"Security Violation" - unable to log in

htoerrin

Joined: 2009-03-10
Posts: 1
Posted: Tue, 2009-03-10 18:21

Gallery version 2.3
Browser Firefox 3.0.7

My gallery worked fine until suddenly one day normal users became unable to log in. I am still able to log in as administrator. Once the login has failed, I am unable to log in again until I clear the browser cookies. If you need more information, I will be happy to provide it, but since I'll have to clear all my cookies to log into my gallery again, I will send this now.

Any help will be greatly appreciated!

Havard

To reproduce the error I do the following:

1. Clear browser cookies
2. Go to gallery root

=> DUMP 1

3. Log in as normal user
Login failes with "Security Violation" message.

=> DUMP 2

3. Return to gallery
Still get the same error message. I have to clear the browser cookies to be able to log in again.
=> DUMP 3

=== DUMP 1 ===

Debug Redirect
Not automatically redirecting you to the next page because we're in debug mode
Continue to the next page

file_exists(/home/htoerrin/ht-foto.org_gallery_g2data/cache/module/_all/0/0/GalleryFactoryHelper_loadRegistry.inc)
file_exists(/home/htoerrin/ht-foto.org/gallery/modules/rewrite/classes/parsers/modrewrite/ModRewriteUrlGenerator.class)
getParameter modrewrite.galleryLocation for rewrite plugin
file_exists(/home/htoerrin/ht-foto.org_gallery_g2data/cache/module/rewrite/0/0/0.inc)
getParameter shortUrls for rewrite plugin
getParameter language.useBrowserPref for core plugin
file_exists(/home/htoerrin/ht-foto.org_gallery_g2data/cache/module/core/0/0/0.inc)
getParameter default.language for core plugin
controller core.UserLogin, view
Loading plugin core
Class not defined, trying to include it.
file_exists(/home/htoerrin/ht-foto.org/gallery/modules/core/module.inc)
core plugin successfully instantiated
file_exists(/home/htoerrin/ht-foto.org_gallery_g2data/versions.dat)
file(/home/htoerrin/ht-foto.org_gallery_g2data/versions.dat, )
file_exists(/home/htoerrin/ht-foto.org/gallery/modules/httpauth/classes/HttpAuthPlugin.class)
file_exists(/home/htoerrin/ht-foto.org_gallery_g2data/cache/module/httpauth/0/0/0.inc)
getParameter id.anonymousUser for core plugin
[1236708341] can't guarantee 5 -- extending!
file_exists(/home/htoerrin/ht-foto.org_gallery_g2data/cache/entity/0/0/5.inc)
Loading plugin core
core plugin successfully instantiated
Check the version of the core plugin
file_exists(/home/htoerrin/ht-foto.org_gallery_g2data/cache/module/_all/0/0/GalleryPluginHelper_fetchPluginStatus.inc)
The version of the core plugin is ok
file_exists(/home/htoerrin/ht-foto.org/gallery/modules/core/UserLogin.inc)

(mysqli): SET NAMES "utf8"

(mysqli): SELECT g2_Schema.g_info FROM g2_PluginMap, g2_Schema
WHERE g2_PluginMap.g_pluginId = g2_Schema.g_pluginId
AND g2_Schema.g_type = 'map' AND g2_PluginMap.g_active = 1

(mysqli): SELECT g_count, g_lastAttempt FROM g2_FailedLoginsMap WHERE
g_userName='ht3'

(mysqli):
SELECT
g2_User.g_id
FROM
g2_User
WHERE
g2_User.g_userName = 'ht3'

file_exists(/home/htoerrin/ht-foto.org_gallery_g2data/cache/entity/8/0/804.inc)
getParameter validation.level for core plugin
file_exists(/home/htoerrin/ht-foto.org/gallery/modules/captcha/classes/CaptchaValidationPlugin.inc)
getParameter failedAttemptThreshold for captcha plugin
file_exists(/home/htoerrin/ht-foto.org_gallery_g2data/cache/module/captcha/0/0/0.inc)
getParameter failCount-core.UserLogin.ht3 for captcha plugin

(mysqli): BEGIN

(mysqli): DELETE FROM g2_FailedLoginsMap WHERE g_userName='ht3'

getParameter cookie.domain for core plugin
getParameter cookie.path for core plugin
getParameter session.lifetime for core plugin
Loading plugin core
core plugin successfully instantiated
Check the version of the core plugin
The version of the core plugin is ok
getParameter id.anonymousUser for core plugin

(mysqli): SET NAMES "utf8"

