Need help-secure admin?

cleverchick

So I am working with a client who wanted Zenphoto as a cms. I got it all installed and started working on a skin-I gave him the user name and pass and of course the first thing he does is break it.

He said that he checked a box that said something along the lines of "secure admin pages" and now we cannot log into the site. when looking in the directory it appears that all files are now gone-the folders remain.

Does anyone know what he has done and how we can fix it?

acrylian

Please describe what exactly you did. How did you install Zenphoto. If you used an one click install script like SimpleScripts please install it manually as described on our website.

There is nothing like a "secure admin pages". Probably he is referring to the file/folder permissions that can be set on setup when installing. Again we need more info about that. Zenphoto does never automatically delete any core files.

cleverchick

I installed Zenphoto manually-uploaded via FTP and installed via setup.php The setup went smoothly and Zenphoto was functioning.

As far as what he did...I have no idea other than what I said. "I checked a box that said secure admin pages".

I installed Zenphoto on my site this morning so I could look and see what he had done, but as you said, I do not see an option that says anything about securing the admin pages.

It's strange because Zenphoto seems to be functioning. I am going to try to upload all the admin files and see if that works. So frustrating. Thanks for your help.

acrylian

I have really no idea what that could be. Maybe he did use something on the admin backend of his webhost? htaccess protection or such? Of couse that would break Zenphoto but it would surely not delete files.

Feel free to come back if you find out more.

jaketame

I would like to also comment on this,

In the Options setup, I believe their is a dropdown in what connection to force the admin page connection to be, ie. secure.

I ticked this and thus cannot gain access into the admin side of things,

Secure Connection Failed

An error occurred during a connection to www.jaketame.net.

SSL received a record that exceeded the maximum permissible length.

(Error code: ssl_error_rx_record_too_long)

The page you are trying to view can not be shown because the authenticity of the received data could not be verified.
Please contact the web site owners to inform them of this problem. Alternatively, use the command found in the help menu to report this broken site.

Above is the error I am now receiving.

acrylian

Ok, that might explain the "secure" checkbox. So we are talking about ssl secured web connections (https). On most servers you have to configure websites to use https first, more specifically you have to define your domain as also as https (I can do that on my hosts backend). For example try to access zenphoto.org with https, it does not work, too.

Sorry, then the fix will be to edit the database directly using phpmyadmin or similar and modify the entry for that option manually.

jaketame

@acrylian, thanks for further info. After I posted I changed the database.

The table you need to alter is;

options > ID:9 server_protocol http_admin

sbillard

Presumably the option selected was for the Server Protocol which can be set to "secure admin". This forces admin page access to be done over HTTPS protocol. Some server/browsers will revert to HTTP if HTTPS is not configured. Then the browser just warns that the connection is not secure. If this is not the case on your site you will have to change the opton via MySQLAdmin. The option is server_protocol in the options table. set it to "http".

This option has nothing to do with the file system, though.