Admin or client cannot login
From PhpCOIN Documentation
Login After Installation
Following a successful install, you may log into your phpCOIN:
- Ensure you are attempting to log in as an Admin. You should clearly see the "Administrative Login Required" message on-screen.
- The default username is webmaster
- The default password is <whatever your database password was during install>
The Login Process
The login process is fairly straight forward:
- When the login form is POSTed, the entered username is used in a standard sql SELECT to search for that username. The only difference between logging in as an admin or as a client is which database table is searched, plus a client login includes the "active" status in the WHERE part of the query.
- If the database does not contain the username (no records returned), the error flag is set for "Invalid or Inactive User".
- If the database does contain the username, the entered password is encrypted and checked against the stored encrypted password.
- If the passwords do not match, the error flag is set for "Incorrect Password".
- If login is successful, the appropriate session flags are set.
- If the login was forced because a user tried to browse to a restricted access page, then that page will be displayed after logon.
- If the user is just logging in, then phpCOIN will redirect to the "Summary Page" or whatever page you have specified as the first page displayed after login.
- If the login is unsuccessful, the appropriate error message is displayed and the login screen is re-drawn.
Login Error Messages
- "Incorrect Password": An incorrect password was entered as compared to the database. See also Hardened php below
- "Non Existing User": The username entered was not found in the database:
- Make sure you typed the correct username.
- Make sure you are on the correct login screen: one for admin, and another one for clients. Not doing so would result in this error.
- For a client, it may also mean you are not set to 'active': see Client_Status for more details.
- For a client, it may also mean the 'active' string in the database is not configured correctly. This is only an issue for languages other than English and only for phpCOIN v1.2.9 or lower: see Client_Status for more details.
No Errors, But No Login Either
One of the most prevalent problems are people go to login to admin, and end up at client login. This is what usually happens under this situation:
- Since you are not receiving any "username" or "password" errors, that part of the login is good and you are then redirected to the "Summary" page.
- When the "Summary" page loads, it checks the session for either the admin or client logged-in flags. If neither is found, the "Summary" page defaults to displaying the "Client Login" form.
The reason a logged-in flag could not be found are many, but it simply means that for some reason the session did not get set properly. Anything from not accepting cookies in your browser, to settings in the server configuration for temporary file / session file storage locations, and server permissions.
The end result is that in most cases this is a configuration issue with the web-server. If you are the administrator of one, you should know how to check and verify the settings required. It is really beyond the scope of phpCOIN support to be able to help all people track down ALL of the settings on THEIR servers.
The vast majority of php installations use MD5 for the password crypt(), resulting in a 34 character password hash. The phpCOIN v1.2.5 or lower client table has a 50 character field for storing this, so 99.999% of the time everything works as expected.
But if a website has the "Suhosin" extension to hardened php, instead of MD5 encryption BlowFish encryption is used by default. This gives a 60 character hash, resulting in a password match fail due to the field length difference.
If you have phpCOIN v1.2.5 or earlier installed, the fix is easy: use phpMyAdmin or similar and change the client password field length from 50 characters to 100 characters. The admins table is already 100 characters long, and phpCOIN v1.2.6 and higher already incorporates the fix for the clients table.
Fantastico Or Other Third-Party Installers
We have had reports that certain third party installers substitute their own default admin login username and password.
The defaults for the Admin login following a standard phpCOIN install are:
- username = webmaster
- password = <whatever your database password was during install>
If you are provisioning phpCOIN from a third party installer, please pay special attention to any on-screen instructions and/or supplementary documentation. You may also open config.php in a text-editor to see the username/password that the third-party installer has used, or contact your web host or server administrator for assistance.