HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Please upgrade here. These earlier versions are no longer being updated and have security issues.

Can't login to dashboard + no password reset

Hi,

I've finally managed to setup forum based on Vanilla & lovely Bootstrap.

1) Everything was working fine till today. I can't go to Dashboard anymore!
I'm logging on my Account, clicking Dashboard and page changes to Dashboard for a second, and the return to Forum page with link - http://www.makeupadviceforum.com/forum/#/dashboard/settings (added hash).

How to fix that? It's really annoying I can't manage my forum right now...

2) One of the users reported that they can't reset password. I created new account (received confirmation email) and it works. Then I reseted password and I receive link http://www.link.com/forum/entry/passwordreset/68847/2F2TCA - Clicked it and typed new password.
After that page reloaded to homepage and I didn't receive any email, and new password isn't working :(

Please guys I need some advices how to bring back my forum to life.

Kind Regards

Tagged:
«1

Comments

  • vrijvlindervrijvlinder Papillon-Sauvage MVP
    edited November 2012

    I was able to log in register and change passwords and picture.I was able to reset password etc. The reason it takes you to all categories is because that is the landing page you chose in dashboard.

    That link you posted to reset your password is for another website.If your data base has been hacked. I would contact your host and have them reset it all from backup.

    Everything seems to work for me.

  • @vrijvlinder: fuzz is talking about the dashboard, not the landing page. As for the second link, I think fuzz changed it manually. Anyways that is not looking like a hacked database to me.

    Unfortunately I can't realy help as I haven't expreienced these issues before and without access to the dashboard, it is hard to tell what is going wrong.

  • vrijvlindervrijvlinder Papillon-Sauvage MVP
    edited November 2012

    you can access dashboard from the back door via the files directly no? . class.entrycontroller.php well at least I think that is where the problem may be. Possibly removing the requirements to gain access to the dashboard interface. But there is not much you can really change from the dashboard as far as the login setup and the java. I could not log into the first forum I installed. Ended up reinstalling but this person has loads of content they may lose.

  • To be honest, I have no clue what you are talking about. If I had to blindly guess here, I would think that your rewrite rules in the .htaccess of the Wordpress install are conflicting with Vanilla's.

  • vrijvlindervrijvlinder Papillon-Sauvage MVP

    Yea I'm just guessing too , there is always a back way I mean if you have access to where the files are hosted. Wordpress has many login issues due to the worpress.org and wordpress.com . They have a whole page dedicated to explaining the difference . And about a thousand pages of people who can't log in.

    But it is their issue not vanilla. Their reset password link can go to the wrong place and you get no user of this name exists. People need to make sure they are logging into the right one or it's an endless loop of resetting passwords and not getting in.
    If you have another wp account using the same email will also cause this problem.

  • Database is fine, the only issue is I can't login back to dashboard and do anything. It worked fine, but now I can't do nothing... After logging and clicking Dashboard I'm just going there, and being redirected to the forum again.

    Is there an easy way to export vanilla data to some other forum? I'm really disappointed with it - never had so many problems with any cms/forum, and I'll rather pay for something stable like new vBulletin.

  • peregrineperegrine MVP
    edited November 2012

    @fuzz

    try editing your config

    // revert to default theme.
    $Configuration['Garden']['Theme'] = 'default';
    
    
    // remove temporarily   lines like this.
     $Configuration['Garden']['ExternalUrlFormat']
    $Configuration['Plugins']['EmbedVanilla']['ForceRemoteUrl'] = '1';
    
    try with  change to your .htaccess  (try both ways).
    
    # Original
    # If you modify this file then change the above line to: # Modified
    
       RewriteEngine On
       # Certain hosts may require the following line.
       # If vanilla is in a subfolder then you need to specify it after the /. 
       # (ex. You put Vanilla in /forum so change the next line to: RewriteBase /forum)
       # RewriteBase /
       RewriteCond %{REQUEST_FILENAME} !-d
       RewriteCond %{REQUEST_FILENAME} !-f
       RewriteRule ^(.*)$ index.php\?p=$1 [QSA,L]
    
    
    
    or this
    
    # Original
    # If you modify this file then change the above line to: # Modified
    
       RewriteEngine On
       # Certain hosts may require the following line.
       # If vanilla is in a subfolder then you need to specify it after the /. 
       # (ex. You put Vanilla in /forum so change the next line to: RewriteBase /forum)
        RewriteBase /forum
       RewriteCond %{REQUEST_FILENAME} !-d
       RewriteCond %{REQUEST_FILENAME} !-f
       RewriteRule ^(.*)$ index.php\?p=$1 [QSA,L]
    
    
    
    

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

  • @peregrine

    Thanks for your input.

