[SOLVED] Randomly losing Admin and Publishing rights

PHPaws · Post by **PHPaws** » Wed Jun 20, 2007 4:30 pm

I've updated to Serendipity 1.2-beta1 a few days ago. Since then I randomly lose my admin and publishing rights when I try to write a new post.

Table: ser_authors(userlevel => '0'; right_publish => '0')

Fortunately I know my way around phpMyAdmin so I can restore the userlevel to '255' and right_publish to '1'.

But still it remains a very strange problem.

I don't think it has anything to do with the recent SQL-Exploid problem since I've applied the recommended fix.

Any suggestions are welcome!

FAQ:

Serendipity 1.2-beta1 (Fix applied)
Hardened PHP 5.2.2
PHP Suhosin Patch

Paws ^^

Post by **garvinhicking** » Wed Jun 20, 2007 4:34 pm

Hi!

Please try to reproduce when you lose the publishing rights! The only way those are altered is through the group/user management panel. When writing an entry, only read-access is put there.

Best regards,
Garvin

PHPaws · Post by **PHPaws** » Wed Jun 20, 2007 4:37 pm

Since it seems to happen randomly, I'd have a hard time to reproduce it.

All I can say is that I have admin rights when I start to write a new post. Then I preview it several times and then *SOMETIMES* when I finally decide to publish it, I'm no longer able to do so.

Post by **garvinhicking** » Wed Jun 20, 2007 4:42 pm

Hi!

Can you check your HTTP access log if other IPs access your frontend at that time?

If you run MySQL, you could try to log all MySQL queries (using http://dev.mysql.com/doc/refman/5.0/en/query-log.html --log) and then see which queries is issued that truncates them.

Which event plugins are you using? Maybe one of them accesses your statistics. But the default routine to publish an entry does in no way affecting changing the serendipity_config or serendipity_authors table.

Regards,
Garvin

PHPaws · Post by **PHPaws** » Wed Jun 20, 2007 4:43 pm

Maybe you'll need my Plugin list...so...there you go:

@serendipity_calendar_plugin:8d72de80411f52050a215... hide 6 0
@serendipity_archives_plugin:5a97cbdd303370d759452... right 11 0
@serendipity_syndication_plugin:37bfb660c0bdf864c8... hide 1 0
@serendipity_superuser_plugin:61d9f3f61d74d3e0553f... right 17 1
@serendipity_plug_plugin:10d0d043dea9c057d9167af73... hide 4 0
serendipity_event_s9ymarkup:649200c4e80c1a03cfe8d8... event 21 0
serendipity_event_emoticate:5092df7683d2e723a53213... event 22 0
serendipity_event_nl2br:1fdd8b7b63144f8dca4b497107... event 23 0
serendipity_event_browsercompatibility:c6ee77aa90d... event 24 0
serendipity_event_spamblock:9b1a20ac7e55ff89e26da3... event 25 0
serendipity_event_trackexits:eaf24ad0bb9505cfb6359... event 26 0 serendipity_event_trackexits
serendipity_plugin_recententries:b49f34cfc3f0cc054... right 10 0 serendipity_plugin_recententries
serendipity_event_weblogping:8e8a2f7648a05f7821d62... event 47 0 serendipity_event_weblogping
serendipity_plugin_statistics:cb70697a9d0bf04859dc... right 16 0 serendipity_event_statistics
serendipity_event_statistics:dbc480b97c54ce54572b7... event 27 0 serendipity_event_statistics
serendipity_event_spartacus:8b8002cfbdc01afb9906ba... event 28 0 serendipity_event_spartacus
serendipity_event_podcast:4053f22a6fcfb107319e44b5... event 29 0 serendipity_event_podcast
serendipity_event_staticpage:119b592f3ee9603448069... event 30 0 serendipity_event_staticpage
serendipity_event_geshi:2de02c7226a9d20ad9ddcd8204... event 18 0 serendipity_event_geshi
serendipity_event_imageselectorplus:81c0e0ef8fb445... event 31 0 serendipity_event_imageselectorplus
serendipity_event_gravatar:819382b76472372e9c4cb49... event 32 0 serendipity_event_gravatar
@serendipity_html_nugget_plugin:d9c6fd95eb9d6175e3... right 15 0
serendipity_event_lightbox:6823fd21e3be3470e64166d... event 19 0 serendipity_event_lightbox
serendipity_event_findmore:1f2749d0bc59018cca3c239... event 20 0 serendipity_event_findmore
serendipity_event_usergallery:05a17304c4d4372b4044... event 33 0 serendipity_event_usergallery
serendipity_event_freetag:2a97bf61a244e38040fb041c... event 34 0 serendipity_event_freetag
serendipity_plugin_freetag:4529150c1494f176ec8e940... right 8 0 serendipity_event_freetag
serendipity_plugin_linklist:d82cb2b93e267aeb02110b... right 12 0 serendipity_event_linklist
serendipity_event_linklist:0edd967a333b02b7d679395... event 35 0 serendipity_event_linklist
serendipity_event_versioning:45ea3639331ef30383493... event 36 0 serendipity_event_versioning
serendipity_event_google_sitemap:2b426056b3f921ca2... event 40 0 serendipity_event_google_sitemap
serendipity_event_entrypaging:c0605af2cfa46aa3d330... event 37 0 serendipity_event_entrypaging
serendipity_event_tooltips:4e57b581eb983c0102cb37e... event 38 0 serendipity_event_tooltips
serendipity_event_searchhighlight:dcccdb929bb8bdc7... event 41 0 serendipity_event_searchhighlight
serendipity_event_pollbox:e69b0c5725e5cb493398e141... event 42 0 serendipity_plugin_pollbox
serendipity_plugin_pollbox:ab76649df8c12972238718c... hide 0 0 serendipity_plugin_pollbox
@serendipity_html_nugget_plugin:a5e4b7ffcf9ea3581a... hide 5 0
serendipity_event_backup:0e0969aed25c3df2c97e954b5... event 49 0 serendipity_event_backup
serendipity_event_trackback:8ec92627ee32d29347dc9c... event 43 0 serendipity_event_trackback
serendipity_plugin_google_last_query:aff5afa2e5a64... right 14 0 serendipity_plugin_google_last_query
serendipity_event_xinha:addef9cefa19131503739c085f... eventh 54 0 serendipity_event_xinha
serendipity_event_entryproperties:418c8327e361b414... event 53 0 serendipity_event_entryproperties
serendipity_plugin_topreferers:783411083a61d62a2a4... hide 3 0 serendipity_plugin_topreferers
serendipity_event_randomblogdescription:461db16636... event 44 0 serendipity_event_randomblogdescription
serendipity_event_typesetbuttons:c5c1dd34ea0cd54c5... event 45 0 serendipity_event_typesetbuttons
serendipity_event_multilingual:876d3ed0c3318bfd4d1... event 46 0 serendipity_event_multilingual
serendipity_plugin_multilingual:0f32ffb8c4e4d94388... hide 2 0 serendipity_event_multilingual
serendipity_event_head_nugget:0d5766de0d485529a3b5... event 48 0 serendipity_event_head_nugget
serendipity_event_livecomment:001946005d67b600249d... eventh 55 0 serendipity_event_livecomment
serendipity_plugin_currently:f647b701dc672bd93f83d... right 13 0 serendipity_plugin_currently
@serendipity_html_nugget_plugin:fbc2b0b73a0ad1e27c... right 9 0
serendipity_event_usergallery:6307fb15f19db2f24df4... event 50 0 serendipity_event_usergallery
serendipity_event_tinymce:957d3a08cf80705e6cdb93b9... event 39 0 serendipity_event_tinymce
serendipity_event_head_nugget:c3246db4a5d3f6d0f01b... event 51 0 serendipity_event_head_nugget
serendipity_event_sidebarhider:36a6c14227a5f1c2968... eventh 56 0 serendipity_event_sidebarhider
@serendipity_quicksearch_plugin:3009cd71da68d4de15... right 7 0
serendipity_event_livesearch:194eae0385d5abdf44d08... event 52 0 serendipity_event_livesearch

