Admin login loop - after Migration my website from localhost to host server - Printable Version +- CodeIgniter Forums (https://forum.codeigniter.com) +-- Forum: External Resources (https://forum.codeigniter.com/forumdisplay.php?fid=7) +--- Forum: Addins (https://forum.codeigniter.com/forumdisplay.php?fid=13) +--- Thread: Admin login loop - after Migration my website from localhost to host server (/showthread.php?tid=66587) Pages:
1
2
|
Admin login loop - after Migration my website from localhost to host server - cndunga - 11-08-2016 Dear All, I migrated my website from wamp local host to a host server and there after could not login at all using the same credentials. The website is up and running and have checked on .htaccess, index.php and config.php files over and over again as per the various advices received from the web but non has worked. Anyone who has an idea what I need to do to login to my website? Regards Charles Ndunga RE: Admin login loop - after Migration my website from localhost to host server - kalimerre - 11-08-2016 Hello, I believe your credentials in your database (if stored in database) are encrypted ? If yes then encrypt them again, local and hosted use different way to host so the credentials are wrong RE: Admin login loop - after Migration my website from localhost to host server - cndunga - 11-08-2016 Dear Kalimerre, Thanks for your quick reply. Yes the password is stored in MYSQL database and its encrypted. Any idea how to go about encrypting the password again? RE: Admin login loop - after Migration my website from localhost to host server - kalimerre - 11-08-2016 Use the same function as you used to encrypt it the first time ? You can either write your password, use the encryption function, display it on the screen and store it to your database (but be sure to delete the function after use) Or you can directly write a function to generate a new encrypted password, then update the actual one in DB Regards RE: Admin login loop - after Migration my website from localhost to host server - cndunga - 11-08-2016 Dear Kalimerre, The website I uploaded used http://codeigniter.com/user_guide/libraries/encryption.html. I am new to codeigniter and do not know how to proceed, Can you have a look at the code below and advise on how to proceed please. * CodeIgniter * * An open source application development framework for PHP 5.1.6 or newer * * @package CodeIgniter * @author ExpressionEngine Dev Team * @copyright Copyright © 2008 - 2011, EllisLab, Inc. * @license http://codeigniter.com/user_guide/license.html * @link http://codeigniter.com * @since Version 1.0 * @filesource */ // ------------------------------------------------------------------------ /** * CodeIgniter Encryption Class * * Provides two-way keyed encoding using XOR Hashing and Mcrypt * * @package CodeIgniter * @subpackage Libraries * @category Libraries * @author ExpressionEngine Dev Team * @link http://codeigniter.com/user_guide/libraries/encryption.html */ class CI_Encrypt { var $CI; var $encryption_key = ''; var $_hash_type = 'sha1'; var $_mcrypt_exists = FALSE; var $_mcrypt_cipher; var $_mcrypt_mode; /** * Constructor * * Simply determines whether the mcrypt library exists. * */ public function __construct() { $this->CI =& get_instance(); $this->_mcrypt_exists = ( ! function_exists('mcrypt_encrypt')) ? FALSE : TRUE; log_message('debug', "Encrypt Class Initialized"); } // -------------------------------------------------------------------- /** * Fetch the encryption key * * Returns it as MD5 in order to have an exact-length 128 bit key. * Mcrypt is sensitive to keys that are not the correct length * * @access public * @param string * @return string */ function get_key($key = '') { if ($key == '') { if ($this->encryption_key != '') { return $this->encryption_key; } $CI =& get_instance(); $key = $CI->config->item('encryption_key'); if ($key == FALSE) { show_error('In order to use the encryption class requires that you set an encryption key in your config file.'); } } return md5($key); } // -------------------------------------------------------------------- /** * Set the encryption key * * @access public * @param string * @return void */ function