Jump to content

Case #5083 - Notify admins upon detection of admin directory configuration issue

clopezi

By clopezi
in Using WHMCS

 Share

Recommended Posts

sentq Senior Member

sentq

Posted
Posted

someone else find a fix rather than the old init.php file, seems like the issue related to the folder path, check:

Okay, I managed to get in to the login page by setting the $customadminpath to a full relative path. My WHMCS is setup in a sub-directory so my path is /clients/mycustomadmindir. Never needed the /clients/ part before upgrading to 5.3.10.

http://forum.whmcs.com/showthread.php?93362-5-3-10-and-customadminpath

0
Link to comment
Share on other sites
  • Replies 65
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Posted Images

durangod Senior Member

durangod

Posted
Posted (edited)

thank you all for posting... same issue here...

 

- - - Updated - - -

 

Well that actually removes the customisation tricks that WHMCS itself provides as extra security, not sure if a check like that (for the false admin dir) is necessary.

 

Maybe if they are going to check for the admin dir they can first check to see if the fake admin mod is installed first. Something like this maybe:

 

if(isset($customadminpath))

{

// skip the admin check

 

}

 

 

Well i guess that means that WHMCS does not use fake admin mod on their test environment lol oops :)

 

 

I also concur that uploading 5.3.9 init in the whmcs root will also allow you to finish the update as well so you will be at 5.3.10 as you would expect. So this temp fix does work... however just remember to replace that file with the 5.3.10 init when they get a fix done.

Edited by durangod
0
Link to comment
Share on other sites
SteveR Junior Member

SteveR

Posted
Posted

I'm seeing "Admin Directory Conflict" as well (And posted about it on a separate thread). Yesterday my installation of WHMCS worked, today it does not. That's despite me not changing anything so I can only assume that the latest update has been applied by cpanel/Installatron and that update has caused this issue.

 

I have never used or created a 'fake admin folder' and I'm on a Linux system. The update was installed by cPanel/Installatron.

I now cannot log in to the admin area.

0
Link to comment
Share on other sites
knritsolutions Junior Member

knritsolutions

Posted
Posted
This hotfix is specifically for Windows platforms.

 

If you are getting the Directory warning and you are not on Windows, submit a ticket and we'll get ya sorted out!

 

-Patrick

 

 

Thank you Patrick - I'm on CentOS and had the issue but replaced the init.php from 5.3.10 with the old one from 5.3.9 aa mentioned previously in this thread and it's working fine now - should I leave it this way or are there security concerns doing this? I can still put in a ticket if desired.

 

Thank you!

Lou

0
Link to comment
Share on other sites
clopezi Member

clopezi

Posted
  • Author
Posted
Seems the simple solution would be to remove the check for the bogus admin directory

 

Exactly... it's so easy... a option in the admin zone to uncheck this check.

 

Since WHMCS is a software with so many bugs, at least not break the additional security measures that some users we have implemented...

0
Link to comment
Share on other sites
merlinpa1969 Senior Member

merlinpa1969

Posted
Posted
WHMCS sent me a patch for this and explained that the issue is related to my use of IIS for hosting the WHMCS site. I applied the patch and all is well.

They have issued a fix for this for windows users, the rest of us are stuck waiting for them to fix it. It was whispered to me that maybe they did this on purpose to cut down the number of tickets for people that forget to properly upgrade when they have changed the admin username in the past. I can see and understand that, however for those of us that track folks attempting to get into the /admin folder it kinda defeats the extra security Plus I love it when people get the nasty gram that we post to the screen after the third failed login attempt in the fake admin

0
Link to comment
Share on other sites
merlinpa1969 Senior Member

merlinpa1969

Posted
Posted

Hi Duran, while your suggestion is a good one I think it is kind of a fatal issue. especially since there seems there wont be a fix.

the next passage is from the current changelog, seems like this is done on purpose

Case #5083 - Notify admins upon detection of admin directory configuration issue

 

Case #5083 is an attempt to make the upgrade process more fool-proof. We have found in recent releases that a lot of users apply an update forgetting to take into account their custom admin directory settings. The results of this are that you end up with the newer files in the default /admin/ directory, and then experience errors and problems due to attempting to use WHMCS with older files still present in their custom admin directory. So as of this update, you will be prompted any time a custom admin directory name is configured and a default /admin/ directory is found also. You will not be allowed to continue using the admin area until the default /admin/ directory is removed. If you encounter this error, please ensure you have uploaded all the files from this and any recent updates into your custom admin directory before removing it.

0
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated

  I accept