Posted 1 year ago #
@Otto42,
I understand. Wow, what a mess huh?
Basically, I used the automatic upgrade plugin to upgrade..
It went through the process then asked me to login again. I did that and it said "invalid password".
I then, asked for a new password via "forgot password" which then sent me a new one.. which still said "invalid password" when trying to login. I have no idea what to do. :(
Posted 1 year ago #
Otto42, my workaround actually also works if I set the path to
/blog/wp-admin/
so I guess there's no need to argue this point, it's mute.
If you want to edit my post to reflect the wp-admin part so you feel better about that, you are welcome to ;-)
It's obvious WP is calculating that path incorrectly on some installs, and again, I am not certain of what exactly triggers it. I can't examine the cookie via live headers because it doesn't get set without the manual define.
thetattooedmama: Clear your browser cookies, then try to go to your wp-admin directory. Log in.
Alternatively, set your password the manual way: http://www.tamba2.org.uk/wordpress/phpmyadmin/
@_ck_: No, you're sorta missing my point.
Manually setting the ADMIN_COOKIE_PATH should not actually be necessary. What does it set to if you do not set it to anything? What is in your siteurl field on the Settings->General screen?
Basically, your workaround doesn't help to actually fix the problem because you still have not said what the problem actually is.
Look, if I can figure out what the problem is, then I can make a patch, and a sticky post, and get it in trac, and everything else. But I can't reproduce the problem. So I can't fix the thing. You have the problem. You can reproduce it. Give me the info I need to find and fix it. I don't want a workaround, I want a FIX.
Otto, you realize that without the workaround, he might not be able to log into the admin area to see the settings->general screen?
I think the workaround is great for people who actually need to use their blogs today.
It's obvious WP is calculating that path incorrectly on some installs, and again, I am not certain of what exactly triggers it.
Here's the code that creates it:
define('SITECOOKIEPATH', preg_replace('|https?://[^/]+|i', '', get_option('siteurl') . '/' ) );
define( 'ADMIN_COOKIE_PATH', SITECOOKIEPATH . 'wp-admin' );
It's basically your siteurl (everything after the domain) + "wp-admin".
So, if your siteurl is http://example.com/blog, then it would be set to /blog/wp-admin.
Posted 1 year ago #
Yeah, it's really helpful of you to tell us not to do the one thing that actually works, then demand information from us that we could not possibly get without doing the thing you told us not to do.
Otto, you realize that without the workaround, he might not be able to log into the admin area to see the settings->general screen?
I realize that. However, my problem is not with the workaround, it's with calling the workaround a "fix". It's not a fix, it's a workaround, and a pretty bad one at that because it removes a major security measure.
However, all he has to do is to remove the workaround and tell me what the ADMIN_COOKIE_PATH is with it removed and I could probably tell him what the problem really is.
@IMH: All you have to do is to add one line of code to your theme's functions.php file and tell me what shows up on your site. Namely, echo ADMIN_COOKIE_PATH;. Is that so hard to do? You don't have to login to do that.
Posted 1 year ago #
I'm having the same issue. How can I get to the settings page to see what my siteurl field is if I can't log in anymore?
Assumming the siteurl is missing the "www." how can I add it in without going through the PHP script?
Posted 1 year ago #
What is in your siteurl field on the Settings->General screen?
both the wordpress and blog url are set to http://example.com/blog
(obviously changed to generic path)
I can only login if I use one of the following:
@define('ADMIN_COOKIE_PATH', '/');
@define('ADMIN_COOKIE_PATH', '/blog/');
@define('ADMIN_COOKIE_PATH', '/blog/wp-admin/');(using the last one for now)
how can I add it in without going through the PHP script?
I can only login if I use one of the following:
That doesn't help much if I don't know what the ADMIN_COOKIE_PATH is without you actually setting it.
Posted 1 year ago #
Otto, you realize that without the workaround, he might not be able to log into the admin area to see the settings->general screen?
It's "she" btw and of course I can see the screen by just using the define.
I am investigating further, I have some other ideas...
ps. the defines also work without the trailing slash
what happens if you change the blogurl to http://www.example.com/blog ? or http://example.com/blog/ ? You appear to be having to force an extra / in there after the domain url?
Sorry ck, no way to tell from your member image :)
The siteurl is always forced to NOT have an ending / . So is the home value.
Also, my unaltered ADMIN_COOKIE_PATH on my site is "/blog/wp-admin". That's for http://example.com/blog on mine as well. And it works just fine.
Posted 1 year ago #
Thanks Otto, and I've verified that the siteurl is the same as the url I'm using when trying to log in.
Posted 1 year ago #
Well there's your problem (best mythbusters voice).
WP tries to set it as /wp-admin when there's no define.
(had to hack wp-settings.php to show me what it was doing)
I now think this is because of legacy installs that have
$wp->sitecookiepath
stored in the db.
So essentially SOME legacy WP installs may HAVE to insert a define.
