Set security and lost access - Please help

Problems with the Windows version of XAMPP, questions, comments, and anything related.

Set security and lost access - Please help

Postby dinosaur62 » 05. April 2013 22:09

I am a newbie to xampp but do know some things about computers.

Here is the situation: I installed xampp on my windowx xp home system in preperation for installing a wordpress test/development environment. Concerned about security I modified my norton security firewall to limit access to the local subnet. I ran control panel, started apache and mysql, and had no problems with localhost access or phpmyadmin. I then ran localhost/security as suggested with respect to xampp instruction. I set password for mysql and it indicated success. I then set a username and password for access to xampp directories and it indicated success.

I can get to phpmyadmin with the password.

I can't get to localhost or localhost/security. I get an authentication failure - error 401

The log shows:

[Fri Apr 05 15:56:20.750000 2013] [core:warn] [pid 4792:tid 416] AH00098: pid file C:/xampp/apache/logs/httpd.pid overwritten -- Unclean shutdown of previous Apache run?
[Fri Apr 05 15:56:22.046875 2013] [ssl:warn] [pid 4792:tid 416] AH01873: Init: Session Cache is not configured [hint: SSLSessionCache]
[Fri Apr 05 15:56:22.515625 2013] [mpm_winnt:notice] [pid 4792:tid 416] AH00455: Apache/2.4.3 (Win32) OpenSSL/1.0.1c PHP/5.4.7 configured -- resuming normal operations
[Fri Apr 05 15:56:22.515625 2013] [mpm_winnt:notice] [pid 4792:tid 416] AH00456: Server built: Aug 18 2012 12:41:37
[Fri Apr 05 15:56:22.515625 2013] [core:notice] [pid 4792:tid 416] AH00094: Command line: 'c:\\xampp\\apache\\bin\\httpd.exe -d C:/xampp/apache'
[Fri Apr 05 15:56:22.531250 2013] [mpm_winnt:notice] [pid 4792:tid 416] AH00418: Parent: Created child process 5916
[Fri Apr 05 15:56:28.312500 2013] [ssl:warn] [pid 5916:tid 1636] AH01873: Init: Session Cache is not configured [hint: SSLSessionCache]
[Fri Apr 05 15:56:28.734375 2013] [mpm_winnt:notice] [pid 5916:tid 1636] AH00354: Child: Starting 150 worker threads.
[Fri Apr 05 15:57:30.359375 2013] [auth_basic:error] [pid 5916:tid 216] [client 127.0.0.1:1863] AH01617: user uforwptst: authentication failure for "/xampp/": Password Mismatch
[Fri Apr 05 15:58:03.390625 2013] [auth_basic:error] [pid 5916:tid 216] [client 127.0.0.1:1864] AH01617: user uforwptst: authentication failure for "/xampp/": Password Mismatch
[Fri Apr 05 15:58:20.156250 2013] [auth_basic:error] [pid 5916:tid 216] [client 127.0.0.1:1865] AH01617: user uforwptst: authentication failure for "/xampp/": Password Mismatch

I know the password I am entering is the same as the password I created as I am very careful about writing them down and entering them.

I've looked everywhere to try to find a solution to this and can't find it. I have confirmed the mod_rewrite is loaded. I've tried the override all from override none in the conf file. Reverted everything tried when it didn't work.

Resolving this problem so that I can get on with things would be appreciated.

Any ideas?

Thanks in advance.
dinosaur62
 
Posts: 3
Joined: 05. April 2013 21:44
Operating System: Windows XP home

Re: Set security and lost access - Please help

Postby dinosaur62 » 06. April 2013 21:21

I had hoped this would be an easy problem to resolve for those already familiar with xampp. Perhaps it was considered too easy. :-) Shame on me if that was the case. It took me most of today to finally, sort of, resolve the problems.

First of all I would like to send thanks to @JonB. While I did not think the 'session' error showing up in the log had anything to do with the unauthorized access problem (it didn't as far as I could determine) it was nice to find a solution posted for that issue that caught my eye. I followed JonB instructions (except in httpd-ssl.conf it was a matter of uncommenting the line versus adding at ~70). The session error is gone.

As far as being able to logon with the user/pw I set up for xampp here is what I found and what I did:

When you set user/pw for xampp 3 files are created:

\xampp\htdocs\xampp\.htaccess
\xampp\security\xampp.users
\xampp\security\htdocs\.htaccess

xampp.users apparently contains the new user and an encrypted version of the password. The .htaccess files use that. I believe I could have just deleted the 3 files because I confirmed that they were actually created and not part of the initial installation as empty or with other contents. Also; I couldn't find anything else modified at the same general time. However; to be a little safer (I hope) I simply stripped the password from xampp.users (using notepad in my case). I did leave the : after the username but it might not be necessary.

I am still prompted to logon when I access localhost but I can now do so with username and an empty password.

SO..... My "problem" is apparently resolved.

I have not tried to simply delete the 3 files and try to set a user and password again. I suspect that would work except I am 99.9 percent certain that I wrote down and used the original password correctly. So I'm afraid the problem would come back.

If anyone happens to know how I can "see" what is being sent for a password (if anything!) in order to compare with the file content the information would be appreciated. Or; if anyone knows why what is being sent via the logon would be possibly encrypted differently that information would also be of some interest.

Anyway; thanks for a nice place to communicate and find information. I found it helpful if only for the pupose of venting some frustration by asking my question.
dinosaur62
 
Posts: 3
Joined: 05. April 2013 21:44
Operating System: Windows XP home

Re: Set security and lost access - Please help

Postby JonB » 07. April 2013 17:53

Ahhh - The 'JonB guy' sez - "use the Security Wizard and check the option to Save to Text file"

---- Security risk! ----
Safe plain password in text file?
(File: C:\xampp\security\security\mysqlrootpasswd.txt)


XAMPP DIRECTORY PROTECTION (.htaccess)

User:
Password:

---- Security risk! ----
Safe plain password in text file?
(File: C:\xampp\security\security\xamppdirpasswd.txt)


You can also use an MD5 password generator to make repairs if you goof OR just want different passwords for different sections (such as one for XAMPP/admins stuff and another for more open sections of htdocs/)

http://www.web2generators.com/apache/htpasswd_generator

http://www.htaccesstools.com/htpasswd-generator/

Good Luck
8)
User avatar
JonB
AF Moderator
 
Posts: 3210
Joined: 12. April 2010 16:41
Location: Land of the Blazing Sun
Operating System: Windows XP/7 - Fedora 15 1.7.7

Re: Set security and lost access - Please help

Postby dinosaur62 » 10. April 2013 11:12

Thank you. I will try that. I am also havng a problem when I set up a 2nd user in mysql in order to avoid using root. Same problem of password failure. I ensured privileges correct, localhost vs % etcetera. Everything I see indicates it should work.

Can't help but think that I am overlooking something simple. It is like somehow the passwords are being encrypted differently. I will keep analyzing.

Thanks again.
dinosaur62
 
Posts: 3
Joined: 05. April 2013 21:44
Operating System: Windows XP home


Return to XAMPP for Windows

Who is online

Users browsing this forum: No registered users and 148 guests