set_key($key = '') { $this->encryption_key = $key; } // -------------------------------------------------------------------- /** * Encode * * Encodes the message string using bitwise XOR encoding. * The key is combined with a random hash, and then it * too gets converted using XOR. The whole thing is then run * through mcrypt (if supported) using the randomized key. * The end result is a double-encrypted message string * that is randomized with each call to this function, * even if the supplied message and key are the same. * * @access public * @param string the string to encode * @param string the key * @return string */ function encode($string, $key = '') { $key = $this->get_key($key); if ($this->_mcrypt_exists === TRUE) { $enc = $this->mcrypt_encode($string, $key); } else { $enc = $this->_xor_encode($string, $key); } return base64_encode($enc); } // -------------------------------------------------------------------- /** * Decode * * Reverses the above process * * @access public * @param string * @param string * @return string */ function decode($string, $key = '') { $key = $this->get_key($key); if (preg_match('/[^a-zA-Z0-9\/\+=]/', $string)) { return FALSE; } $dec = base64_decode($string); if ($this->_mcrypt_exists === TRUE) { if (($dec = $this->mcrypt_decode($dec, $key)) === FALSE) { return FALSE; } } else { $dec = $this->_xor_decode($dec, $key); } return $dec; } // -------------------------------------------------------------------- /** * Encode from Legacy * * Takes an encoded string from the original Encryption class algorithms and * returns a newly encoded string using the improved method added in 2.0.0 * This allows for backwards compatibility and a method to transition to the * new encryption algorithms. * * For more details, see http://codeigniter.com/user_guide/installation/upgrade_200.html#encryption * * @access public * @param string * @param int (mcrypt mode constant) * @param string * @return string */ function encode_from_legacy($string, $legacy_mode = MCRYPT_MODE_ECB, $key = '') { if ($this->_mcrypt_exists === FALSE) { log_message('error', 'Encoding from legacy is available only when Mcrypt is in use.'); return FALSE; } // decode it first // set mode temporarily to what it was when string was encoded with the legacy // algorithm - typically MCRYPT_MODE_ECB $current_mode = $this->_get_mode(); $this->set_mode($legacy_mode); $key = $this->get_key($key); if (preg_match('/[^a-zA-Z0-9\/\+=]/', $string)) { return FALSE; } $dec = base64_decode($string); if (($dec = $this->mcrypt_decode($dec, $key)) === FALSE) { return FALSE; } $dec = $this->_xor_decode($dec, $key); // set the mcrypt mode back to what it should be, typically MCRYPT_MODE_CBC $this->set_mode($current_mode); // and re-encode return base64_encode($this->mcrypt_encode($dec, $key)); } // -------------------------------------------------------------------- /** * XOR Encode * * Takes a plain-text string and key as input and generates an * encoded bit-string using XOR * * @access private * @param string * @param string * @return string */ function _xor_encode($string, $key) { $rand = ''; while (strlen($rand) < 32) { $rand .= mt_rand(0, mt_getrandmax()); } $rand = $this->hash($rand); $enc = ''; for ($i = 0; $i < strlen($string); $i++) { $enc .= substr($rand, ($i % strlen($rand)), 1).(substr($rand, ($i % strlen($rand)), 1) ^ substr($string, $i, 1)); } return $this->_xor_merge($enc, $key); } // -------------------------------------------------------------------- /** * XOR Decode * * Takes an encoded string and key as input and generates the * plain-text original message * * @access private * @param string * @param string * @return string */ function _xor_decode($string, $key) { $string = $this->_xor_merge($string, $key); $dec = ''; for ($i = 0; $i < strlen($string); $i++) { $dec .= (substr($string, $i++, 1) ^ substr($string, $i, 1)); } return $dec; } // -------------------------------------------------------------------- /** * XOR key + string Combiner * * Takes a string and key as input and computes the difference using XOR * * @access private * @param string * @param string * @return string */ function _xor_merge($string, $key) { $hash = $this->hash($key); $str = ''; for ($i = 0; $i < strlen($string); $i++) { $str .