Php photo gallery TWG | JFUploader | TWG Flash upload | WFU | Forum

Get help for TinyWebGallery, the best image gallery. The forum is also home for the Joomla JFUploader, TWG Flash Uploader and the Wordpress flash uploader.
It is currently 17. Dec 2017, 14:11

All times are UTC + 1 hour [ DST ]




Post new topic Reply to topic  [ 16 posts ]  Go to page 1, 2  Next
Author Message
PostPosted: 18. Oct 2015, 17:03 
Offline

Joined: 6. Oct 2014, 18:14
Posts: 11
Same problem (new) on 3 long-time TWG installations: 2 with 2.0, one with 2.2 + 1.6-2.3 patch.

Example: irishnewengland.com/twg22/

This happens when logged in and using ADMINISTRATION link, or when inputting admin/index.php at browser address line.

Scripts seem to operate normally at front end, and we can create folders and upload files.

But unable to change config etc.

How can we fix this?

Thanks.


Top
 Profile  
 
PostPosted: 18. Oct 2015, 21:18 
Offline
Site Admin
User avatar

Joined: 1. Aug 2005, 12:53
Posts: 10573
If I got to http://www.irishnewengland.com/twg22/admin/index.php I see the administration.
Do you still have the problem?

Best, Michael


Top
 Profile  
 
PostPosted: 19. Oct 2015, 12:11 
Offline

Joined: 6. Oct 2014, 18:14
Posts: 11
Michael:

Yes, now I get login screen, but upon logging in I land here:

http://www.irishnewengland.com/twg22/ad ... &sview=yes

and get 404 page again.

-DB


Top
 Profile  
 
PostPosted: 19. Oct 2015, 23:57 
Offline
Site Admin
User avatar

Joined: 1. Aug 2005, 12:53
Posts: 10573
Do you get any errors in the log file?

best Michael


Top
 Profile  
 
PostPosted: 20. Oct 2015, 15:38 
Offline

Joined: 6. Oct 2014, 18:14
Posts: 11
No, no errors in the logfile. It just shows what appears to be a series of normal logins.


Top
 Profile  
 
PostPosted: 23. Oct 2015, 11:49 
Offline

Joined: 6. Oct 2014, 18:14
Posts: 11
Received this from Dreamhost tech support:

------------
Hello,

Thank you for contacting DreamHost support!

There is a critical security issue with the way i fixed the error, and
you'll want to warn the developer about it...

So the problem can be found in the url of the 404 error when trying to
login at admin/index.php (not login.php)

http://www.irishnewengland.com/twg22/ad ... &sview=yes

Notice how view=no towards the end of the url. Change that to "yes" and
you will fix the 404 error.

http://www.irishnewengland.com/twg22/ad ... &sview=yes
--------------------------

Is that a change that needs to be made in the TWG script or ??


Top
 Profile  
 
PostPosted: 23. Oct 2015, 22:19 
Offline
Site Admin
User avatar

Joined: 1. Aug 2005, 12:53
Posts: 10573
Hi,

I cannot reproduce this at all.

And I don't know why this is a critical security error?
One setting seems to give a 404. Which is not a security issue ;).

Can you reproduce this?

Best, Michael


Top
 Profile  
 
PostPosted: 29. Oct 2015, 18:45 
Offline

Joined: 6. Oct 2014, 18:14
Posts: 11
Michael:

Here is the debug file from twg2 on topnewenglandvacations.com as of right now:

-------------
05.13.2014 9:54:12 - Security tokens did not match. Session: 0 : param 1392230470954712714829000041046 no further actions are allowed.
05.25.2014 8:53:16 (en) - XML error increaseCount: XML declaration not finished at line 1 (./xml/Nova Star Christening 12 May 2014_image_counter.xml was renamed to ./xml/Nova Star Christening 12 May 2014_image_counter.xml_20140525085316.bak - please check this file if you want to restore your data) - DATA:_?xml version='
05.25.2014 8:54:00 (en) - XML error increaseCount: XML declaration not finished at line 1 (./xml/Nova Star Christening 12 May 2014_image_counter.xml was renamed to ./xml/Nova Star Christening 12 May 2014_image_counter.xml_20140525085400.bak - please check this file if you want to restore your data) - DATA:_?xml version='
05.25.2014 8:58:49 (en) - XML error increaseCount: XML declaration not finished at line 1 (./xml/Nova Star Christening 12 May 2014_image_counter.xml was renamed to ./xml/Nova Star Christening 12 May 2014_image_counter.xml_20140525085849.bak - please check this file if you want to restore your data) - DATA:_?xml version='
12.08.2014 15:39:26 (en) - XML error increaseCount: XML declaration not finished at line 1 (./xml/Nova Star Christening 12 May 2014_image_counter.xml was renamed to ./xml/Nova Star Christening 12 May 2014_image_counter.xml_20141208153926.bak - please check this file if you want to restore your data) - DATA:_?xml version='
06.17.2015 1:51:05 (en) - XML error increaseCount: XML declaration not finished at line 1 (./xml/Nova Star Christening 12 May 2014_image_counter.xml was renamed to ./xml/Nova Star Christening 12 May 2014_image_counter.xml_20150617015105.bak - please check this file if you want to restore your data) - DATA:_?xml version='
10.29.2015 9:28:23 (en) - ERROR 8 in ns.com/twg2/admin/_include/fun_admin.php, line 399: Undefined index: action
10.29.2015 9:28:23 (en) - ERROR 8 in ns.com/twg2/admin/_include/fun_admin.php, line 399: Undefined index: action
-----------------

