Support

Admin Tools

#9960 Administrator whitelist confused

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by nicholas on Tuesday, 19 July 2011 05:50 CDT

Tuesday, 19 July 2011 04:10 CDT

rolandd
Mandatory information about my setup:

Have I read the related troubleshooter articles above before posting (which pages?)? Yes
Have I searched the forum before posting? Yes
Have I read the documentation before posting (which pages?)? Yes
Joomla! version: 1.5.23
PHP version: 5.3
MySQL version: (unknown)
Host: (optional, but it helps us help you)
Admin Tools version: 2.1.3


Description of my issue:
I am not sure if I know how the Administrator Whitelist is supposed to work. My IP address is on the whitelist but I am still able to lock myself out.

Lock out happens when a session expired and I click something in the backend. Joomla wants to log me out and redirect without the secret key. Directly opening the backend without the secret key also gets me locked out.

Is this supposed to happen even when my IP is whitelisted?

Sidenote: In your announcement of Admin Tools 2.1.3 you mention the Free Support forum, afaik this is closed now ;)

Regards,

Roland

Home of RO CSVI and RO Payments https://rolandd.com

Tuesday, 19 July 2011 04:14 CDT

nicholas
Hi Roland,

Please go to Admin Tools, Web Application Firewall, WAF Configuration and find the "Never block these IPs" option towards the end. Enter you IP address in there so that it never gets auto-banned.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Tuesday, 19 July 2011 04:32 CDT

rolandd
Hello Nicholas,

Ok clear. Now I have another issue. Just updated to 2.1.3 and I get blocked constantly now.

So I turn off the plugin via the database, then I get to log in and the control panel page shows blank. I see this in the server error log:
PHP Fatal error: Call to a member function getValue() on a non-object in /home/csvimpro/public_html/administrator/components/com_admintools/models/jupdate.php on line 30

Manually changing the URL to a component opens it fine. I guess the jupdate isn't called in that case.

Home of RO CSVI and RO Payments https://rolandd.com

Tuesday, 19 July 2011 04:46 CDT

nicholas
Please edit administrator/components/com_admintools/models/storage.php and find line 29: 
$params = JModel::getInstance('Storage','AdmintoolsModel');
Change it to read: 
if(!class_exists('AdmintoolsModelStorage')) {
require_once JPATH_ADMINISTRATOR.'/components/com_admintools/models/storage.php';}
$params = JModel::getInstance('Storage','AdmintoolsModel');


Does this work now?

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Tuesday, 19 July 2011 04:56 CDT

rolandd
Nicholas,

That file needs to be administrator/components/com_admintools/models/jupdate.php

Your code works, so does mine ;)

I added:
JModel::addIncludePath(JPATH_ADMINISTRATOR.DS.'components'.DS.'com_admintools'.DS.'models');

Home of RO CSVI and RO Payments https://rolandd.com

Tuesday, 19 July 2011 05:00 CDT

nicholas
Of course, I meant jupdate.php :D

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Tuesday, 19 July 2011 05:02 CDT

rolandd
Ok, back in business ;)

If you don't mind, what is the difference between the never block IPs and Administrator whitelist?

Home of RO CSVI and RO Payments https://rolandd.com

Tuesday, 19 July 2011 05:04 CDT

nicholas
Good to know!

Admin whitelist defines which IPs are allowed to even access the administrator section. If your IP is not in the whitelist, you don't get to see the administrator page.

Never block IPs are a set of "safe" IPs that should never be automatically banned. We assume that people on those IPs mean no harm and if they raise a security exception they did so accidentally, not with an intention to crack the site.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Tuesday, 19 July 2011 05:26 CDT

rolandd
Is the administrator whitelist linked to the user group? My IP is not on the list but I can do everything in the backend but my user account is that of Super Administrator.

Just curious ;)

Home of RO CSVI and RO Payments https://rolandd.com

Tuesday, 19 July 2011 05:27 CDT

nicholas
If you have not enabled the relevant WAF configuration option (by default it's disabled), Admin Tools won't block you from accessing your back-end. Please read the documentation.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Tuesday, 19 July 2011 05:34 CDT

rolandd
Thanks all clear.

Home of RO CSVI and RO Payments https://rolandd.com

Tuesday, 19 July 2011 05:50 CDT

nicholas
You're welcome!

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!