(mysqli): INSERT INTO g2_SessionMap (g_id, g_userId, g_remoteIdentifier,
g_creationTimestamp, g_modificationTimestamp, g_data) VALUES
('4273d5e334bc78f236802c04b92e21e3',804,'a:2:{i:0;s:14:\"193.71.153.201\";i:1;s:32:\"a6d00b727447dab8a018d6e26a9991c2\";}',1236708341,1236708341,'a:1:{s:13:\"core.language\";s:5:\"en_US\";}')

getParameter session.lifetime for core plugin
file_exists(/home/htoerrin/ht-foto.org/gallery/modules/useralbum/module.inc)
getParameter loginRedirect for useralbum plugin
file_exists(/home/htoerrin/ht-foto.org_gallery_g2data/cache/module/useralbum/0/0/0.inc)
getParameter session.lifetime for core plugin

(mysqli): UPDATE g2_SessionMap SET g_userId=804,
g_remoteIdentifier='a:2:{i:0;s:14:\"193.71.153.201\";i:1;s:32:\"a6d00b727447dab8a018d6e26a9991c2\";}',
g_creationTimestamp=1236708341, g_modificationTimestamp=1236708342,
g_data='a:2:{s:13:\"core.language\";s:5:\"en_US\";s:34:\"session.siteAdminActivityTimestamp\";i:1236708342;}'
WHERE g_id='4273d5e334bc78f236802c04b92e21e3'

(mysqli): COMMIT

=== DUMP 2 ===

Security Violation

The action you attempted is not permitted.

Back to the Gallery
Error Detail +
Error (ERROR_MISSING_OBJECT, ERROR_PERMISSION_DENIED)

* in modules/core/classes/GalleryView.class at line 368 (GalleryCoreApi::error)
* in modules/core/ShowItem.inc at line 106 (GalleryView::getItem)
* in modules/core/ShowItem.inc at line 61 (ShowItemView::getItem)
* in modules/core/classes/GalleryView.class at line 293 (ShowItemView::loadTemplate)
* in main.php at line 465 (GalleryView::doLoadTemplate)
* in main.php at line 104
* in main.php at line 88

