unable to log out

Unable to log out, a forum discussion on Jojo CMS. Join us for more discussions on Unable to log out on our Administration (backend and configuration) forum.

Back to Forum Index : Back to Administration (backend and configuration)   RSS
Jaijaz Jaijaz

18 Jun 2009
Posts: 215

Hey,

I have a site that just won't log out. even clicking on the logout button in admin still doesn't require to log back in to get to the admin page. As a result some @$^$%* has hacked the site.

Anyone know what would cause it not to log out?

Thanks.
If you not living on the edge you taking up too much space.
Harvey

Core Developer

Harvey

18 Jun 2009
Posts: 327

I haven't seen this issue before. Can you privately send us the URL and some access details so we can try it out?
Rick Rick

19 Jun 2009
Posts: 336

I've seen it...

Bug #139: Non-admins can't logout due to permissions on 'logout/'

If a user signs up (eg for the forum) then logs in and navigates to 'logout/' they aren't logged out.

Even if you create a new logout page, set the permissions etc it wont work because Jojo takes the 'logout/' url and finds the first one in the database (which has permissions defaulting to Admin.

Suggest making the default logout page (the one inside the admin menu) have permissions 'everyone.view = 1'
Rick Rick

19 Jun 2009
Posts: 336

I've also seen this from the admin section too... after I'd fiddled around the permissions for the two admin pages.

Resetting the page with the url 'admin/root' back to default permissions of...
everyone.show = 0
everyone.view = 0
admin.show = 1
admin.view = 1

And it's sub page (url 'admin') to permissions NULL fixed it.
Jaijaz Jaijaz

19 Jun 2009
Posts: 215

So it is all fixed, thanks to Harvey looking at it with fresh eyes. It appears somehow during an upgrade from a previous version the admin module permissions were set for everyone. Also, and this is possibly how the site got hacked, is that the admin pages were included in the sitemap.xml and therefore indexed despite the robots.txt specifically saying not to.

So Harvey, I think correctly, worked out that if it is in the sitemap.xml then robots.txt is over looked.

So I have since added testing admin permissions to one of my upgrade testing procedures.
If you not living on the edge you taking up too much space.
Back to Forum Index : Back to Administration (backend and configuration)   RSS
You must be logged in to post a reply



You need to Register or Log In before posting on these forums.