Page 1 of 2
[SOLVED] Randomly losing Admin and Publishing rights
Posted: Wed Jun 20, 2007 4:30 pm
by PHPaws
Almost solved 
I've updated to Serendipity 1.2-beta1 a few days ago. Since then I randomly lose my admin and publishing rights when I try to write a new post.
Table: ser_authors(userlevel => '0'; right_publish => '0')
Fortunately I know my way around phpMyAdmin so I can restore the userlevel to '255' and right_publish to '1'.
But still it remains a very strange problem.
I don't think it has anything to do with the recent SQL-Exploid problem since I've applied the recommended fix.
Any suggestions are welcome!
FAQ:
- Serendipity 1.2-beta1 (Fix applied)
- Hardened PHP 5.2.2
- PHP Suhosin Patch
Paws ^^
Re: Randomly losing Admin and Publishing rights
Posted: Wed Jun 20, 2007 4:34 pm
by garvinhicking
Hi!
Please try to reproduce when you lose the publishing rights! The only way those are altered is through the group/user management panel. When writing an entry, only read-access is put there.
Best regards,
Garvin
Posted: Wed Jun 20, 2007 4:37 pm
by PHPaws
Since it seems to happen randomly, I'd have a hard time to reproduce it.
All I can say is that I have admin rights when I start to write a new post. Then I preview it several times and then *SOMETIMES* when I finally decide to publish it, I'm no longer able to do so.
Posted: Wed Jun 20, 2007 4:42 pm
by garvinhicking
Hi!
Can you check your HTTP access log if other IPs access your frontend at that time?
If you run MySQL, you could try to log all MySQL queries (using
http://dev.mysql.com/doc/refman/5.0/en/query-log.html --log) and then see which queries is issued that truncates them.
Which event plugins are you using? Maybe one of them accesses your statistics. But the default routine to publish an entry does in no way affecting changing the serendipity_config or serendipity_authors table.
Regards,
Garvin
Posted: Wed Jun 20, 2007 4:43 pm
by PHPaws
Maybe you'll need my Plugin list...so...there you go:
@serendipity_calendar_plugin:8d72de80411f52050a215... hide 6 0
@serendipity_archives_plugin:5a97cbdd303370d759452... right 11 0
@serendipity_syndication_plugin:37bfb660c0bdf864c8... hide 1 0
@serendipity_superuser_plugin:61d9f3f61d74d3e0553f... right 17 1
@serendipity_plug_plugin:10d0d043dea9c057d9167af73... hide 4 0
serendipity_event_s9ymarkup:649200c4e80c1a03cfe8d8... event 21 0
serendipity_event_emoticate:5092df7683d2e723a53213... event 22 0
serendipity_event_nl2br:1fdd8b7b63144f8dca4b497107... event 23 0
serendipity_event_browsercompatibility:c6ee77aa90d... event 24 0
serendipity_event_spamblock:9b1a20ac7e55ff89e26da3... event 25 0
serendipity_event_trackexits:eaf24ad0bb9505cfb6359... event 26 0 serendipity_event_trackexits
serendipity_plugin_recententries:b49f34cfc3f0cc054... right 10 0 serendipity_plugin_recententries
serendipity_event_weblogping:8e8a2f7648a05f7821d62... event 47 0 serendipity_event_weblogping
serendipity_plugin_statistics:cb70697a9d0bf04859dc... right 16 0 serendipity_event_statistics
serendipity_event_statistics:dbc480b97c54ce54572b7... event 27 0 serendipity_event_statistics
serendipity_event_spartacus:8b8002cfbdc01afb9906ba... event 28 0 serendipity_event_spartacus
serendipity_event_podcast:4053f22a6fcfb107319e44b5... event 29 0 serendipity_event_podcast
serendipity_event_staticpage:119b592f3ee9603448069... event 30 0 serendipity_event_staticpage
serendipity_event_geshi:2de02c7226a9d20ad9ddcd8204... event 18 0 serendipity_event_geshi
serendipity_event_imageselectorplus:81c0e0ef8fb445... event 31 0 serendipity_event_imageselectorplus
serendipity_event_gravatar:819382b76472372e9c4cb49... event 32 0 serendipity_event_gravatar
@serendipity_html_nugget_plugin:d9c6fd95eb9d6175e3... right 15 0
serendipity_event_lightbox:6823fd21e3be3470e64166d... event 19 0 serendipity_event_lightbox
serendipity_event_findmore:1f2749d0bc59018cca3c239... event 20 0 serendipity_event_findmore
serendipity_event_usergallery:05a17304c4d4372b4044... event 33 0 serendipity_event_usergallery
serendipity_event_freetag:2a97bf61a244e38040fb041c... event 34 0 serendipity_event_freetag
serendipity_plugin_freetag:4529150c1494f176ec8e940... right 8 0 serendipity_event_freetag
serendipity_plugin_linklist:d82cb2b93e267aeb02110b... right 12 0 serendipity_event_linklist
serendipity_event_linklist:0edd967a333b02b7d679395... event 35 0 serendipity_event_linklist
serendipity_event_versioning:45ea3639331ef30383493... event 36 0 serendipity_event_versioning
serendipity_event_google_sitemap:2b426056b3f921ca2... event 40 0 serendipity_event_google_sitemap
serendipity_event_entrypaging:c0605af2cfa46aa3d330... event 37 0 serendipity_event_entrypaging
serendipity_event_tooltips:4e57b581eb983c0102cb37e... event 38 0 serendipity_event_tooltips
