Keven Fox Posted October 27, 2006 Share Posted October 27, 2006 Okay I posted it as a bug, but wanted to put out a heads up on this too.I was very impressed with all the security features with 2.2, I enabled the stronghold cookie and then I saw the htaccess thing.So I went and input my name and password.No problems until my admins said they can't get into the ACP. I figured it was a problem on their end until I checked around found my .htaccess and pass files. I downloaded them to my computer first then deleted them. Sure enough I could no longer get into the ACP.So I uploaded them back. There is no way to turn this "setting" off once you've done it.Is this a bug? Am I doing something wrong? Link to comment Share on other sites More sharing options...
bfarber Posted October 27, 2006 Share Posted October 27, 2006 If the htaccess no longer exists on the server, the ACP won't ask for the secondary login. That's an Apache feature. All you have to do to turn the setting off is to delete the htaccess/htpasswd files.I don't know exactly what you are doing so I can't say what it is 'wrong' you are doing. Perhaps the files are written with a permission so you can't actually 'delete' them from FTP, even though you thought you did? Link to comment Share on other sites More sharing options...
.KX Posted October 27, 2006 Share Posted October 27, 2006 If you are experiencing problems deleting a file via FTP. Here is what you should do.Providing you have CPanel, login to your CPanel and go to the File Manager. From there you can delete the file - and even if the file is protected (so that it can't be deleted) it will still be deleted. I'm not sure if this is a feature or bug of the CPanel File Manager but it's very useful sometimes. Link to comment Share on other sites More sharing options...
Keven Fox Posted October 27, 2006 Share Posted October 27, 2006 If the htaccess no longer exists on the server, the ACP won't ask for the secondary login. That's an Apache feature. All you have to do to turn the setting off is to delete the htaccess/htpasswd files.I don't know exactly what you are doing so I can't say what it is 'wrong' you are doing. Perhaps the files are written with a permission so you can't actually 'delete' them from FTP, even though you thought you did?When I delete the files from my admin folder then I am in the same boat as my admins, the log in popup keeps coming and doesn't stop. I input my name, password and boom it's up again.I want to REMOVE the htaccess option and it's not letting me. Not by deleting the files or anything.This has to be a bug, I saw a "feature" with the new IPB, and thought it would be good and now my own admins can't get into the acp. Link to comment Share on other sites More sharing options...
Keven Fox Posted October 27, 2006 Share Posted October 27, 2006 If you are experiencing problems deleting a file via FTP. Here is what you should do.Providing you have CPanel, login to your CPanel and go to the File Manager. From there you can delete the file - and even if the file is protected (so that it can't be deleted) it will still be deleted. I'm not sure if this is a feature or bug of the CPanel File Manager but it's very useful sometimes.I have no problems deleting any files and am quite aware of cPanel's File Manager to ensure deletions. Thanks though. Link to comment Share on other sites More sharing options...
bfarber Posted October 27, 2006 Share Posted October 27, 2006 Again, this is apache. Are you familiar with htaccess files?With an htaccess and htpasswd files, you can make Apache request a login before accessing the script. If you delete those files, Apache should no longer request the login. IPB has very little to do with this, other than showing you the code to put in the files and/or writing the files for you (if possible).After deleting the files, the login should go away, plain and simple. If it doesn't, the files didn't get deleted, or the request is somehow cached in your browser (not sure that's even possible). :blink: Link to comment Share on other sites More sharing options...
bfarber Posted October 27, 2006 Share Posted October 27, 2006 Can anyone else test this to confirm their results? Link to comment Share on other sites More sharing options...
Keven Fox Posted October 27, 2006 Share Posted October 27, 2006 Again, this is apache. Are you familiar with htaccess files?With an htaccess and htpasswd files, you can make Apache request a login before accessing the script. If you delete those files, Apache should no longer request the login. IPB has very little to do with this, other than showing you the code to put in the files and/or writing the files for you (if possible).After deleting the files, the login should go away, plain and simple. If it doesn't, the files didn't get deleted, or the request is somehow cached in your browser (not sure that's even possible). :blink:So how do I even FIX this? Like I said I enabled this because IP.Board suggested it in the security settings.And yes the files were deleted, but the setting may have remained in the ACP or something. Link to comment Share on other sites More sharing options...
bfarber Posted October 27, 2006 Share Posted October 27, 2006 There isn't a setting in the ACP to store this information - again, it's 100% an apache thing. All IPB does is suggest to create it, and check to see if one is there (to show a green/red status). :blink: Link to comment Share on other sites More sharing options...
