+- ispCP - Board - Support (http://www.isp-control.net/forum)
+-- Forum: ispCP Omega Support Area (/forum-30.html)
+--- Forum: Update/Upgrade (/forum-44.html)
+--- Thread: After 1.0.3->1.0.7 upgrade, phpmyadmin allows passwordless login (/thread-12367.html)
After 1.0.3->1.0.7 upgrade, phpmyadmin allows passwordless login - sykosoft - 12-07-2010 10:47 AM
Following my upgrade from 1.0.3->1.0.7 on a gentoo amd64 system (following the steps at: http://isp-control.net/documentation/start:upgrade:gentoo), suddenly /pma (phpmyadmin) is accessible via any username/password and give root permissions (ability to see all databases). Actual logins (that should restrict you to your databases) don't seem to work, as it takes you as if you had logged in with root. Because of this, I had to disable /pma (mv pma /root) or something like that).
This is of course a huge problem. What can I do to fix it?
Michael
RE: After 1.0.3->1.0.7 upgrade, phpmyadmin allows passwordless login - sykosoft - 12-15-2010 09:40 AM
Nobody?
This has caused me to disable phpmyadmin completely, and I would like to get it re-enabled.
Michael
RE: After 1.0.3->1.0.7 upgrade, phpmyadmin allows passwordless login - kilburn - 12-15-2010 10:14 PM
It looks like you have to properly setup phpmyadmin yourself. This is a bit strange because, in theory, ispcp's pma comes with a working configuration. Anyway, just read the config file and try to assess the changes that you need to apply...
RE: After 1.0.3->1.0.7 upgrade, phpmyadmin allows passwordless login - sykosoft - 12-17-2010 01:23 PM
(12-15-2010 10:14 PM)kilburn Wrote: It looks like you have to properly setup phpmyadmin yourself. This is a bit strange because, in theory, ispcp's pma comes with a working configuration. Anyway, just read the config file and try to assess the changes that you need to apply...
For whatever reason, this resolved itself (however, I'm only able to login as root). Wasn't there a time where phpmyadmin allowed logins in domain form? For example: example.com, which would list the database for a domain?
Also, now, under Manage SQL, when I click phpmyadmin, I get the following:
"Error: An error occurred while authentication!"
Any ideas?
Michael
RE: After 1.0.3->1.0.7 upgrade, phpmyadmin allows passwordless login - kilburn - 12-17-2010 05:00 PM
Quote:Wasn't there a time where phpmyadmin allowed logins in domain form? For example: example.com, which would list the database for a domain?
No, there was not. You should be able to login using any of the *users* defined in the SQL management section of the domain, and see the databases that it has right to access. Notice that this is *not* the same as the panel's (domain) login.
Quote:Also, now, under Manage SQL, when I click phpmyadmin, I get the following:
"Error: An error occurred while authentication!"
This probably indicates that for some reason you are unable to connect as the mysql users either. First check is to delete your cookies for the admin domain, re-login to the panel, and trying to access phpmyadmin from there. If this fails, try to manually login to pma using one of the mysql's users. If this also fails... I don't know what to tell you :S
RE: After 1.0.3->1.0.7 upgrade, phpmyadmin allows passwordless login - fulltilt - 01-09-2011 12:25 AM
same problem here ...
one system i'm able to fix by disable modsecurity2 for pma and allow_url_fopen must be enabled in master php.ini
but this system pma autologin not working:
Error: An error occurred while authentication!
pma user able to login with PMA also DB login is working ...
(12-17-2010 01:23 PM)sykosoft Wrote: Also, now, under Manage SQL, when I click phpmyadmin, I get the following:
"Error: An error occurred while authentication!"
RE: After 1.0.3->1.0.7 upgrade, phpmyadmin allows passwordless login - GioMac - 01-14-2011 05:20 AM
show me your config.inc.php and privileges of ispcp and vftp user in mysql db please
p.s. if you see password there - hide
I have redirect on /pma to system-wide phpmyadmin (chroot), only configuration option it has is db host (assume localhost), to enter you MUST specify correct user/pass combination.
It must be impossible to have passwordless login - phpmyadmin/ispcp doesn't know anything about root access to db unless you have allowed it from DB itself.
RE: After 1.0.3->1.0.7 upgrade, phpmyadmin allows passwordless login - fulltilt - 01-14-2011 08:17 PM
temp. solution by adding a second master.conf into apache with:
<VirtualHost 127.0.0.1:80>
http://isp-control.net/forum/thread-12537-post-93544.html#pid93544