Hello everyone ,
Thank you for your feedback. FlatPress 1.3 Andante had several vulnerabilities regarding the admin login. Firstly, the administrator name was saved in the fp-user cookie as the real name. This means: I look at your cookie and know what the admin name is. The password was also stored in the fp-pass cookie. In addition, the author of the posts was always the admin. I look at the two cookies, see the author of the posts and log in to you as admin.
That was the reason why I changed the admin login from a cookie authentication to a session authentication. In addition, the author name in 1.4.1 does not have to be the same as the admin name.
I had tested several update scenarios with the setup hint (1.2.1 -> 1.4.1, 1.3.1 -> 1.4.1). However, I was always able to log in as admin after the update+setup. So I am surprised that you encountered these problems during the update.
However, I must also say that none of us are professional programmers or software testers and that we drive the further development in our free time after work. Therefore, it is not always impossible that one or the other error creeps in and remains undetected in the RC phase or is not reported by the testers.
If problems occur in certain constellations, I like to take a look at them and get to the bottom of possible causes.
Stay vigilant
With best regards
Frank
after upgrade to fp1.4 admin password failure
-
fraenkiman
- Posts: 368
- Joined: Thu Feb 03, 2022 7:25 pm
- Location: Berlin, Germany
- Contact:
Re: after upgrade to fp1.4 admin password failure
You are strong in PHP and Java Script? 
Then help us to improve FlatPress. 
Looking for ideas, templates, examples and answers to frequently asked questions?
You'll find it here.My
FlatPress-Blog: https://frank-web.dedyn.io
Re: after upgrade to fp1.4 admin password failure
Juggernaut. miksmith: Thank you very much for your feedback. FlatPress still lacks an automatic updater that takes care of all the hustle, this is on our list for a while now.
The update to 1.4 is a bit tricky, though: Since we changed the way FlatPress stores your credentials, you'll need to re-run the setup after uploading the files from the update package. We're currently working on an update package from 1.3/1.3.1 to 1.4.1, please stay tuned - as soon as we release it, I'd like to ask you to give it another try.
What's great about FlatPress as a flat-file system: If something goes wrong (as in your cases), you simply copy back the full backup of your FlatPress folder you created beforehand.
We'll get you updated, don't worry. I'll announce the enhanced 1.4.1 update package as soon as it is ready.
All the best,
Arvid
The update to 1.4 is a bit tricky, though: Since we changed the way FlatPress stores your credentials, you'll need to re-run the setup after uploading the files from the update package. We're currently working on an update package from 1.3/1.3.1 to 1.4.1, please stay tuned - as soon as we release it, I'd like to ask you to give it another try.
What's great about FlatPress as a flat-file system: If something goes wrong (as in your cases), you simply copy back the full backup of your FlatPress folder you created beforehand.
We'll get you updated, don't worry. I'll announce the enhanced 1.4.1 update package as soon as it is ready.
All the best,
Arvid
Docs
Mastodon
Forum RSS feed
Donate
Who is online
Users browsing this forum: No registered users and 0 guests