Debug Output
file_exists(/home/htoerrin/ht-foto.org_gallery_g2data/cache/module/_all/0/0/GalleryFactoryHelper_loadRegistry.inc) file_exists(/home/htoerrin/ht-foto.org/gallery/modules/rewrite/classes/parsers/modrewrite/ModRewriteUrlGenerator.class) getParameter modrewrite.galleryLocation for rewrite plugin file_exists(/home/htoerrin/ht-foto.org_gallery_g2data/cache/module/rewrite/0/0/0.inc) getParameter shortUrls for rewrite plugin getParameter session.lifetime for core plugin file_exists(/home/htoerrin/ht-foto.org_gallery_g2data/cache/module/core/0/0/0.inc) getParameter session.inactivityTimeout for core plugin (mysqli): SET NAMES "utf8" (mysqli): SELECT g2_Schema.g_info FROM g2_PluginMap, g2_Schema WHERE g2_PluginMap.g_pluginId = g2_Schema.g_pluginId AND g2_Schema.g_type = 'map' AND g2_PluginMap.g_active = 1 (mysqli): SELECT g_userId, g_remoteIdentifier, g_creationTimestamp, g_modificationTimestamp, g_data FROM g2_SessionMap WHERE g_id='4273d5e334bc78f236802c04b92e21e3' controller , view Loading plugin core Class not defined, trying to include it. file_exists(/home/htoerrin/ht-foto.org/gallery/modules/core/module.inc) core plugin successfully instantiated file_exists(/home/htoerrin/ht-foto.org_gallery_g2data/versions.dat) file(/home/htoerrin/ht-foto.org_gallery_g2data/versions.dat, ) [1236708378] can't guarantee 5 -- extending! file_exists(/home/htoerrin/ht-foto.org_gallery_g2data/cache/entity/8/0/804.inc) Loading plugin core core plugin successfully instantiated Check the version of the core plugin file_exists(/home/htoerrin/ht-foto.org_gallery_g2data/cache/module/_all/0/0/GalleryPluginHelper_fetchPluginStatus.inc) The version of the core plugin is ok file_exists(/home/htoerrin/ht-foto.org/gallery/modules/core/ShowItem.inc) getParameter acceleration for core plugin getParameter id.anonymousUser for core plugin getParameter smarty.compile_check for core plugin getParameter id.anonymousUser for core plugin getParameter id.adminGroup for core plugin (mysqli): SELECT g_userId FROM g2_UserGroupMap WHERE g_userId=804 AND g_groupId=3 LIMIT 1 getParameter id.anonymousUser for core plugin getParameter id.rootAlbum for core plugin (mysqli): SELECT g2_Group.g_id, g2_Group.g_groupName FROM g2_UserGroupMap, g2_Group WHERE g2_Group.g_id = g2_UserGroupMap.g_groupId AND g2_UserGroupMap.g_userId = 5 ORDER BY g2_Group.g_groupName LIMIT 18446744073709551615 (mysqli): SELECT g_module, g_permission, g_description, g_bits, g_flags FROM g2_PermissionSetMap (mysqli): SELECT DISTINCT g2_AccessMap.g_accessListId FROM g2_AccessMap WHERE g2_AccessMap.g_userOrGroupId IN (5,4) AND g2_AccessMap.g_permission & 1 = 1 getParameter id.rootAlbum for core plugin file_exists(/home/htoerrin/ht-foto.org_gallery_g2data/cache/entity/0/0/7.inc) (mysqli): SELECT g2_Group.g_id, g2_Group.g_groupName FROM g2_UserGroupMap, g2_Group WHERE g2_Group.g_id = g2_UserGroupMap.g_groupId AND g2_UserGroupMap.g_userId = 804 ORDER BY g2_Group.g_groupName LIMIT 18446744073709551615 (mysqli): SELECT DISTINCT g2_AccessMap.g_accessListId FROM g2_AccessMap WHERE g2_AccessMap.g_userOrGroupId IN (804,4,2) AND g2_AccessMap.g_permission & 1 = 1 getParameter id.rootAlbum for core plugin getParameter default.theme for core plugin Loading plugin classic Class not defined, trying to include it. file_exists(/home/htoerrin/ht-foto.org/gallery/themes/classic/theme.inc) classic plugin successfully instantiated Check the version of the classic plugin file_exists(/home/htoerrin/ht-foto.org_gallery_g2data/cache/theme/_all/0/0/GalleryPluginHelper_fetchPluginStatus.inc) The version of the classic plugin is ok file_exists(/home/htoerrin/ht-foto.org_gallery_g2data/cache/theme/classic/0/0/0.inc) file_exists(/home/htoerrin/ht-foto.org_gallery_g2data/cache/theme/_all/localUrlMap.txt) getParameter id.rootAlbum for core plugin getParameter id.adminGroup for core plugin getParameter id.anonymousUser for core plugin file_exists(/home/htoerrin/ht-foto.org/gallery/modules/httpauth/module.inc) file_exists(/home/htoerrin/ht-foto.org_gallery_g2data/cache/module/httpauth/0/0/0.inc) getParameter default.theme for core plugin Loading plugin classic classic plugin successfully instantiated Check the version of the classic plugin The version of the classic plugin is ok Loading plugin core core plugin successfully instantiated Check the version of the core plugin The version of the core plugin is ok getParameter id.adminGroup for core plugin realpath(/home/htoerrin/ht-foto.org/gallery/modules/core/classes/../../../) realpath(/home/htoerrin/ht-foto.org/gallery/) getParameter id.rootAlbum for core plugin getParameter default.theme for core plugin Loading plugin classic classic plugin successfully instantiated Check the version of the classic plugin The version of the classic plugin is ok file_exists(/home/htoerrin/ht-foto.org_gallery_g2data/smarty/templates_c/%%1277379120/classic) is_dir(/home/htoerrin/ht-foto.org_gallery_g2data/smarty/templates_c/%%1277379120/classic) file_exists(/home/htoerrin/ht-foto.org_gallery_g2data/smarty/templates_c/%%1277379120/classic) is_writeable(/home/htoerrin/ht-foto.org_gallery_g2data/smarty/templates_c/%%1277379120/classic) file_exists(/home/htoerrin/ht-foto.org_gallery_g2data/smarty/templates_c/%%1277379120/classic/v_14) file_exists(/home/htoerrin/ht-foto.org/gallery/lib/javascript/local/BlockToggle.js) file_exists(/home/htoerrin/ht-foto.org/gallery/modules/core/../../themes/classic/local/theme.css)

=== DUMP 3 ===

Security Violation

The action you attempted is not permitted.

Back to the Gallery
Error Detail -
Error (ERROR_MISSING_OBJECT, ERROR_PERMISSION_DENIED)

* in modules/core/classes/GalleryView.class at line 368 (GalleryCoreApi::error)
* in modules/core/ShowItem.inc at line 106 (GalleryView::getItem)
* in modules/core/ShowItem.inc at line 61 (ShowItemView::getItem)
* in modules/core/classes/GalleryView.class at line 293 (ShowItemView::loadTemplate)
* in main.php at line 465 (GalleryView::doLoadTemplate)
* in main.php at line 104
* in main.php at line 88

