General ⇒ FAQ (Frequently Answered Questions) :: Archives ⇒ SuperUser locked out again... :: Archived ⇒ Community Forums ⇒ CPG Dragonfly™ CMS
Forum IndexFAQ (Frequently Answered Questions)

Archived ⇒ SuperUser locked out again...


I hope this is a stupid user error or hack (unlikely), but this is the third time I've found myself locked out of a prototype installation (CVS), after leaving it languishing for a month or so without time to work on it. The past 2 times I did a reinstall.

Insight anyone?

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Linux / 1.3.33 / 4.4.0 / 4.1.19-st / CVS


what kind of lock out?

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Fedora 25 / Apache 2.4.27 / MariaDB 10.1.26 / PHP 7.1.10 / Mercurial


the cms no longer recognizes the username and password as an admin or in some cases, a valid user (last time I created mutiple accounts just in case). (all kept on record in a password db). Install files are removed from the site....

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Linux / 1.3.33 / 4.4.0 / 4.1.19-st / CVS


QUESTION:


Can the MySQL db be edited directly to convert a normal user to Admin level? (or superuser?)
(is it the "user_level" field?)

Looking at the db shows only 1 of the 5 users I'd registered as Admins, and no superuser.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Linux / 1.3.33 / 4.4.0 / 4.1.19-st / CVS


OK, sorry. Found a note to myself from last time, indicating that logging in from the domain.com/admin.php seems the way in for the superuser. It doesn't explain why the other users aren't registered but it's a start.

Final question is regarding an error notice in the hosting control panel for MySQL, which states:

"PRIMARY and INDEX keys should not both be set for column `user_id`

Is this anything to be concerned about?

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Linux / 1.3.33 / 4.4.0 / 4.1.19-st / CVS


admin.php is the way in for any admin access, whether superuser or not.

The "keys" issue can be repaired manually by removing duplicates through phpmyadmin, but is not really an issue to be concerned about.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
linux / apache 2.2.22 / mysqli 5.6.34 / 7.1.22 / 10.0.48.9418+


Are you using the default admin.php?

There could be a bot trying to get into your admin account. Normally you would rename the admin.php to something else only your admins need to know.

To get your account 'unlocked', you'll need to go onto your host, and delete nuke the a_login.php in your /cache directory, then try and login again.

The system is designed to lock down the admin accounts with 3 password errors.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Linux 2.4.32 / Apache 1.3.37 / MySQL 5.0.16 / PHP 5.2.2 / Dragonfly CVS


...and there was light.

Excellent. Now it's making sense. Many, many thanks. Laughing

LHEA (living happily ever after)

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Linux / 1.3.33 / 4.4.0 / 4.1.19-st / CVS


Beldak wrote
Are you using the default admin.php?

There could be a bot trying to get into your admin account. Normally you would rename the admin.php to something else only your admins need to know.

To get your account 'unlocked', you'll need to go onto your host, and delete nuke the a_login.php in your /cache directory, then try and login again.

The system is designed to lock down the admin accounts with 3 password errors.

Good god glad I found this post. My co-admin got locked out and I couldn't find anything in the database concerning this lol. Thanks!

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Linux/1.3.33/4.0.27/4.4.7/9.1.2.1


hmm, it's been in the FAQ forever » Login Problems

I'll move this topic to the FAQ forum as well - should have more visibility there.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
linux / apache 2.2.22 / mysqli 5.6.34 / 7.1.22 / 10.0.48.9418+


ACIDRAIN wrote
Beldak wrote
Are you using the default admin.php?

There could be a bot trying to get into your admin account. Normally you would rename the admin.php to something else only your admins need to know.

To get your account 'unlocked', you'll need to go onto your host, and delete nuke the a_login.php in your /cache directory, then try and login again.

The system is designed to lock down the admin accounts with 3 password errors.

Good god glad I found this post. My co-admin got locked out and I couldn't find anything in the database concerning this lol. Thanks!


Really, and what kind of security do you think Dragonfly CMS has? You folks really think that we'd allow you to just brute-force an admin page?

Floor laughing

J.
j e r u v y a t y a h o o d o t c o m

Need help? Look here: www.dragonflycms.org/W...d=112.html
Need to chat? Look for me on irc.freenode.net

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Ubuntu7.10/Debian3.1 - 2.2.3/1.3.37 - 5.0.38/4.0.27 - 5.2.1/4.4.7 - CVS/9.1.2}


There could be a bot trying to get into your admin account. Normally you would rename the admin.php to something else only your admins need to know.


This should not just be in a FAQ but in the Install Wiki!

What is the best choice between having a private super admin, (so that you can guarantee their is always access,} or changing the login page? I know what sounds so much easier!
Confused

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
CentOS Apache_2.0 Mysql_5.0 PHP_5.2 Dragonfly_9.1


Good point Irvine.

J.
j e r u v y a t y a h o o d o t c o m

Need help? Look here: www.dragonflycms.org/W...d=112.html
Need to chat? Look for me on irc.freenode.net

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Ubuntu7.10/Debian3.1 - 2.2.3/1.3.37 - 5.0.38/4.0.27 - 5.2.1/4.4.7 - CVS/9.1.2}

All times are UTC