Question Administrator second password

Nirjonadda · Sep 7, 2012

Hello
We have sucessfully transferred our website to new server now get one problem,Administrator second password not work,How to fix is issue ?

Fillip H. · Sep 8, 2012

Please be more specific than "not work". I cannot help you solve this issue without more information.

Nirjonadda · Sep 8, 2012

In Administrator Security when i set admin additional password to log in than i get popup login page , when i put user and password than hit logon , cannot login get popup login page again !

Fillip H. · Sep 8, 2012

Are you sure they are entering the username and password correctly? Have you tried resetting their passwords via the Administrator Security panel?

Also, does your PHP have safe mode enabled?

Nirjonadda · Sep 8, 2012

PHP's safe mode is off , yes I put username and password correct , but we get this issue when moved my site to new server,

Fillip H. · Sep 8, 2012

Is your server running as Apache module or CGI?

If you go to your PHP Info page and look at the "Server API", if it's Apache Module it will say "Apache 2.0 Handler" and if it's CGI it will say something like "CGI/FastCGI".

If it's running as CGI, unfortunately this won't work - for the same reason vB Optimise's opcode cachers won't work: CGI doesn't properly carry data between sessions per-user.

Nirjonadda · Sep 8, 2012

We have check with Server API : Apache and LiteSpeed but cannot login get popup login page again !

Fillip H. · Sep 9, 2012

I've never tested it with LiteSpeed so I couldn't say whether it works with that unfortunately

Fillip H. · Sep 10, 2012

If you were to disable Litespeed and go back to Apache (there should be a switch for that if you're using a WHM/cPanel-based host), and use the "DSO" method for loading PHP into Apache, does it work then?

Taurus · Jun 10, 2013

Fillip H. said:
Is your server running as Apache module or CGI?

If you go to your PHP Info page and look at the "Server API", if it's Apache Module it will say "Apache 2.0 Handler" and if it's CGI it will say something like "CGI/FastCGI".

If it's running as CGI, unfortunately this won't work - for the same reason vB Optimise's opcode cachers won't work: CGI doesn't properly carry data between sessions per-user.

Is this still an issue? I just purchased this mod exactly for this. Now I won't be able to use it? My server is running CGI. And now finally I understand why my vbOptimise is also not working properly!

Fillip H. · Jun 10, 2013

Unfortunately this is a limitation in PHP itself, it's not something we can work around

Taurus · Jun 10, 2013

Fillip H. said:
Unfortunately this is a limitation in PHP itself, it's not something we can work around

Would it be a good choice for me to perhaps switch to Apache module? Will it be worth it?

Fillip H. · Jun 10, 2013

You may have some problems with permissions if you do so - DSO runs with PHP as nobody, so if you're using phpSuExec or something similar that causes PHP-generated files to be written as the same user as your Apache user, then you're going to have major problems switching.

To check this, simply open up your /dbtech/vbshout/aop folder. Are the text files there created with the same UID and Group (you may need to enable these columns in your FTP app by right clicking the column header) as files you manually uploaded?

Taurus · Jun 12, 2013

Fillip H. said:
You may have some problems with permissions if you do so - DSO runs with PHP as nobody, so if you're using phpSuExec or something similar that causes PHP-generated files to be written as the same user as your Apache user, then you're going to have major problems switching.

To check this, simply open up your /dbtech/vbshout/aop folder. Are the text files there created with the same UID and Group (you may need to enable these columns in your FTP app by right clicking the column header) as files you manually uploaded?

Yes, it looks like it.

So I guess switching is perhaps not such a good idea then?

Thanks.

Fillip H. · Jun 12, 2013

You would need to change the owner/group on all files like that to 99/99 - and neither one of us would know how many files and where they are.

It's probably a very bad idea unless you feel like dealing with random "no permissions" or "file access denied" errors for days or weeks. We had to deal with it due to the security implications of using SuExec, but it was not a procedure we're anxious to repeat or undo.

If you're curious, the security implication is that if a shell script is uploaded, they will have the ability to modify all your PHP files and inject additional exploit code, making it much harder to detect.

andrewsimm84 · Nov 15, 2013

What would be the disadvantages from switching from fastcgi? I run a pretty big site.

Fillip H. · Nov 15, 2013

Everything listed in this thread, i.e. the permissions issues

If your site is well established you probably shouldn't switch, unless you have a very good reason for doing so.

andrewsimm84 · Nov 15, 2013

So I guess the best way to get a second password prompt is a .htaccess login?

Fillip H. · Nov 16, 2013

Correct, a control panel provided .htaccess login is better and will work with all PHP types

andrewsimm84 · Nov 16, 2013

Ok easy enough. Maybe have the mod detect if the server is using fastcgi and if so have an option instead to create the .htaccess file. It might make it easier for some users, but regardless it should detect if I am using FastCGI and not let me lock myself out.

Question Administrator second password

Nirjonadda

Fillip H.

Nirjonadda

Fillip H.

Nirjonadda

Fillip H.

Nirjonadda

Fillip H.

Fillip H.

Taurus

Fillip H.

Taurus

Fillip H.

Taurus

Fillip H.

andrewsimm84

Fillip H.

andrewsimm84

Fillip H.

andrewsimm84

Similar threads

Legacy vBSecurity

We value your privacy