Support

Admin Tools

#22090 Locked to access backend after 3.4.4 Pro upgrade triggering >3 'Admin Query String' exceptions...

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by Gamx on Tuesday, 17 February 2015 02:39 CST

Monday, 16 February 2015 16:53 CST

Gamx
Hi,

SCENARIO:
- Upgraded several sites (different servers) to ATPro 3.4.4 Pro same issue.
- All sites have 'Administrator secret URL parameter' ENABLED
- All sites have 'Change administrator login directory to' ENABLED
- All of them work fine iwhen running ATPro 3.4.3 Pro.

CONCLUSION:
Seems your last 'patch' introduced in AT Pro 3.4.0 that prays:

[MEDIUM] Custom administrator directory: some servers misbehave when asked to access /administrator instead of /administrator/index.php

could be the reason of this issue. Had no other choice than to rollback to ATPro 3.4.3 Pro to stop being blocked again and again by triggering several 'Admin Query String' exceptions each time, at least, till receive your comments about.

Thanks in advance for your feedback,

Tuesday, 17 February 2015 00:55 CST

nicholas
That change was introduced in the "Change administrator login directory" feature. I suggest that you disable that feature. Apparently there's a misconfiguration problem with a lot of servers (we estimate it about 5% to 10% of our clients). Half of these work one way (redirect to /administrator) the other half the other way (redirect to /administrator/index.php). Since there's no way to know that in advance all we can ask you to do is disable that feature.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Tuesday, 17 February 2015 02:19 CST

Gamx
First of all thanks a lot for your quick answer..

As said worked well before with ATPro 3.4.3 and now 3.4.4 fails in all my servers/ websites...

That's a nice extra-security layer and was very welcome at end website owners when you added that to AdminTools and surely will be not welcome when ordering them to come back to old ways by using again: http://www.mydomain.com/administrator/?mysecretkey URL instead than something like http://www.mydomain.com/mydaughtername/?mysecretkey

My suggestion is, knowing you already have the correct code because works when running ATPro 3.4.3 and you have the correct new code that as per your words will work with the 'other' type of servers... Why not to add both options and let the end user to check and decide which one of them needs to have be enabled for his system(s) ... Surely if one fails the other one will work and could be easily explained at the backend with few words to avoid you a ton of support request about this missing already working feature.

Thanks in advance again for your attention and quick feedback,

Tuesday, 17 February 2015 02:26 CST

nicholas
As I told you, there is no "correct" and "wrong" code.

If your server is properly configured, EITHER redirection will work.

If your server is NOT properly configured then ONLY one of the two possible redirections will work. In 3.4.3 we redirected to /administrator. This seemed to cause problems with MOST affected clients. In 3.4.4 we redirect to /administrator/index.php. This should only cause problems if your server is seriously misconfigured.

You belong to the stark minority of affected sites. We can't help you. If we do, we will cause a problem to many more clients. Since catering for both of these categories of affected clients is mutually exclusive we chose to cater for the majority.

The only other thing we can do is completely remove this feature, which is probably what I'm going to to do for 3.5.0 because even when I do explain the problem to our clients they don't want to accept that they belong to a minority of severely misconfigured servers. We can't accept the blame for the misconfiguration of servers that's not our doing, so I guess one less feature it is...

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Tuesday, 17 February 2015 02:39 CST

Gamx
thanks for your time!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!