We were able to access this by re-uploading the original .htusers.php file, logging in with the default login, changing password but then STAYING LOGGED IN.

(Because we're unable to log back in to admin after changing password.)

Does that file tell you anything about this problem?

-DB


Top
 Profile  
 
PostPosted: 29. Oct 2015, 22:42 
Offline
Site Admin
User avatar

Joined: 1. Aug 2005, 12:53
Posts: 10573
No.

ERROR 8 in ns.com/twg2/admin/_include/fun_admin.php, line 399: Undefined index: action

is strange.

So you run the latest version?

Best, Michael


Top
 Profile  
 
PostPosted: 30. Oct 2015, 12:45 
Offline

Joined: 6. Oct 2014, 18:14
Posts: 11
Michael:

The version at topnewenglandvacations.com for which I sent the error log earlier is 2.0.

But here is error log from V2.3 installed this week at davidhboggs.com:

-----------
10.30.2015 3:33:49 (en) - ERROR 8 in s.com/twg23/admin/_include/fun_admin.php, line 399: Undefined index: action
10.30.2015 3:33:49 (en) - ERROR 8 in s.com/twg23/admin/_include/fun_admin.php, line 399: Undefined index: action
-----------

Here is the code beginning at line 399 of fun_admin.php:

-----------
if ($GLOBALS['__GET']["action"] != 'admin' && $GLOBALS['__GET']["action"] != 'login' ) {
if ($GLOBALS['__POST']) {
$user=stripslashes($GLOBALS['__POST']["user"]);
if($user=="" || $GLOBALS['__POST']["home_dir"]=="") {
show_error($GLOBALS["error_msg"]["miscfieldmissed"]);
}
if($GLOBALS['__POST']["pass1"]!=$GLOBALS['__POST']["pass2"]) show_error($GLOBALS["error_msg"]["miscnopassmatch"]);
$data=find_user($user,NULL);
if($data!=NULL) show_error($user.": ".$GLOBALS["error_msg"]["miscuserexist"]);
// checks if a users has a | in the folder - this is only allowed for front end users.
if (checkFolder($GLOBALS['__POST']["home_dir"],$GLOBALS['__POST']["permissions"])) {
show_error($GLOBALS["error_msg"]["multiplefolder"]);
}
if (!checkFolderContent($GLOBALS['__POST']["home_dir"])) {
$GLOBALS['__POST']["home_dir"] = ".";
}
}
}
-----------

Is that helpful at all?

-DB


Top
 Profile  
 
PostPosted: 31. Oct 2015, 02:11 
Offline
Site Admin
User avatar

Joined: 1. Aug 2005, 12:53
Posts: 10573
What is in the url (the request) if you get this error?

Best, Michael


Top
 Profile  
 
PostPosted: 1. Nov 2015, 13:30 
Offline

Joined: 6. Oct 2014, 18:14
Posts: 11
Michael:

When I start at

http://www.davidhboggs.com/twg23/

and click "LOGIN"

I land here:

http://www.davidhboggs.com/twg23/index. ... &twg_show=

And if I then click the "Administration" link which goes to here:

http://www.davidhboggs.com/twg23/admin/index.php

on this site, I then land on "418 unused" error page.

That is the click that produces the error in the log.

-DB


Top
 Profile  
 
PostPosted: 1. Nov 2015, 22:39 
Offline
Site Admin
User avatar

Joined: 1. Aug 2005, 12:53
Posts: 10573
I do exactly the same and have no problem at all. On none of my systems.

Which php version do you use?

Best, Michael


Top
 Profile  
 
PostPosted: 3. Nov 2015, 13:32 
Offline

Joined: 6. Oct 2014, 18:14
Posts: 11
davidhboggs.com is running PHP 5.6.10 with zend engine 2.6.0


Top
 Profile  
 
PostPosted: 3. Nov 2015, 13:44 
Offline
Site Admin
User avatar

Joined: 1. Aug 2005, 12:53
Posts: 10573
o.k. I have not tested with 5.6 yet. I need to test with this first.

Best, Michael


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 16 posts ]  Go to page 1, 2  Next

All times are UTC + 1 hour [ DST ]


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
cron
Powered by phpBB® Forum Software © phpBB Group

phpBB SEO