PHPaws · Post by **PHPaws** » Wed Jun 20, 2007 4:50 pm

And nope! Nobody besides me accessed the admin panel. Just checked the logs.

PHPaws · Post by **PHPaws** » Wed Jun 20, 2007 4:54 pm

Oh...and unfortunately I cannot log my MySql Queries. I'm on a shared Hosting server with no Shell access.

Got to leave for now. I'll be back tonight. So, seeya

Post by **garvinhicking** » Thu Jun 21, 2007 12:40 pm

Hi!

Could you edit the mysql.inc.php file and edit the serendipity_db_query() command so that you use fopen/write for each $query to log it to a file?

The plugins should all be harmless. I see no way how the tables could be altered!

Regards,
Garvin

PHPaws · Post by **PHPaws** » Thu Jun 21, 2007 8:46 pm

Will do

Brilliant idea btw.

PHPaws · Post by **PHPaws** » Thu Jun 21, 2007 10:45 pm

Okay...made it quick'n'dirty.....very dirty....but it does its job.

Code: Select all

if ($c === true) {
	    
	    $dump_string = "[".date("d.m.Y")." - ".date("H:i:s")."] ".$sql."\n";
	    $dump_handle = fopen("*********", "a+");
	    fwrite($dump_handle, $dump_string);
	    fclose($dump_handle);
	    
	    return $type_map['true'];
    }

Anything else you'll need me to log?

If not I'll message you when it happens again

PHPaws · Post by **PHPaws** » Fri Jun 22, 2007 2:49 am

Hey Garvin!

There's a dump file waiting for you. How'd you like me to send it?

Nodecam · Post by **Nodecam** » Fri Jun 22, 2007 11:00 pm

Sorry for the derail, but is it possible that you're visiting the "Personal Settings" page somewhere along the line?

It looks like one of my co-authors keeps losing his Admin access every time he updates his Personal Settings. I confirmed that the same thing happens to me. I'm running an essentially virgin 1.2 beta1.

[UPDATE] - I updated to 1.2 beta2, and the problem went away. Probably worth trying the update.

PHPaws · Post by **PHPaws** » Fri Jun 22, 2007 11:05 pm

Yeah....it seems that it's only happening when I switch from WYSIWIG to non-WYSIWYG and vice versa.

Nodecam · Post by **Nodecam** » Fri Jun 22, 2007 11:11 pm

PHPaws wrote:Yeah....it seems that it's only happening when I switch from WYSIWIG to non-WYSIWYG and vice versa.

I updated to 1.2 beta2, and the problem seems to be resolved for me (dunno if you caught my update above)

I forgot to mention that I had done the manual security fix from the blog post as well, so it wasn't quite a "virgin" 1.2beta1 install that I was running.

PHPaws · Post by **PHPaws** » Sat Jun 23, 2007 3:55 am

Sorry for the long delay. But..... I fell asleep, lol. Of course I'll try to update my installation. But something tells me that it doesn't really solve the problem since beta1 => beta2 only seemed to be a quick fix release for the sql exploid thingy.

I'll try it anyways

[SOLVED] Randomly losing Admin and Publishing rights

[SOLVED] Randomly losing Admin and Publishing rights

Re: Randomly losing Admin and Publishing rights