WordPress is essentially failing to check for a valid path when calculating the new constant introduced in 2.6 - it's an oversight I can easily forgive as I might easily make such a mistake myself.
Well there's your problem (best mythbusters voice).
WP tries to set it as /wp-admin when there's no define.
(had to hack wp-settings.php to show me what it was doing)
That doesn't make any sense. What does the SITECOOKIEPATH get set to?
Look at the code right there:
define('SITECOOKIEPATH', preg_replace('|https?://[^/]+|i', '', get_option('siteurl') . '/' ) );
define( 'ADMIN_COOKIE_PATH', SITECOOKIEPATH . 'wp-admin' );If your siteurl is http://example.com/blog , then your SITECOOKIEPATH will be /blog and your ADMIN_COOKIE_PATH will be /blog/wp-admin .
Do you have two entries in the options table for your siteurl or something weird like that?
I now think this is because of legacy installs that have $wp->sitecookiepath stored in the db.
What? There is no such thing as $wp->sitecookiepath, and nothing to read anything of the sort out of the database. Those words make no sense.
WordPress is essentially failing to check for a valid path when calculating the new constant introduced in 2.6 - it's an oversight I can easily forgive as I might easily make such a mistake myself.
Again, you're just stringing random words together in a nonsensical order. If the siteurl is not set correctly, then yes, it will break. But so will the entire rest of the site. The siteurl is critical to everything in the whole of WordPress.
Posted 1 year ago #
otto - clearing the browser worked on all my blogs after upgrade.
thank you.
I think one solution is that wordpress admin login needs to see that the cookie info being provided is invalid, and null out the cookie.
otto - clearing the browser worked on all my blogs after upgrade.
thank you.
You're welcome.
And this is sounding more and more like the REAL problem here. I can see where conflicting cookies would come into play because of differing paths, but if your ADMIN_COOKIE_PATH is getting set wrong, then you have the wrong values somewhere else.
I think one solution is that wordpress admin login needs to see that the cookie info being provided is invalid, and null out the cookie.
If the cookie provided is invalid, then it redirects to the wp-login, which doesn't check cookies before setting them, effectively overwriting them.
Posted 1 year ago #
Hi Otto42. Can I help at all?
I have upgraded to WP 2.6. I can login using IE7 but I can't login using Firefox 2.0. I have not made any fixes or workarounds.
I'm not as tech savvy as you guys but I do know how to change code using dreamweaver and upload it to my hosting account.
Tell me where to look and I'll tell you what I see. Otherwise, I'll keep my eyes open for a resolution once you guys are on the same page.
Thanks.
I have upgraded to WP 2.6. I can login using IE7 but I can't login using Firefox 2.0. I have not made any fixes or workarounds.
I'll bet a dollar that if you cleared the FF cookies, you could login using it again.
I think there's two problems at work here. One is a cookie conflict with previous cookies, which I understand because the admin cookie changed paths but not names.
The other seems to be some kind of weird siteurl issue, which if true, would prevent logging in to the wp-admin screen no matter what browser you used.
Otto, the potential is that if the cookiepath doesn't end up being right, you could end up in a loop where the cookie it is reading isn't valid, and wp-login clears a different one, with a different path, example. If the code works as you suggest, a single attempt to login would resolve the issue and clear the cookie, no?
@rawalex: Yes, but then the fix is easy: clear the cookies manually. Problem solved, no?
That doesn't bother me all that much. The problem I'm concerned about is the one ck is talking about, where it's setting the wrong path to begin with. I can't quite see how that could happen given the code.
Posted 1 year ago #
Thank you Otto42,
For others who need this in layman's terms, in Firefox, I went to
Tools/Options/Privacy/Show Cookies. Then I searched for my blog name and deleted that folder.
I was then able to get access to my admin panel via Firefox. I also had no problem re-accessing the admin panel after closing Firefox and rebooting my PC.
If this is any interest to those who want to figure out why the cookies caused problems, I did notice that I had no problem accessing my admin panel via Firefox on a separate PC. My blog's cookie folder for that PC did not include a utmb nor a utmc cookie. Both of these cookies were in the file I deleted on the computer where I did have problems.
otto, the "fix is easy" might be for you and me, but for non-technical people for whom running a blog is already a MAJOR technical challege, expecting them to know how to clear cookies (or to know about them beyond chocolate chip or oreos) isn't right.
the issue ck is seeing may have to do with different parts of the code using different values, it isn't just how wp-login treats the cookie, but how other functions read that cookie and how they treat it, because if they don't do it right, you end up looped back to the login page, no?
Posted 1 year ago #
This post is great for all of you technical users, but what about guys who aren't as technical who are just looking to upgrade to a more secure version of Wordpress?
I have no idea what is going on in this post and all I want to do is be able to log into my wordpress blog.
I still can't log in and to make matters worse, there is no "plain english" post or FAQ on how to resolve this issue.
This topic has been closed to new replies.
