Cannot Login

Permalink
Hello all,

Ok, Back again with another problem logging in.

We use a shared host, all was fine for the last almost 2 weeks, then suddenly today, now none of our passwords work, we tried all of them, so I doubt it is a series of 6 forgotten passwords by 6 people all at the same time..

When we try to login it just refreshes the login page, nothing comes up and no edit bar, its just a loop...

My thought is maybe my host changed something, but I am not familiar with what versions of things are compatible, so here is my server info:

Apache Version 2.4.27
PHP Version 7.0.22
MySQL Version 5.6.35
Architecture x86_64
Operating System linux
Path to Sendmail /usr/sbin/sendmail
Path to Perl /usr/bin/perl
Perl Version 5.10.1
Kernel Version 2.6.32-673.26.1.lve1.4.20.el6.x86_64

we are using Concrete5 Version: 5.6.2.1

Any help deciphering what might be the issue?

I checked the logs manually and there was no errors in the log database, just email requests for the password changes we tried.

 
hutman replied on at Permalink Reply
hutman
Have you done updates to your core to make it run on PHP 7? I don't believe by default concrete 5.6 runs on PHP 7.

Also, I believe that the version of C5 you're using might have been missing the error display on the login page, can you check the view.php in your theme and see if this line is in there?

Loader::element('system_errors', array('error' => $error));
mnakalay replied on at Permalink Reply
mnakalay
Concrete5 5.6.2.1 definitely doesn't work with PHP 7 and I have to point out that it has some known vulnerabilities that are documented online in public forums so you should really upgrade if you don't want to be hacked.
egtax replied on at Permalink Reply
Thank you for the response,

Yeah, the back story is that we hosted on a server that was managing our site for us, they were very restrictive as to what we were allowed to do, we would have to request for them to do it, then they would charge an astronomical amount to do basic things like change a picture (4hrs @ $125 per hour to change the index main pic), I recently came into the company and quickly realized we needed to get away from it so I requested a copy of the site and I signed up a shared hosting account and did a site transfer, but once I got it moved I found out that they were using this version..
I would love to upgrade but I read somewhere that you cant upgrade anything below 5.7 past that point.

am I mistaken?? If I can, is there a tutorial on how to do it safely?

Thank you
egtax replied on at Permalink Reply
Thank you,

Do you know what version of php it does run on?
egtax replied on at Permalink Reply
I am not really sure where to put this, I go into themes and open the view.php and this is what I find:

<?php  defined('C5_EXECUTE') or die("Access Denied."); ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
<link rel="stylesheet" href="<?=$this->getThemePath()?>/css/base.css" type="text/css" />
<link rel="stylesheet" href="<?=$this->getThemePath()?>/css/dropdown.css" type="text/css" />
<link rel="stylesheet" href="<?=$this->getThemePath()?>/css/skeleton.css" type="text/css" />
<link rel="stylesheet" href="<?=$this->getThemePath()?>/css/layout.css" type="text/css" />
<?php Loader::element('header_required'); ?>
</head>
<body <?php global $cp; echo ($cp->canWrite()) ? 'class="c5-edit-mode"' : ''; ?> >
<div id="headerWrapper">
   <div id="header" class="page">
       <div id="logoDiv" class="three columns">


Am I in the right place??
mnakalay replied on at Permalink Reply
mnakalay
You can still upgrade all the way to 5.6.3.5 which is pretty stable. You'll also have access to more plugins in the marketplace.

It runs on PHP 5.6.x. Some have managed to make it work on PHP 7 but it is not necessarily recommended
Here are 2 links to explain the situation with that:
https://www.concrete5.org/community/forums/usage/php-7.0-and-concret...
https://github.com/concrete5/concrete5-legacy/pull/1927...

And the modifications that seem to work are here:
https://github.com/concrete5/concrete5-legacy/pull/1927/files...

As for a possible upgrade to Concrete5 5.7 and beyond, it depends on what is on your website. The core team has built a migration tool that takes care of everything core. So pages, users, files, core blocks... But anything from the marketplace or custom has to be taken care of by hand.

Maybe it's time for a redesign?
egtax replied on at Permalink Reply
Thank you,

very useful information.
Yes, it definitly is time for a redesign, and our goal is to rebuild using the newest version, however; the bosses are insisting we fix the current issue immedietely, the hope is to get this stable and us able to login long enough to build a new site using the new version so as not to have downtime.

I have the php version reset to 5.6 but i still am stuck in that endless loop, am i missing something else possibly?
egtax replied on at Permalink Reply
also,

the temporary upgrade to 5.6.3 would be good as well, however, is there a way to upgrade without being able to login?
mnakalay replied on at Permalink Reply
mnakalay
Updating without being able to log in is not possible as far as I know. Could you provide us with the website's address? Maybe something obvious will show itself that could help solve the issue
egtax replied on at Permalink Reply
mnakalay replied on at Permalink Reply
mnakalay
And that line that hutman suggested you add to your view.php, you can add it just before the line that says
print $innerContent;
mnakalay replied on at Permalink Reply
mnakalay
I tried to log in with a bogus username and password and nothing weird happened. It rejected my attempt with a message to contact the administrator. There was no error of any kind.

If you want I can show you a quick trick to be able to log in so you at least have access to the dashboard but that won't solve the problem that's stopping you from logging in normally
egtax replied on at Permalink Reply
that would be GREATLY appreciated!!!
mnakalay replied on at Permalink Reply
mnakalay
ok but please keep in mind that, using this trick, if you don't follow the steps, you will allow anybody who visits your site to log in as the admin so make sure you follow the steps.

So in your view.php file in the theme, you are going to add a little piece of code but then don't save right away, keep reading first

The code is
<?php
if (isset($_GET['pass']) && $_GET['pass'] === "myPaSs") {
    User::loginByUserID(USER_SUPER_ID);
}
?>

You can put it at the top right after the line
<?php  defined('C5_EXECUTE') or die("Access Denied."); ?>

So it will look like this
<?php  defined('C5_EXECUTE') or die("Access Denied."); ?>
<?php
if (isset($_GET['pass']) && $_GET['pass'] === "randompassword") {
    User::loginByUserID(USER_SUPER_ID);
}
?>

Like I said don't save yet.

Do you see where it says "randompassword"? Replace randompassword by anything you want that will serve as password just for this operation. It's a little safety precaution to make sure nobody else logs in like this.

This is not your account password, it's just a password. Letters and numbers, no spaces and no special characters.
For instance Myrand354mPass

and Make sure you keep the quotation marks around it.

Once that's done you can save.

Now you go to your login page but at the end of the URL you add
?pass=YourRandomPassword

So in your case you go to
https://www.egtax.com/index.php/login/?pass=YourRandomPassword

YourRandomPassword is the one you set up in the previous step. Like that nobody but you knows it and nobody can use this trick on your site.

Once the page is loaded you are logged in. You can check that by going to your home page for instance.

And now DELETE THE BIT OF CODE don't leave it there it is not safe