://www.rrgconsultancy.com/dashboard...

Enter the login details and this cookie popup appear. I am not redirected to anywhere.

Well the url after login is:http://www.rrgconsultancy.com/index.php/login/do_login/...

But I get this as attached.

It has not mattered what browser I am using but I am trying in all. I am currently in Firefox at this moment in time, if that helps. I've tried in Opera, Chrome, Safari, Firefox and IE.
Jupiter replied on at Permalink Reply
Jupiter
Please look into below link....may be its helps you
https://github.com/concrete5/concrete5/blob/master/web/concrete/core...
Mercedes92 replied on at Permalink Reply
Do you know which part needs removing?
hutman replied on at Permalink Reply
hutman
You can try commenting out lines 128-130 and see what happens.
Mercedes92 replied on at Permalink Reply
Nope, nothing. :(
hutman replied on at Permalink Reply
hutman
Which version of the site did you try doing this on? My guess is that it will need to be done on one of the versions in the updates folder, but without knowing which version is installed, there is no way to tell which one.
Mercedes92 replied on at Permalink Reply
I tried in the root, however my login.php didn't match the one Jupiter linked to, so I copied and pasted that into my current one and removed that part and uploaded. I will look in the latest update folder. The client said they updated last week, so I presume it must be the _updater version. I will try again if there is a login.php in there.
hutman replied on at Permalink Reply
hutman
There should be a login.php in each version, however I would not recommend copy and pasting that file into every version, just find that check in the code and comment it out.
Mercedes92 replied on at Permalink Reply
Shall keep looking incase.
Mercedes92 replied on at Permalink Reply
There's only this in the updater login.php

<?php

defined('C5_EXECUTE') or die("Access Denied.");
class LoginController extends Concrete5_Controller_Login {



}
hutman replied on at Permalink Reply
hutman
It will be in /concrete/core/controllers/single_pages/login.php
Mercedes92 replied on at Permalink Reply
Right, I found it and commented it out.
The site still works, but I just get a blank white page on login side.
Jupiter replied on at Permalink Reply
Jupiter
please create a backup of login.php
and replace this code
<?php  defined('C5_EXECUTE') or die("Access Denied.");
Loader::library('authentication/open_id');
class Concrete5_Controller_Login extends Controller {
   public $helpers = array('form');
   private $openIDReturnTo;
   protected $locales = array();
   protected $supportsPageCache = true;
   public function on_start() {
      $this->error = Loader::helper('validation/error');
      if (USER_REGISTRATION_WITH_EMAIL_ADDRESS) {
         $this->set('uNameLabel', t('Email Address'));
      } else {
         $this->set('uNameLabel', t('Username'));
      }
      $txt = Loader::helper('text');


Hope this helps...
Mercedes92 replied on at Permalink Reply
In the root or in the updated folder? Replace what I have with the code provided?
Jupiter replied on at Permalink Reply
Jupiter
updated folder try with 5.6.3.1
Mercedes92 replied on at Permalink Reply
Still no luck... :(

If it helps, the client is experiencing a charset error on their website too when originally contacted.. It was affecting their editor, with foreign letters etc...
I ran some SQL through their database to change their charset to UTF-8.

This sadly did not correct the issue, but their site has been completely fine...
So I can't see how this would effect login, but just incase?
Jupiter replied on at Permalink Reply
Jupiter
I think you have to asked your client that in which version they have been updated the site?
Mercedes92 replied on at Permalink Reply
I have asked, and they do not know. However looking at the ftp dates and times when the last update had taken place, matches the date they said they ran the updates.

I did my fix on Monday and it's been completely fine for the last few days, so I can't see how this would be related?

Any other ideas to why I'm getting this enable cookie functionality pop up, when everything is enabled?
Tirick replied on at Permalink Reply
I am having the exact same issue on my site, just in the last few days. The last update I performed was to 5.6.3, in May, and it has been working seamlessly since, but in the last week I have been unable to log into the admin [sitename]/index.php/dashboard or the standard login [sitename]/index.php/login . This problem presented after I began getting Session (start/cache) errors, which appeared after my webhost did an Apache update. They resolved the session errors (they did not carry their settings over properly), and so the site itself works fine, but I am still unable to log in. I have made no modifications to any of the core files, although I did apply a theme months ago when I first setup C5.

