admin panel?

Discussion of general topics related to the new version and its place in the world. Don't discuss new features, report bugs, ask for support, et cetera. Don't use this to spam for other boards or attack those boards!
Forum rules
Discussion of general topics related to the new release and its place in the world. Don't discuss new features, report bugs, ask for support, et cetera. Don't use this to spam for other boards or attack those boards!
User avatar
lwq
Registered User
Posts: 64
Joined: Thu Nov 06, 2003 9:12 am
Location: Singapore
Contact:

admin panel?

Post by lwq »

how do i get into the admin panel?i couldn't even go in... it ask me to re-authenticate myself and i tried for so many times yet can't go in.


I know that i am not supposed to ask for support,but i just want to ask to know why.
lwq
User avatar
Ptirhiik_
Registered User
Posts: 526
Joined: Tue Nov 18, 2003 8:35 am

Re: admin panel?

Post by Ptirhiik_ »

The answer is quite simple and obvious : the CVS snapshots are not a finished product. If you can sort this by yourself, I strongly advice you to stop there and to wait for a snapshot that will allow access.

IMHO, this is not fixed since many weeks (monthes ?) to prevent people that haven't the skills to sort it to go further with the snapshots, but I may be wrong.
User avatar
IronDogg
Registered User
Posts: 5
Joined: Sat Oct 30, 2004 7:31 pm

Re: admin panel?

Post by IronDogg »

Ptirhiik_ wrote:IMHO, this is not fixed since many weeks (monthes ?) to prevent people that haven't the skills to sort it to go further with the snapshots, but I may be wrong.
I think you are absolutely right there. I too have been patiently waiting for a SS with a working ACP for a while now. I think they are deliberately hiding it from us for fear that they may give away secrets to the "competition"... We have a little "establishment-coverup" conspiracy happening here at Area51... :)
How fitting! :) lol
User avatar
cyberCrank
Registered User
Posts: 560
Joined: Wed Jan 28, 2004 3:38 am
Location: Ethereal Bliss

Re: admin panel?

Post by cyberCrank »

It works OK and has for weeks now with recent snapshots. However, by design (as it seems), it requests a separate login for accessing the ACP.
ACP Login Panel wrote:To administer the board you must re-authenticate yourself.
So just login again (i.e., re-authenticate yourself) as an Admin and you enter the ACP. If you are not logged in initially as an Admin, then you will not even see the ACP link at the bottom of the other pages to gain access to the ACP. This means that you have to enter the correct username & password combination to gain access, it fails otherwise, but works for a valid Admin user with Administration permissions.

I think all of this is by design for 2.2, i.e., with security beyond what the 2.0.* versions do now; 2.0 allows any Admin to view the ACP directly without re-authentication as implemented in the 2.2 design (so it seems to me).
Roberdin
Registered User
Posts: 1546
Joined: Wed Apr 09, 2003 8:44 pm
Location: London, United Kingdom

Re: admin panel?

Post by Roberdin »

There should be a timer on this re-authentication; if your session has existed, for say, less than two minutes, then you should not be asked to re-enter the details; for you have just logged-in.
Rob
User avatar
cyberCrank
Registered User
Posts: 560
Joined: Wed Jan 28, 2004 3:38 am
Location: Ethereal Bliss

Re: admin panel?

Post by cyberCrank »

But for security reasons for auto-logins, it is good to re-authenticate to gain ACP access IMO.

This way if someone sits down at your system for some odd reason, and they go to the forum via a browser and it is set to auto-login, then they would not have access to the ACP; at least that is what I was thinking is a good security measure...
grön
Registered User
Posts: 151
Joined: Tue Jun 01, 2004 8:21 am
Location: Ljusdal, Sweden
Contact:

Re: admin panel?

Post by grön »

cyber is right on this one, if that happens by some odd reason, u cant take somone making 154 posts in your name yu can remove them later, but if they delet all of the acounts, not so fun indeed!
Get Firefox and install the BBcode extension; then you are a real forum power user!
My reason for using phpBB is mrgreen
Peace-Love-Unity-STRENGTH
Roberdin
Registered User
Posts: 1546
Joined: Wed Apr 09, 2003 8:44 pm
Location: London, United Kingdom

Re: admin panel?

Post by Roberdin »

Yes, I agree, that is a good security precaution.

But if you, for example, wanted to qucikly make a forum backup before you rush off to get a flight, you shouldn't have to login, then login again, then make the backup; obviously this could be avoided by going straight to the /adm/ page, but it still seems somewhat redundant security.
Rob
Martin Blank
Registered User
Posts: 687
Joined: Sun May 11, 2003 11:17 am

Re: admin panel?

Post by Martin Blank »

One of the major security holes in phpBB 2.0.x had to do with auto-login, which is bad enough for specific users, but when used against an admin can mean real trouble.

The solution which I think is used here is to set ACP access to be through sessions only rather than cookies, and the session is validated by active entry of the password. This ensures that only those that are supposed to gain access can do so.

And if the extra two seconds to do this is going to make you miss your flight, then you really shouldn't be logging in to begin with. :)
You can never go home again... but I guess you can shop there.
grön
Registered User
Posts: 151
Joined: Tue Jun 01, 2004 8:21 am
Location: Ljusdal, Sweden
Contact:

Re: admin panel?

Post by grön »

I'm using the save password fuction in firefox so I guess I'm just making all the job like undone on my forum :oops:
Get Firefox and install the BBcode extension; then you are a real forum power user!
My reason for using phpBB is mrgreen
Peace-Love-Unity-STRENGTH
Post Reply