    I tried to change .htaccess but nothing really changed.

    And about config.php I don't have lines like:

    $Configuration['Garden']['ExternalUrlFormat']
    $Configuration['Plugins']['EmbedVanilla']['ForceRemoteUrl'] = '1';

    Every time I click on Dashboard it returns with http://www.makeupadviceforum.com/forum/#/dashboard/settings and I'm seeing main page of the forum.

  • I changed theme to default. Same issue.

  • @fuzz

    Do you have .htaccess in multiple directories?

    also - it's a very good idea to mention the version of vanilla when you are posting a discussion. you are using 2.1a31.

    Especially when you are using an alpha version.

    and post your .htaccess

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

  • fuzzfuzz New
    edited November 2012

    I'm using Vanilla with Wordpress, so in root folder I've got WP files, and /forum

    .htaccess file from Vanilla is:

    http://pastebin.com/0jSTtMSm

    I've got also other .htaccess in root folder (from WP):

    http://pastebin.com/MnNbA2BC

    But when I setup new website and forum, everything was working fine.
    I probably tried to change some url to get password reset working (can't remember now what exactly) and after that I can't access my Dashboard.

  • peregrineperegrine MVP
    edited November 2012

    just for grins try changing in /forum folder

    http://pastebin.com/0jSTtMSm
    to

    # Original
    # If you modify this file then change the above line to: # Modified
    
       RewriteEngine On
       # Certain hosts may require the following line.
       # If vanilla is in a subfolder then you need to specify it after the /. 
       # (ex. You put Vanilla in /forum so change the next line to: RewriteBase /forum)
       # RewriteBase /
       RewriteCond %{REQUEST_FILENAME} !-d
       RewriteCond %{REQUEST_FILENAME} !-f
       RewriteRule ^(.*)$ index.php\?p=$1 [QSA,L]
    
    
    

    wait a few minutes and see if you can access site.

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

  • peregrineperegrine MVP
    edited November 2012

    I'm no .htaccess expert but if i were experimenting I would remove the one in root and keep the one in vanilla and vice-versa.

    I'm not sure how long it takes apache to reset .htaccess files.

    probably someone more expertise in .htaccess will know.

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

  • fuzzfuzz New
    edited November 2012

    I disabled .htaccess from Wordpress. Result is that WP stopped working, and it didn't helped with Vanilla.

    It must be something else then .htaccess but I can't figure out what.

    FIXED! I just changed $Configuration['Garden']['Embed']['Allow'] from TRUE to FALSE and it's fixed!

    **** So now the second problem... ****

    One of the users reported that they can't reset password. I created new account (received confirmation email) and it works. Then I reseted password and I receive link http://www.makeupadviceforum.com/forum/entry/passwordreset/68847/2F2TCA - Clicked it and typed new password. After that page reloaded to homepage and I didn't receive any email, and new password isn't working :(

  • That doesn't look like a new forum. Did you import from another forum software?

  • @DirtyDog said:
    That doesn't look like a new forum. Did you import from another forum software?

    Yeah I ported all data from some older version of Vanilla, which was also ported from phpbb years ago...

    Any solution for that mess? :D

  • vrijvlindervrijvlinder Papillon-Sauvage MVP
    edited November 2012

    I tested the login and resetting password, just about everything you mention works for me. I got the password , when I changed it I got the reset no problem. Why don't you make a test user so you can see how it acts with non admin. Did it 3 times to makes sure.
    Maybe the problem is with that user.

  • peregrineperegrine MVP
    edited November 2012

    what does it show in phpmyadmin in "user table" for that specific user
    under attributes.

    this means the password reset was requested and not acted upon.

    "PasswordResetKey";s:6:"2F2TCA";

    this means the password reset was requested and acted upon.

    "PasswordResetKey";s:0:""

    also see if password field for the problem user changes when you try to change.
    try manually change it from the dashboard, see if that fixes it.

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

  • I made 2 accounts with gmail/and my company mail, and I received confirmation mails, password changing links.

    But when I click the link and fill the form with new password I'm redirected to forum homepage, and I've got no confirmation that password change was successful.

    When I want to login with new password I've got error "Sorry, permission denied.", and when I try old password it's "The password you entered was incorrect. Remember that passwords are case-sensitive."

    So it's not only problem with old members, but even with fresh accounts.

  • if you look here and give details it might provide a clue where things are breaking down.

    http://vanillaforums.org/discussion/comment/170592/#Comment_170592

    other than that and a possible problem with .htaccess - I've got no more ideas.

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

Sign In or Register to comment.