= substr($string, $i, 1) ^ substr($hash, ($i % strlen($hash)), 1); } return $str; } // -------------------------------------------------------------------- /** * Encrypt using Mcrypt * * @access public * @param string * @param string * @return string */ function mcrypt_encode($data, $key) { $init_size = mcrypt_get_iv_size($this->_get_cipher(), $this->_get_mode()); $init_vect = mcrypt_create_iv($init_size, MCRYPT_RAND); return $this->_add_cipher_noise($init_vect.mcrypt_encrypt($this->_get_cipher(), $key, $data, $this->_get_mode(), $init_vect), $key); } // -------------------------------------------------------------------- /** * Decrypt using Mcrypt * * @access public * @param string * @param string * @return string */ function mcrypt_decode($data, $key) { $data = $this->_remove_cipher_noise($data, $key); $init_size = mcrypt_get_iv_size($this->_get_cipher(), $this->_get_mode()); if ($init_size > strlen($data)) { return FALSE; } $init_vect = substr($data, 0, $init_size); $data = substr($data, $init_size); return rtrim(mcrypt_decrypt($this->_get_cipher(), $key, $data, $this->_get_mode(), $init_vect), "\0"); } // -------------------------------------------------------------------- /** * Adds permuted noise to the IV + encrypted data to protect * against Man-in-the-middle attacks on CBC mode ciphers * http://www.ciphersbyritter.com/GLOSSARY.HTM#IV * * Function description * * @access private * @param string * @param string * @return string */ function _add_cipher_noise($data, $key) { $keyhash = $this->hash($key); $keylen = strlen($keyhash); $str = ''; for ($i = 0, $j = 0, $len = strlen($data); $i < $len; ++$i, ++$j) { if ($j >= $keylen) { $j = 0; } $str .= chr((ord($data[$i]) + ord($keyhash[$j])) % 256); } return $str; } // -------------------------------------------------------------------- /** * Removes permuted noise from the IV + encrypted data, reversing * _add_cipher_noise() * * Function description * * @access public * @param type * @return type */ function _remove_cipher_noise($data, $key) { $keyhash = $this->hash($key); $keylen = strlen($keyhash); $str = ''; for ($i = 0, $j = 0, $len = strlen($data); $i < $len; ++$i, ++$j) { if ($j >= $keylen) { $j = 0; } $temp = ord($data[$i]) - ord($keyhash[$j]); if ($temp < 0) { $temp = $temp + 256; } $str .= chr($temp); } return $str; } // -------------------------------------------------------------------- /** * Set the Mcrypt Cipher * * @access public * @param constant * @return string */ function set_cipher($cipher) { $this->_mcrypt_cipher = $cipher; } RE: Admin login loop - after Migration my website from localhost to host server - jdriddle - 11-08-2016 If the above is not the issue, you should check to see if your login/session cookies are setting the correct hostname. This can be a huge headache, especially when trying to follow a redirection loop. RE: Admin login loop - after Migration my website from localhost to host server - kalimerre - 11-08-2016 Hmm Which version of Codeigniter are you using ? Is that you who develop the login system or you use something on Internet ? If yes can you give us a link ? RE: Admin login loop - after Migration my website from localhost to host server - cndunga - 11-08-2016 (11-08-2016, 12:14 PM)kalimerre Wrote: Hmm Dear Kalimerre, I am using the latest version of codeigniter i.e. 3.X. I am not the one who developed the login system. I am using something from the internet. The link is http://www.examprep.co.ke/ Regards Charles Ndunga RE: Admin login loop - after Migration my website from localhost to host server - kalimerre - 11-09-2016 Hmm Then try to create an user (new login/password), and in DB change the "role" of the user to admin (maybe 0/1 somewhere) and delete the old user if it works Have you got a link to the system you used or it's private/confidential ? But normally the trick to create an user and modify it to admin in DB should work RE: Admin login loop - after Migration my website from localhost to host server - cndunga - 11-09-2016 (11-09-2016, 03:33 AM)kalimerre Wrote: Hmm Dear Kalimerre, I can not even create a new user login. When I try it loops back to the user creation screen. Regards |