I cannot see how anything in the core files would be effecting this, but my webhost is determined that this is a C5 problem. Is there anything you can think of on the hosting side which might cause corruption or misalignment with the Cookie functionality?

my website:http://tcfgaming.com

I don't have users enabled, just the administrator account.

Thank you,
Sean
Tirick replied on at Permalink Reply
So further into the process of trying to prove that the problem is on the host end, I backed up my files and did a clean install with the Softaculous install app (installs version 5.6.3.1).

I received no errors on the install, but when attempting to log in to the dashboard at tcfgaming.com/index.php/dashboard I get the following error:

Warning: session_write_close() [function.session-write-close]: open(/root/tmp/sess_2e63ff0f4698ec0d548001f55550e6cb, O_RDWR) failed: Permission denied (13) in /home/tirick/public_html/concrete/core/models/user.php on line 80
Warning: session_write_close() [function.session-write-close]: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/root/tmp) in /home/tirick/public_html/concrete/core/models/user.php on line 80
Warning: Cannot modify header information - headers already sent by (output started at /home/tirick/public_html/concrete/core/models/user.php:80) in /home/tirick/public_html/concrete/core/controllers/single_pages/login.php on line 315
Warning: Cannot modify header information - headers already sent by (output started at /home/tirick/public_html/concrete/core/models/user.php:80) in /home/tirick/public_html/concrete/core/controllers/single_pages/login.php on line 316
Warning: Cannot modify header information - headers already sent by (output started at /home/tirick/public_html/concrete/core/models/user.php:80) in /home/tirick/public_html/concrete/core/controllers/single_pages/login.php on line 317
Warning: Cannot modify header information - headers already sent by (output started at /home/tirick/public_html/concrete/core/models/user.php:80) in /home/tirick/public_html/concrete/core/libraries/controller.php on line 436
Warning: Unknown: open(/root/tmp/sess_f5eec6b892c72c8af43d93cc28613fea2a0f30dc, O_RDWR) failed: Permission denied (13) in Unknown on line 0
Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/root/tmp) in Unknown on line 0


I've contact the webhost, but if anyone has any suggestions, I'd be grateful. This is similar to the session errors I was getting late last week, which they 'fixed'. After their fix I started getting the cookie error.

Thank you,
Sean
AndyJ replied on at Permalink Reply
Hi Tirick,
I'd get back in touch with your host. For whatever reason Concrete5 cannot write the session info. Get the host to check out permissions on root/tmp and then take it from there (maybe they expanded the drive and nixed some of the rights).
Mercedes92 replied on at Permalink Reply
Did you manage to resolve it with your host? I will have to contact my client's host.
Was it a file permission in the core folders? If so, do you know which one?

Does a fresh install benefit with importing the current database?
Or do you get the same result?

Thanks in advance.
Tirick replied on at Permalink Reply
My host is still struggling to understand the cause, but they are terribly uncommunicative at times. They keep suggesting that it is the program at fault, but I pointed out that it was functional for months prior to last week, and I had made no changes to the files, so that was incredibly unlikely.

They have not communicated what settings they have played with. Without full data, I am presuming that there was an Apache change/update that broke Sessions in some way.

I should add, I can access 'Dashboard', (/index.php/dashboard) although there are still root permissions errors. Trying to get the overlay login(/index.php/login) to work is really where it is failing now, although it errors on sessions instead of cookies. I suspect the two issues are related however.
xxjames1975xx replied on at Permalink Reply
I too have been experiencing this error message but only when i typed in my credentials on the login page. If i used a browser that had stored my login info i was able to login in fine.

So after much testing on MAC and PC in different browsers i was finding i could login fine in most situations, but in the browsers i used frequently i was having issues.

So in the end i deleted all my browser data within Chrome from the "Beginning of time setting" and this seems to have done the trick.

Hope it helps
xxjames1975xx replied on at Permalink Reply
It now appears that our EU compliant cookie popup plugin "Free Cookies Disclosure - 1.0.3"
if you except cookies then try logging again you get the error message.

If you don't except and ignore the popup you can login fine.