Support

Admin Tools

#35336 Administrator secret URL parameter doesnt work and have effect

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by ssnobben on Monday, 07 June 2021 02:13 CDT

Wednesday, 02 June 2021 15:23 CDT

ssnobben

Hi the password admin backend doesnt work its not protected and you can login as normal  /administrator without get redirected protected there.

 

see attachment and testing with latest Joomla 3.9.27 and php 8.0.3 and Admin tools 6.0.6

 

[02-Jun-2021 09:10:34 UTC] PHP Warning: FOF40\Download\Adapter\Curl::reponseHeaderCallback(): Argument #1 ($ch) must be passed by reference, value given in /home/sflnojcm/public_html/libraries/fof40/Download/Adapter/Curl.php on line 135
[02-Jun-2021 09:10:34 UTC] PHP Warning: FOF40\Download\Adapter\Curl::reponseHeaderCallback(): Argument #2 ($data) must be passed by reference, value given in /home/sflnojcm/public_html/libraries/fof40/Download/Adapter/Curl.php on line 135

Edited by on 2021-07-02 20:45 CDT

Thursday, 03 June 2021 03:55 CDT

nicholas

It does work, this site where we're having this conversation being the proof of that.

However, you need to remember how it works. The first time you use the administrator secret URL parameter it sets a flag in your user session. This flag remains until your user session is destroyed.

If you use the Logout button in the administrator the session is destroyed BUT you are redirected to the backend login URL with the secret URL parameter, therefore the new user session now has the flag set once again.

Further to that, if you are using shared sessions in your site's Global Configuration the use session is shared between the frontend and the backend. Unless you log out from both places your session is still activate and has the flag set.

When the flag is set you can access the /administrator URL without the secret URL parameter just fine. The whole point of the secret URL parameter is to set a flag which says "this user (browser) session is authorised to view the administrator backend pages, including the login page itself".

BTW the two PHP warnings are unimportant. They can simply be ignored.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Sunday, 06 June 2021 11:55 CDT

ssnobben

Ok thanks for explanation.

 

so these error messages type can be ignored just that I get these is a bit annyoing from Admin Tools Pro reports :)

 

[04-Jun-2021 16:57:53 UTC] PHP Warning: FOF40\Download\Adapter\Curl::reponseHeaderCallback(): Argument #1 ($ch) must be passed by reference, value given in /home/sflnojcm/public_html/libraries/fof40/Download/Adapter/Curl.php on line 135
[04-Jun-2021 16:57:53 UTC] PHP Warning: FOF40\Download\Adapter\Curl::reponseHeaderCallback(): Argument #2 ($data) must be passed by reference, value given in /home/sflnojcm/public_html/libraries/fof40/Download/Adapter/Curl.php on line 135

Monday, 07 June 2021 01:35 CDT

nicholas

You can ignore that. They will be addressed in the next version of any of our extensions which will include a new version of FOF.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Monday, 07 June 2021 02:13 CDT

ssnobben

OK thanks for update.

 

closing

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!