Fresh Installation - Admin Login Access Denied

I have read the E_token wiki page, it doesn't help.
I have read the Session Path configuration page, mine is setup properly.
I have Cleared My Cache.
I have emptied the server session cache and restarted the server.

I still cannot login to the admin.

Also I should mention that I cannot login on e107.org with Firefox, I have to use IE9. Why this is, I have no idea.

I've looked at the code for your implementation of CSRF and its more complicated that it needs to be. I would recommend looking at how Laravel implements CSRF in a fraction of the amount of code and complexity.

It has been reported before 2 times now, so there is something wrong indeed though I would have expected far more reports if it would affect all installations so we need to narrow it down. I will get back to you asap with more info.


As for the e-token. It was originally written for the 2.0 version of e107 which is more properly coded. It has been backcoded into the 1.x branch which is much less structured and contains out-dated code and therefore required more hacks to get the e-token to work properly. Hope that the 2.0 will be more attractive to you

Can you tell us your php version? I noticed something when changing from php 5.3 to 5.2.17, I wont elaborate until I can see if there is a connection. -)

I just happened to try a fresh install today too, and ran into the same problem. In my case, the "cause" of the problem was that I was trying e107 on a local host without using a hostname. Are you trying to get to your server using the IP address?

The cause of my problem appears to be a bug in class2.php. e107 tries to parse out the domain and sub-domain and set those manually. It fails when the server is accessed by IP address and ends up setting the domain to '.'. It seems that my web browser (Firefox) rejects this as an invalid cookie. It never accepts the session cookie and all login attempts fail.

PHP v5.3.8

Yes I am developing on localhost using the 127.0.0.1 ip range.
Your experience is similar to mine.

Both of you please check this: [-link-]
Use the e107 debug addon to find all PHP warnings, errors and notices. Look for similar warnings such as the one given in the wiki I linked.

Can you try and see if it works with a version of php 5.2 in stead of 5.3? i.e. php 5.2.17

might want to change your internet settings /security on your local zone...

From what I can tell, this has nothing to do with session settings or php version. It's not a client problem. The problem is in class2.php, on line 125. If the hostname for the site is an IP address, the domain name used to set the cookie is set to FALSE. On my test set up, I changed this line to:



That way, a valid domain name is used when the cookie is set. It's probably not a good idea to do this for a real/production site. I have no idea why the domain was originally set to FALSE in the IP case.

On a real website to prevent browsing via IP instead of domain name, you add this little line in htaccess (at least that's how I do it, for SEO reasons):

#----------------------------------------------------------------------
#redirect any requests using the IP address or the non-canonical hostname
#make sure rewrite engine is on, if not add it
#----------------------------------------------------------------------
RewriteCond %{HTTP_HOST} ^[0-9]+(\.[0-9]+){3}
RewriteRule (.*) http://www.your-domain.com/$1 [R=301,L]

I too had this problem when installing e107 on one of my home machines today. I am using easyPHP as my local 'offline' web server. ( localhost / 127.0.0.1 ) Updated a few other 'online' sites recently without problems.

OS: Windows 7 Ultimate x64
PHP 5.3.9
Apache 2.2.21 VC9
MySQL 5.5.20

First off i installed e107 1.0.1 it installed fine but when i tried to login i got the ' Access Denied' message. This happened on all 5 of the major browsers.

Anyway i still had e107 1.0.0 core so installed that and it all seemed fine and i could log in. When i updated this install to version 1.0.1 the ' Access Denied' message came up again and i was unable to login. ( again same with all 5 major browsers )

After reading this thread i replaced class2.php from 1.0.1 with the version from 1.0.0 and i was then able to login again.

This means that the problem is in class2.php. Basicly the same issue as OldNick as i was installing e107 on my local machine.

If you compare the versions of class2.php more specifically the function 'cookie'

class2.php e107 1.0.1


class2.php e107 1.0.0


Simply change



on line 1616 in class2.php in version 1.0.1 to



found in version 1.0.0 and it will fix the problem nice and easy without any faffing about.

Hope this helps some others who are having same issue

I can confirm that working locally with a link like http://127.0.0.1/yourwebsite does return ' access denied', even on a freshly installed website (v1.0.1 or v1.0.2 svn).

Unfortunately EasyPHP has this set-up as their default way of approaching an address. However, EasyPHP also supports (by default) calling your website with http://localhost/yourwebsite , so you can use that as an alternative.

On their Apache instructions EasyPHP refers to this decision with the help text:
"Due to incompatibilities with Windows Vista/Seven, 'localhost' is no longer used. Use '127.0.0.1' instead. For details, see FAQ"

There are some known possible issues for Windows Vista/Seven in combination with EasyPHP:

• [5.3.3, Vista/Seven] Blank page or Warning: mysql_connect() [function.mysql-connect]: [2002] A connection attempt failed because the connected party did not (trying to connect via tcp://localhost:3306)
  
• [5.3.3, Vista/Seven] Unexpected end of MySql... See log file?
  
• [5.3.X, Vista/Seven/IPv6 enabled] Got connection problem with mysql and access to phpMyAdmin

Source: http://www.easyphp.org/faq.php

Should be corrected now in svn.

Works with class2.php since revision 12847.