[development] Force admin login

Tomáš Fülöpp (vacilando.org) tomi at vacilando.org
Thu Mar 4 01:05:35 UTC 2010


The saga still continues -- but finally I am very close to solution. I
wonder if anybody has an idea to help me in the last meter/yard...

Forget about views causing the problem. I have found out that users (incl
superadmin) are logged out when *images are displayed*!

For historical reasons, the site has tens of thousands images like e.g.
http://WWW.DOMAIN.TLD/en/system/files/images/image.jpg
which are in fact in
http://WWW.DOMAIN.TLD/sites/DOMAIN.TLD/files/images/image.jpg

And accessing any page (be it a view or node) that shows an image located in
/system causes this logout.
I am sure about it - I blocked images in the browser, logged in, browsed
happily, then in a different tab I loaded just the image
http://WWW.DOMAIN.TLD/en/system/files/images/image.jpg and when I returned
to the page I was logged in to, the following click was to an anonymous
page.

I've spent hours looking at /admin/settings/file-system but it is simply
providing the usual path site/DOMAIN.TLD/files and anyway, the image
http://WWW.DOMAIN.TLD/en/system/files/images/image.jpg does show to
anonymous, so the private system works, it's just that it kills the session.
I've allowed permission "view uploaded files" but again, that's not
important.

So the question is -- what could have caused change. *Why did
http://WWW.DOMAIN.TLD/en/system/files/images/image.jpg show for a year
without a problem and now its mere appearance kills the user session.*

I realize this thread possibly shifts from development / debugging issue to
a support one, but I hope you can bear with me for the final run. It's been
a crazy marathon with a site others have admin rights to so I had to
discover and guess what they inadvertently changed...

Thanks for any tip,

.t





On Thu, Feb 25, 2010 at 01:05, Greg Knaddison <greg.knaddison at gmail.com>wrote:

> I'll bet on a
>
> $user->uid = 0;
> or
> $user = user_load(0);
>
> Somewhere in a view php block or theme code affecting your view.  If
> that's it, see http://drupal.org/node/218104
>
> Regards,
> Greg
>
> On Wed, Feb 24, 2010 at 5:03 PM, Tomáš Fülöpp (vacilando.org)
> <tomi at vacilando.org> wrote:
> > Cameron, yes, something must've changed.. module or something else.
> >
> > So, third day, still no luck. (I had to log in 600x today alone!)
> >
> > But I found something for sure. It is related to Views (current stable
> > version). I stay logged in whenever browsing admin or content types, but
> > when I access a Views table, any of them (of profiles or content types
> > alike), suddenly I am logged out. There is no "access denied", because
> these
> > views are all public (unrestricted permissions), they do show, but there
> are
> > no admin links etc around on that moment. And nothing in php log, nothing
> > useful in watchdog. Like usually in despair in small hours, I start to
> > consider the work of black magic.... :-(
> >
> > Thanks in any case to those who've added their 2 cents of ideas.
> >
> >
> >
> >
> > On Wed, Feb 24, 2010 at 16:15, Cameron Eagans <cweagans at gmail.com>
> wrote:
> >>
> >> If the site has been working for a year now without any problems,
> >> something had to change, right? What changed? New modules maybe? What
> >> modules do you have installed? Maybe one of them is dumping your session
> or
> >> something.
> >>
> >> On Wed, Feb 24, 2010 at 7:55 AM, Tomáš Fülöpp (vacilando.org)
> >> <tomi at vacilando.org> wrote:
> >>>
> >>> Good idea, Mark. Checked time zone -- but it is correct. Anyway, if
> that
> >>> were the problem then it would not work in maintenance mode, I assume.
> >>>
> >>>
> >>>
> >>> On Wed, Feb 24, 2010 at 15:27, Mark Noble <mark-d-noble at comcast.net>
> >>> wrote:
> >>>>
> >>>> It's possible that it is a time zone issue / session length issue.  We
> >>>> were having a problem on another (non-Drupal site) where the user
> would be
> >>>> logged out immediately or in a very short time.  It turned out that
> their
> >>>> timezone settings were incorrect which caused the cookie to expire
> >>>> immediately rather than after our one hour default session length.
> Fixing
> >>>> the timezone worked as did increasing the default session length.
> >>>>
> >>>> Regards,
> >>>> Mark Noble
> >>>>
> >>>> On 2/24/2010 5:29 AM, Tomáš Fülöpp (vacilando.org) wrote:
> >>>>
> >>>> Hi,
> >>>>
> >>>> Thanks for the quick comments. Quick replies:
> >>>>
> >>>> It may be a cookie problem, but only in ways I am not understanding.
> It
> >>>> is not the case of blocked cookies in browser. After all, many other
> Drupal
> >>>> sites, same version, work.
> >>>> User table record 0 (anon) is intact, so is record 1 (admin).
> >>>> Setting cookie domain with www - tried, but no effect. After all, it's
> >>>> been working for more than a year without www.
> >>>> Corrupt session table? I don't think so -- as I said, I truncated it.
> >>>> Also ran analysis and repair on it, and on all other tables as well,
> in
> >>>> fact.
> >>>>
> >>>> Now, there is some progress. I have set the site to maintenance mode
> by
> >>>> setting the "site_offline" variable.
> >>>> SURPRISE - I am not being kicked out of the session! Tried all sorts
> of
> >>>> things - access rebuild, cache clearing, switching off all but bare
> >>>> necessary modules, opening and saving permissions page and the admin
> user
> >>>> account, etc., logical and illogical things.
> >>>>
> >>>> Still, however, when I set the site out of the maintenance mode, it
> >>>> kicks me out of the session on second or third click. Sometimes more
> clicks.
> >>>> I think I went up to 5.
> >>>>
> >>>> I wonder why should it work in maintenance mode but not without it?
> >>>> Cookies seem to be OK, right? Session table as well. It must be
> something
> >>>> else.. but what?
> >>>> This is the crucial question: What is special about the maintenance
> mode
> >>>> that could be causing this difference? This should narrow down the
> possible
> >>>> causes.
> >>>>
> >>>> Thanks for any further ideas...
> >>>>
> >>>> Tomáš
> >>>>
> >>>> PS Btw, I've also installed the dev version of D6 (because of the menu
> >>>> router problem, which I was experiencing in D6.15 and I suspected that
> could
> >>>> be a problem), but it did not help.
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>> On Wed, Feb 24, 2010 at 04:31, Don <donald at fane.com> wrote:
> >>>>>
> >>>>> I've seen a corrupt sessions MySQL table cause problems too.
> >>>>>
> >>>>> -Don-
> >>>>>
> >>>>> On 2/23/2010 9:57 PM, Randy Fay wrote:
> >>>>>
> >>>>> Since this *really* sounds just like the "cookies not enabled in
> >>>>> browser" situation, I just wanted to mention something I'm sure you
> already
> >>>>> tried, which is accessing it from a different browser or computer.
> >>>>>
> >>>>> It's trivial to make all drupal logins stop working: You just turn
> off
> >>>>> cookies in the browser, and it works just like you're describing.
> >>>>>
> >>>>> -Randy
> >>>>>
> >>>>> On Tue, Feb 23, 2010 at 5:30 PM, larry at garfieldtech.com
> >>>>> <larry at garfieldtech.com> wrote:
> >>>>>>
> >>>>>> You can always edit the database directly.
> >>>>>>
> >>>>>> It sounds like a cookie problem, though.  Try setting the cookie
> >>>>>> domain explicitly in your settings.php file to just example.com(not
> >>>>>> www.example.com, or whatever).
> >>>>>>
> >>>>>> Also, check to make sure that uid 0 is still intact in the database.
> >>>>>> That's another common source of weirdness, in my experience.
> >>>>>>
> >>>>>> --Larry Garfield
> >>>>>>
> >>>>>> Tomáš Fülöpp (vacilando.org) wrote:
> >>>>>>>
> >>>>>>> Hi,
> >>>>>>>
> >>>>>>> Is there a backdoor way to force admin login if everything fails?
> >>>>>>> Something like the way $update_free_access is changed to TRUE to
> allow
> >>>>>>> running update.php....?
> >>>>>>>
> >>>>>>> A client got locked out of D6.15 completely, including admin. Login
> >>>>>>> seems to work (I see admin only links on logon), cookies are set,
> but only
> >>>>>>> on the initial page.... any subsequent click is treated as done by
> an
> >>>>>>> anonymous user (checked the watchdog this way). I've cleared all
> browser
> >>>>>>> caches, Drupal caches via the db, also the Drupal sessions table,
> checked
> >>>>>>> the cookie domain, the admin user record exists in the user table,
> etc. in
> >>>>>>> settings.php, deleted and re-uploaded D6.15. Nothing in the php
> logs.
> >>>>>>> Nothing unusual in watchdog - just access denied by anonymous...
> Spent an
> >>>>>>> equivalent of a day on this but I know there is a ton of things I
> can still
> >>>>>>> try - e.g. rebuild access rights. But I do need to log in first,
> only by
> >>>>>>> myself. So... is there a way to force admin login? Cannot find this
> info
> >>>>>>> anywhere.
> >>>>>>>
> >>>>>>> Thanks!
> >>>>>>>
> >>>>>>> Tomáš
> >>>>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>> --
> >>>>> Randy Fay
> >>>>> Drupal Development, troubleshooting, and debugging
> >>>>> randy at randyfay.com
> >>>>> +1  970.462.7450
> >>>>>
> >>>>>
> >>>>
> >>>
> >>
> >
> >
>
>
>
> --
> Greg Knaddison | 303-800-5623 | http://growingventuresolutions.com
> Mastering Drupal - http://www.masteringdrupal.com
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/development/attachments/20100304/3890ed12/attachment-0001.html 


More information about the development mailing list