login to admin-panel not possible with cookies set to false?
ominty opened this issue · comments
I'm using hashover for quite some time.
Due to privacy legislation and those ugly cookie-banners I wanted to get rid of cookies altogether. So I disabled cookies in the settings tab of the admin panel.
Next time I wanted to log in again a day later ... username/password simply did not work.
I edited settings.json to reactivate cookies and uploaded by ftp ... then it worked again.
Is this a known bug?
Possibly a duplicate of #273 ? How old is the HashOver you are using? You may need to update.
How old is the HashOver you are using?
By checking the history of commits ... time is passing fast obviously: I still have the trimming in latest comments so must be before July 2019 ...
You may need to update.
This is what I did today:
- download the zip from here
- unpack to a local folder
- copy
/hashover/comments
folder from old installation to the new one - edit
/hashover/backend/classes/secrets.php
with data from old installation and new field// E-mail address to use in notifications to normal users
- upload everything to webserver by sftp
- permissions of folders are
755
and files644
This shows my comments again.
But when trying to login I simply get the following output:
https://www.domain.tld/hashover/admin/admin.html
HashOver {title}
HashOver
{moderation} {ip-blocking} {url-filtering} {settings} {updates} {docs} {logout}
{sub-title}
{message}
{error}
{content}
and I am stuck there.
update
https://www.domain.tld/hashover/admin/settings
as found in the docs works.
Will start to test now.
content of settings.json is like this to start with:
{
"language": "de-de",
"theme": "default-dark-borderless",
"default-sorting": "threaded-by-date",
"uses-markdown": true,
"uses-ajax": true,
"shows-reply-count": true,
"allows-images": true,
"allows-likes": true,
"allows-dislikes": false,
"uses-moderation": false,
"pends-user-edits": false,
"mail-type": "html",
"mailer": "smtp",
"subscribes-user": false,
"allows-user-replies": false,
"sets-cookies": false,
"cookie-expiration": "session",
"secure-cookies": false,
"collapses-interface": false,
"collapses-comments": true,
"collapse-limit": 5,
"popularity-threshold": 5,
"popularity-limit": 2,
"spam-database": "remote",
"spam-check-modes": "php",
"icon-mode": "none",
"icon-size": 10,
"gravatar-default": "custom",
"gravatar-force": false,
"form-position": "bottom",
"name-field": "on",
"password-field": "off",
"email-field": "on",
"website-field": "on",
"displays-title": false,
"uses-cancel-buttons": true,
"uses-labels": false,
"date-pattern": "dd.MM.YYYY",
"time-pattern": "h:mm a",
"server-timezone": "Europe\/Berlin",
"uses-user-timezone": true,
"uses-short-dates": false,
"login-method": "DefaultLogin",
"allows-login": false,
"uses-auto-login": false,
"data-format": "xml",
"default-name": "Anonymous",
"reply-mode": "thread",
"stream-depth": 3,
"image-format": "png",
"appends-css": true,
"appends-rss": true,
"counts-deletions": false,
"local-metadata": false,
"stores-ip-address": true,
"minifies-javascript": false,
"minify-level": 1
}
Now I can't uncheck the box that says "set cookies" - every time I uncheck and save in the GUI and look at this option again - it is checked again ...
On the other hand: in settings.json I see
"sets-cookies": false,
Is this the same thing?
But then the GUI and the .json are inconsistent.
What I see now - with above .json - is
- no cookies while browse on the pages
- 6 cookies when logging into the admin interface
I just double-checked on another website/domain also with hashover (latest master):
When I uncheck the tick-box and save - then json will also be set to false
but the tickbox will look like checked again.
If I then
- change some other value
- or simply do nothing
and hit save
again - the sets-cookies
entry in the json will be true
again.
Sorry for the delay. If you are still using HashOver, try the new files, this issue should be fixed now.