Unable to login to admin area with 2FA after update to 5.3.9

[Seiya]

Immediately after upgrading today to 5.3.9 we are not longer able to login. When we enter our Google authenticator token it just immediately redirects back to the login page. Even the backup code doesn't work, does the same redirect?

 

Anyone else have this issue??

[brian!]

it's a known bug of the new release - a hotfix has already been released.

 

http://forum.whmcs.com/showthread.php?92550-Case-5077-Two-Factor-Auth-redirecting-to-Admin-Login-for-5-3-9-release-1

[Seiya]

Hi Brain, I really appreciate the link and the hotfix worked! The question we have is why havn't they included this into the latest patch/release?? or at least put a link on the download page to warn people.

[vincent_g]

that didn't work for me - I can not login with 5.3.9

 

From what I see it altered the admin table thus to go back you have to restore the old admin table.

I was not aware this upgrade would have altered the database

[PWPH]

FFS, hot fix did not work for me also....

 

 

Can't get into my admin now.

[FreshSites]

hotfix doesn't work for me either.

[ChuckB]

I had to go into MySQL and change authmodule in my admin profile, to blank, then re-added the two form line back after logging in and it worked just peachy - a bit of work, but better than waiting on fixes and ensuring everything was functioning.

[slim]

The hotfix works - However you need to be careful that you are uploading the dologin.php file into your ADMIN folder... NOT the base folder of your install. (where there is also a dologin.php file)

 

I made this mistake and it took me a bit to work out what I did wrong.

 

The hotfix should contain an admin subfolder with the dologin.php file in it to save confusion.

[mihosting]

I have the same problem . But never used 2FA, eventhou, I have apply the hotfix and still the same problem. . Now 24 hours down after the upgrade!!!

[dacstyle]

Same problem here. Cant Login with or without 2 factor.

 

Tickets without response and 24hs + down

[seanie248]

same here. hot fix does not work. was not using 2FA before update. Had to roll back to 5.3.8 backup re-update this morning so staff could do some work. 10 hours with no response to ticket.

[mihosting]

In the bug reports forum , they close de bug becouse Nate C, said " I have not heard any other reports of people unable to login without the 2fa issue" , and close the post.

 

I have a ticket open now for more than 26 hours!!! last coment was more that 12 hours ago asking me to apply the hotfix for 2fa problem, even though I explain I do not use 2fa.

 

- - - Updated - - -

 

I guess they will get reponsability for this, in case any domain goes to redemption period

[javooooo]

I am having the same issues.

 

I tried removing the duosecurity references in the database with no luck.

 

I think the issue is that I did not run the installation folder script properly, but now I cannot access it as it says I'm already running the latest version.

[javooooo]

I managed to fix my issue. This was because I incorrectly updated my installation, failing to run the upgrade script.

 

I solved this by running the following in my database (backup before you run this!):

ALTER TABLE tbladmins MODIFY COLUMN `password` VARCHAR(255) NOT NULL DEFAULT '';

ALTER TABLE tbladmins ADD COLUMN `passwordhash` VARCHAR(255) NOT NULL DEFAULT '' AFTER `password`;

[aspidagrant]

Like someone mentioned earlier, make sure you are uploading the dologin file into the ADMIN folder and not the whmcs ROOT folder. That worked for me and I logged in.

[yabdab]

I fixed the issue by deleting the cookie associated with my admin area.

Try that and see if you can login after?

[Kontrolit.net]

I managed to fix my issue. This was because I incorrectly updated my installation, failing to run the upgrade script.

 

I solved this by running the following in my database (backup before you run this!):

ALTER TABLE tbladmins MODIFY COLUMN `password` VARCHAR(255) NOT NULL DEFAULT '';

ALTER TABLE tbladmins ADD COLUMN `passwordhash` VARCHAR(255) NOT NULL DEFAULT '' AFTER `password`;

 

This fixed it for me thanks.

[crharper77]

I am just going to roll back until an official release that truly resolves the issue is released. The hotfix didn't do it for me and I am not going to make a change to the database, just yet.

[wsa]

I have no problem with this

[hireahit]

I've been running into the same issue and I did some digging. In my case, the database changes were completed.

 

In my activity log I see this: Failed to verify admin password hash: Calculated algorithm "unknown" is not supported

 

I went looking and found that administrators who have logged in since the upgrade are unable to login, but administrators who have not yet logged in can login exactly once. When an administrator logs in their 32-character password (hash) is replaced with a 64+1 character hash and a passwordhash of 64+1 characters is generated (64 hex characters, plus a colon).

 

I have also discovered that if I revert an account back to it's 32-character password hash and blank out the passwordhash field, the user is able to login successfully exactly once.

 

Hope this information helps others troubleshoot and possibly get in, if you have appropriate backups of the tbladmins table. Note that if you do, do not restore the whole table blindly as there was a new field added, passwordhash, instead just restore the password field and blank the passwordhash field.

 

To assist admins here, I've added simple PHP script that makes the appropriate modifications to the database to allow an admin to login "once" as many times as needed.

[capitan6682]

almost 24 hours now and still no concrete solutions from whmcs. Luckily, I don't have problem on client side and i can still access admin side after I login I just need to change the last part of the admin url to /admin/supporttickets.php to view tickets and other whmcs features.