Keven Fox Posted October 27, 2006 Share Posted October 27, 2006 The ACP has it under Security Settings. It takes you to where you input your username and password. So yes it's there.All IP.Board has to do is "suggest" it, I didn't know any better. It didn't say "oh by the way you're other admins won't be able to log in" Link to comment Share on other sites More sharing options...
Keith J. Kacin Posted October 27, 2006 Share Posted October 27, 2006 I have tested this and cannot reproduce. Some servers "hide" .htaccess files in normal browsing/FTP browsing... (as in makes any file that starts with a period not visible.).I would recommend contacting your webhost and having them look into this, have them see if the files are still present in the folder via SSH. Link to comment Share on other sites More sharing options...
Keven Fox Posted October 27, 2006 Share Posted October 27, 2006 Why was it even suggested if it was going to give this much trouble? Now I have to contact my host about the files I know and confirmed I deleted?This makes no sense at all. Link to comment Share on other sites More sharing options...
Keith J. Kacin Posted October 27, 2006 Share Posted October 27, 2006 Link to comment Share on other sites More sharing options...
bfarber Posted October 27, 2006 Share Posted October 27, 2006 Seriously -I apologize for the trouble, but you are doing something wrong. :) .htaccess password protection is a relatively common and simple procedure, and I don't know what else to tell you at this time.It doesn't make it so other admins can't login.The password prompt does not remain after the file is removed.If it does on your server, something is wrong with your server. I honestly don't know what else to tell you.PM me with your ACP url and login information, and your FTP login information. With or without the .htaccess file there. I need to see this firsthand. Cuz it's just not possible. Link to comment Share on other sites More sharing options...
Keven Fox Posted October 27, 2006 Share Posted October 27, 2006 Well I'm not seeing any help here. I have to get to bed after a long night at work.I suppose I should just prepare to reinstall IP.Board... >_< Link to comment Share on other sites More sharing options...
Keven Fox Posted October 27, 2006 Share Posted October 27, 2006 Seriously -I apologize for the trouble, but you are doing something wrong. :) .htaccess password protection is a relatively common and simple procedure, and I don't know what else to tell you at this time.It doesn't make it so other admins can't login.The password prompt does not remain after the file is removed.If it does on your server, something is wrong with your server. I honestly don't know what else to tell you.PM me with your ACP url and login information, and your FTP login information. With or without the .htaccess file there. I need to see this firsthand. Cuz it's just not possible.I'll give you a premade Admin account at my site so you can see what happens.Um lemme figure something out for the FTP I'm about to get to bed. Link to comment Share on other sites More sharing options...
Keith J. Kacin Posted October 27, 2006 Share Posted October 27, 2006 Link to comment Share on other sites More sharing options...
bfarber Posted October 27, 2006 Share Posted October 27, 2006 Link to comment Share on other sites More sharing options...
Keven Fox Posted October 27, 2006 Share Posted October 27, 2006 Well it doesn't work then.It asks you to enable by putting in your Username and Password, however my admins never get that chance. Link to comment Share on other sites More sharing options...
stooley Posted October 27, 2006 Share Posted October 27, 2006 You can make a .htaccess file by hand and that pop up will still occur even without the ACP knowing...it is an Apache thing...not IPB. I have deleted this file and can confirm that it works fine once deleted...no pop-up asking for a login. Link to comment Share on other sites More sharing options...
Keith J. Kacin Posted October 27, 2006 Share Posted October 27, 2006 Link to comment Share on other sites More sharing options...
ellawella Posted October 27, 2006 Share Posted October 27, 2006 What is the specific problem here? Are you still being prompted for a username/password when you access your ACP directory? If not, does the ACP load up OK? Have you tried restarting your browser and re-accessing the ACP? Link to comment Share on other sites More sharing options...
bfarber Posted October 27, 2006 Share Posted October 27, 2006 Ok, I've now got FTP and ACP access.There is no .htaccess file in the directory, and I got no prompt. Additionally, to have made my account, you must have been able to get into the ACP.In talking through PM, it seems there was apparently some confusion over WHAT login to use when the htaccess prompt comes up. This is NOT your IPB login - every admin MUST use the same login you specify when creating the file. Link to comment Share on other sites More sharing options...
Will L. Posted October 27, 2006 Share Posted October 27, 2006 what I think Mich Link to comment Share on other sites More sharing options...
Keven Fox Posted October 27, 2006 Share Posted October 27, 2006 All is well now please close this thread.Also could someone remove the bug report I made? I *thought* I had to log in with my forum details to allow access, but Brandon pointed it out to me that the htaccess login should be different and I can give that log in to all my admins.Makes sense now. I was being an idiot..... again.Please close Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.