serendipity_event_searchhighlight:dcccdb929bb8bdc7... event 41 0 serendipity_event_searchhighlight
serendipity_event_pollbox:e69b0c5725e5cb493398e141... event 42 0 serendipity_plugin_pollbox
serendipity_plugin_pollbox:ab76649df8c12972238718c... hide 0 0 serendipity_plugin_pollbox
@serendipity_html_nugget_plugin:a5e4b7ffcf9ea3581a... hide 5 0
serendipity_event_backup:0e0969aed25c3df2c97e954b5... event 49 0 serendipity_event_backup
serendipity_event_trackback:8ec92627ee32d29347dc9c... event 43 0 serendipity_event_trackback
serendipity_plugin_google_last_query:aff5afa2e5a64... right 14 0 serendipity_plugin_google_last_query
serendipity_event_xinha:addef9cefa19131503739c085f... eventh 54 0 serendipity_event_xinha
serendipity_event_entryproperties:418c8327e361b414... event 53 0 serendipity_event_entryproperties
serendipity_plugin_topreferers:783411083a61d62a2a4... hide 3 0 serendipity_plugin_topreferers
serendipity_event_randomblogdescription:461db16636... event 44 0 serendipity_event_randomblogdescription
serendipity_event_typesetbuttons:c5c1dd34ea0cd54c5... event 45 0 serendipity_event_typesetbuttons
serendipity_event_multilingual:876d3ed0c3318bfd4d1... event 46 0 serendipity_event_multilingual
serendipity_plugin_multilingual:0f32ffb8c4e4d94388... hide 2 0 serendipity_event_multilingual
serendipity_event_head_nugget:0d5766de0d485529a3b5... event 48 0 serendipity_event_head_nugget
serendipity_event_livecomment:001946005d67b600249d... eventh 55 0 serendipity_event_livecomment
serendipity_plugin_currently:f647b701dc672bd93f83d... right 13 0 serendipity_plugin_currently
@serendipity_html_nugget_plugin:fbc2b0b73a0ad1e27c... right 9 0
serendipity_event_usergallery:6307fb15f19db2f24df4... event 50 0 serendipity_event_usergallery
serendipity_event_tinymce:957d3a08cf80705e6cdb93b9... event 39 0 serendipity_event_tinymce
serendipity_event_head_nugget:c3246db4a5d3f6d0f01b... event 51 0 serendipity_event_head_nugget
serendipity_event_sidebarhider:36a6c14227a5f1c2968... eventh 56 0 serendipity_event_sidebarhider
@serendipity_quicksearch_plugin:3009cd71da68d4de15... right 7 0
serendipity_event_livesearch:194eae0385d5abdf44d08... event 52 0 serendipity_event_livesearch
Posted: Wed Jun 20, 2007 4:50 pm
by PHPaws
And nope! Nobody besides me accessed the admin panel. Just checked the logs.
Posted: Wed Jun 20, 2007 4:54 pm
by PHPaws
Oh...and unfortunately I cannot log my MySql Queries. I'm on a shared Hosting server with no Shell access.
Got to leave for now. I'll be back tonight. So, seeya
Posted: Thu Jun 21, 2007 12:40 pm
by garvinhicking
Hi!
Could you edit the mysql.inc.php file and edit the serendipity_db_query() command so that you use fopen/write for each $query to log it to a file?
The plugins should all be harmless. I see no way how the tables could be altered!
Regards,
Garvin
Posted: Thu Jun 21, 2007 8:46 pm
by PHPaws
Will do
Brilliant idea btw.
Posted: Thu Jun 21, 2007 10:45 pm
by PHPaws
Okay...made it quick'n'dirty.....very dirty....but it does its job.
Code: Select all
if ($c === true) {
$dump_string = "[".date("d.m.Y")." - ".date("H:i:s")."] ".$sql."\n";
$dump_handle = fopen("*********", "a+");
fwrite($dump_handle, $dump_string);
fclose($dump_handle);
return $type_map['true'];
}
Anything else you'll need me to log?
If not I'll message you when it happens again
Posted: Fri Jun 22, 2007 2:49 am
by PHPaws
Hey Garvin!
There's a dump file waiting for you. How'd you like me to send it?
Posted: Fri Jun 22, 2007 11:00 pm
by Nodecam
Sorry for the derail, but is it possible that you're visiting the "Personal Settings" page somewhere along the line?
It looks like one of my co-authors keeps losing his Admin access every time he updates his Personal Settings. I confirmed that the same thing happens to me. I'm running an essentially virgin 1.2 beta1.
[UPDATE] - I updated to 1.2 beta2, and the problem went away. Probably worth trying the update.
Posted: Fri Jun 22, 2007 11:05 pm
by PHPaws
Yeah....it seems that it's only happening when I switch from WYSIWIG to non-WYSIWYG and vice versa.
Posted: Fri Jun 22, 2007 11:11 pm
by Nodecam
PHPaws wrote:Yeah....it seems that it's only happening when I switch from WYSIWIG to non-WYSIWYG and vice versa.
I updated to 1.2 beta2, and the problem seems to be resolved for me (dunno if you caught my update above)
I forgot to mention that I had done the manual security fix from the blog post as well, so it wasn't quite a "virgin" 1.2beta1 install that I was running.
Posted: Sat Jun 23, 2007 3:55 am
by PHPaws
Sorry for the long delay. But..... I fell asleep, lol. Of course I'll try to update my installation. But something tells me that it doesn't really solve the problem since beta1 => beta2 only seemed to be a quick fix release for the sql exploid thingy.
I'll try it anyways