Support

Admin Tools

#9915 main-disable.php

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by nicholas on Monday, 27 June 2011 02:04 CDT

user41130
Hi, i´m testing your great work on localhost/wamp server before using on my live site. I've protected the administration login in WAF but i do not use lower case caracters... mistake :) then i follow the pdf in 7.1.1. and now i see a 'Invalid Token' when accessing the /administrator. Can you help please?

Have I read the documentation before posting
Joomla! version: (1.5.23)

Thanks in advance!

nicholas
Akeeba Staff
Manager
The Invalid Token message comes from Joomla! core code. Depending on how you view it, it's a bug or a feature. It tries to protect the administrator login from Cross Site Request Forgery (CSRF) attacks by including a security token in each request. However, browser caching can ruin your day. Try cleaning your browser's cache and, if possible, your cookie cache as well. Then close (completely shut down) your browser and restart it. Trying to access your site again should allow you to login.

If this doesn't work, you can use phpMyAdmin to remove all records from the jos_session table (but NOT the table itself, only its contents!). Then, follow the clear cache / cookie cache chore and it's bound to work.

According to my tests, Chrome performs more aggressive caching and is more likely to cause such an issue than Firefox. If you're using Chrome, you can always try logging in with Firefox if nothing else works. I generally advise people to have a fresh installation of Portable Firefox at hand to troubleshoot such issues. Since PF doesn't store a permanent cache, shutting it down and restarting it allows you to conveniently get around such issues very quickly.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

user41130
Hi Nicholas,
i´ve been messing around with this issue for about an hour :)

> I remove all records from the jos_session
> Clean the browser cache (FF3.16, IE8 and Safari)
> Then use PF
> Remove all records from the jos_session

I resolve it by doing a new fresh install and it´s working great now, but i need your opinion about front-end editing, Admin Tools will protect me or should i turn it off? see it on this pre-release link:
http://myfastbanner.com/sites/surf_demo1/
Can you advise me please?

I´m happy to test everyting first on localhost.

Thanks in advance!
I´m a BIG fun of your work.






nicholas
Akeeba Staff
Manager
Hi!

I would suggest applying the .htaccess Maker anyway, then work your way through any necessary exclusions using our documentation's instructions. The reason is quite simple: the front-end protection feature of .htaccess Maker will protect your site against unauthorised access of potentially sensitive information not properly secured, as well as a host of direct attacks to arbitrary PHP files. Moreover, in the unlikely event an attacker manages to upload a site cracking script, it will prevent him from executing it, therefore nullifying his cracking attempt against your site.

If you want help with setting up exceptions, fire up a post mentioning the problem URL and I will visit the site, figure out what needs be done and tell you which exception you have to add to .htaccess Maker :)

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

user41130
Hi Nicholas,
i realy need help on the Exceptions, i´m using:
> JCE
> sigplus (image gallery stop working, i turn off protction now)
> Kunena
> Community Builder

i´m improving my skills on chrome dev tools, but i appreciate very much your help.

nicholas
Akeeba Staff
Manager
Please send me a Personal Message with the following information:

1. URL to your site's administrator
2. A Super Administrator username and password
3. URLs to the pages which don't work properly
4. FTP connection information to your site (so that I can fix your site in case an error in .htaccess brings it down)
5. A link back to this thread so that I know what you're talking about (allows me to provide much faster support)

Thank you in advance!

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!