Hello all !
With my EE2 upgrade I happily arrived here:

Loggin in to admin area (editor)
Address to your EE's admin area is http://www.yourdomain.com/youEEgalleryfoldername/yourEEadminfoldername/
Admin folder name should be set in "basecode/SETUP_settings.php".
Default login is
username: admin
pass: pass

unfortunately i end here:

WARNING: IT LOOKS LIKE REGISTER_GLOBALS IS ON!
This is a highly potential security risk.
Please contact your server admin ASAP and ask them to set php's 'register_globals' off for your EE folder and all its subdirectories.

LOGGED OUT
Please log in again from here.

I tried all remedies with the php.ini and htaccess files which i found in the forum except asking my provider to change the php settings. Is there anything else i could do to get into the administrative page of EE2?

did you refresh you browser so that it isn't serving you a cached copy of that page? ;)

ah, yes i did that... even with different browsers... it's a bit frustrating having come this far and now the door is closed... but at least the startpage of EE2 works though without any photos to see...

but i am sure my time will come... :-)

yes, i just happened to drop by your site and saw that no photos were showing... looks like there may be something additional going on...

[time]

is that an apache server you are on? if so, it may be possible to make the needed setting changes in the .htaccess file... what i'm remembering and seeing in a brief research while writting this message, you need at least the following in your .htaccess file...


Options +AllowOverride Options

<IfModule mod_php4.c>
php_value register_globals off
</IfModule>


or similar... this only works if you have a .htaccess file... you should also research on the .htaccess file and its options if you are not familiar with it... just pasting in stuff that others tell you about might compromise your setup... the thing is that you need to be able to adjust certain php variables in some manner... if you are on apache and the necessary switches are in place, then you should be able to set this particular setting as needed... the other security setting, allow_fopen_url (IIRC), may or may not be able to be set in .htaccess or .php files... on my setup, i had to change that one in the actual php.ini file that i'm using... ahh! that also reminds me that some settings changes won't take effect until after the server is rebooted...

Hello!
Thank's so much for your help with the htaccess file !! Yes it is an Apache on RedHat. I did talk to my webhoster about the php.ini. According to them a personal php.ini only works if "phpsudoexe" is installed on the server which it was not in my case. So they moved my site to another server. Incl. DNS promotion this took about 1 day...

The administrative login still did not work so i browsed the forums until i found the hint to use the reset admin:password script. This let me in but without any logon at all !? What i could see was that my old EE installation was broken in some ways... missing galleries, photos and so on.... but at least with an installed phpsudoexe and a personal php.ini the warning about register globals has disapeared.

I then made a 2nd installation with an empty DB from scratch with EE1.5 to 2.0 just to see how it works and looks :-\ This empty EE2.0 is now active in my domain. After working for a while to check out the administrative page i suddenly was out again. I am not sure but i believe it was after i copied the 2.01 update into the directories.

No logon was possible anymore... :-( it simply returns to the logon fields just as it was 3 days ago... only without the register globals warning :-)

Version 2.01 had a bug fix to admin login.

With EE 2 make sure that you have in php.ini

register_long_arrays = Off

Hello Pekka !
There is a problem for me with the admin login and it does not go away. I could not get in even with php.ini register_long_arrays = Off. So i installed everything again from scratch with a 2nd DB so that i can switch between the old and new EE. Easily done...

The new EE2 is now active but without the 2.01 patches. I will patch again this evening and see what happens. I can not figure out why and when i get locked out. Now my admin pages are complely without any logon credentials... (admin path of course is changed).

In the meantime i filled EE2 with photos...

Can you see in your browser that it creates a cookie for admin?

Hi Pekka, no i do not think that i can see any cookies from EE2 in my Browser... This evening it happend again that i was suddenly locked out of the amin page after i worked in there for a while. I had to apply the reset admin-pass script and then i got in without any logon at all...

And you have now version 2.01 there?

Hi Pekka, no i have not. I worked all day with version 2.0.

Only just now did i copy the version 2.01 files into the respective directories and i was locked out again. Nothing i did helped me except to copy back the same version 2.0 files as i got from v# 2.01...

I tested the logon with 3 different browsers... empty chache, restart, page reload...

with v# 2.0 now open again checked the login history logfile and there i can see my logon attempts from v# 2.01. Also with version 2.0 i can not change the logon credentials. The admin page of 2.0 does not ask me for a logon...

In version 2.01 the admin logon bug where it did not ask credentials was fixed. So that you can not get in without credentials after 2.01 update is how it should work.
The real problem in your case is why 2.01 logon does not validate admin login. If you can PM info how to access your EE I can take a look and try it out.

Thanks for the access. I debugged this and the problem was that your server converted . in cookie names to _ for $_COOKIE, so the cookie name EE was looking for was not available, even if it was stored ok by the browser.

I changed your $ee_ident so that it contains _ instead of . and now it works ok.

Hello Pekka !

I recall your warning about special caracters in the cookie settings but i never thought about this... . versus _ !?

Thank's a lot for your kind help !

excellent! so now we can see your photos, eh? ;)

Thanks for the access. I debugged this and the problem was that your server converted . in cookie names to _ for $_COOKIE, so the cookie name EE was looking for was not available, even if it was stored ok by the browser.

I changed your $ee_ident so that it contains _ instead of . and now it works ok.

Oddly enough, I had this same issue on my server. Thanks for this post!

I wonder if a comment to use _ instead of . should go above the appropriate line in a vanilla basecode/SETUP_settings.php. I knew automatically to use _ instead of ., but many users fail to realise this, understandably.

There's even an argument for the EE code to convert . to _ when reading this value for robustness.



David

I wonder if a comment to use _ instead of . should go above the appropriate line in a vanilla basecode/SETUP_settings.php. I knew automatically to use _ instead of ., but many users fail to realise this, understandably.

There's even an argument for the EE code to convert . to _ when reading this value for robustness.
David

Good points. I have to dig cookie specs somewhere and see what is the allowed character list and length.