Debug Output
file_exists(/home/htoerrin/ht-foto.org_gallery_g2data/cache/module/_all/0/0/GalleryFactoryHelper_loadRegistry.inc) file_exists(/home/htoerrin/ht-foto.org/gallery/modules/rewrite/classes/parsers/modrewrite/ModRewriteUrlGenerator.class) getParameter modrewrite.galleryLocation for rewrite plugin file_exists(/home/htoerrin/ht-foto.org_gallery_g2data/cache/module/rewrite/0/0/0.inc) getParameter shortUrls for rewrite plugin getParameter session.lifetime for core plugin file_exists(/home/htoerrin/ht-foto.org_gallery_g2data/cache/module/core/0/0/0.inc) getParameter session.inactivityTimeout for core plugin (mysqli): SET NAMES "utf8" (mysqli): SELECT g2_Schema.g_info FROM g2_PluginMap, g2_Schema WHERE g2_PluginMap.g_pluginId = g2_Schema.g_pluginId AND g2_Schema.g_type = 'map' AND g2_PluginMap.g_active = 1 (mysqli): SELECT g_userId, g_remoteIdentifier, g_creationTimestamp, g_modificationTimestamp, g_data FROM g2_SessionMap WHERE g_id='4273d5e334bc78f236802c04b92e21e3' controller , view Loading plugin core Class not defined, trying to include it. file_exists(/home/htoerrin/ht-foto.org/gallery/modules/core/module.inc) core plugin successfully instantiated file_exists(/home/htoerrin/ht-foto.org_gallery_g2data/versions.dat) file(/home/htoerrin/ht-foto.org_gallery_g2data/versions.dat, ) [1236708456] can't guarantee 5 -- extending! file_exists(/home/htoerrin/ht-foto.org_gallery_g2data/cache/entity/8/0/804.inc) Loading plugin core core plugin successfully instantiated Check the version of the core plugin file_exists(/home/htoerrin/ht-foto.org_gallery_g2data/cache/module/_all/0/0/GalleryPluginHelper_fetchPluginStatus.inc) The version of the core plugin is ok file_exists(/home/htoerrin/ht-foto.org/gallery/modules/core/ShowItem.inc) getParameter acceleration for core plugin getParameter id.anonymousUser for core plugin getParameter smarty.compile_check for core plugin getParameter id.anonymousUser for core plugin getParameter id.adminGroup for core plugin (mysqli): SELECT g_userId FROM g2_UserGroupMap WHERE g_userId=804 AND g_groupId=3 LIMIT 1 getParameter id.anonymousUser for core plugin getParameter id.rootAlbum for core plugin (mysqli): SELECT g2_Group.g_id, g2_Group.g_groupName FROM g2_UserGroupMap, g2_Group WHERE g2_Group.g_id = g2_UserGroupMap.g_groupId AND g2_UserGroupMap.g_userId = 5 ORDER BY g2_Group.g_groupName LIMIT 18446744073709551615 (mysqli): SELECT g_module, g_permission, g_description, g_bits, g_flags FROM g2_PermissionSetMap (mysqli): SELECT DISTINCT g2_AccessMap.g_accessListId FROM g2_AccessMap WHERE g2_AccessMap.g_userOrGroupId IN (5,4) AND g2_AccessMap.g_permission & 1 = 1 getParameter id.rootAlbum for core plugin file_exists(/home/htoerrin/ht-foto.org_gallery_g2data/cache/entity/0/0/7.inc) (mysqli): SELECT g2_Group.g_id, g2_Group.g_groupName FROM g2_UserGroupMap, g2_Group WHERE g2_Group.g_id = g2_UserGroupMap.g_groupId AND g2_UserGroupMap.g_userId = 804 ORDER BY g2_Group.g_groupName LIMIT 18446744073709551615 (mysqli): SELECT DISTINCT g2_AccessMap.g_accessListId FROM g2_AccessMap WHERE g2_AccessMap.g_userOrGroupId IN (804,4,2) AND g2_AccessMap.g_permission & 1 = 1 getParameter id.rootAlbum for core plugin getParameter default.theme for core plugin Loading plugin classic Class not defined, trying to include it. file_exists(/home/htoerrin/ht-foto.org/gallery/themes/classic/theme.inc) classic plugin successfully instantiated Check the version of the classic plugin file_exists(/home/htoerrin/ht-foto.org_gallery_g2data/cache/theme/_all/0/0/GalleryPluginHelper_fetchPluginStatus.inc) The version of the classic plugin is ok file_exists(/home/htoerrin/ht-foto.org_gallery_g2data/cache/theme/classic/0/0/0.inc) file_exists(/home/htoerrin/ht-foto.org_gallery_g2data/cache/theme/_all/localUrlMap.txt) getParameter id.rootAlbum for core plugin getParameter id.adminGroup for core plugin getParameter id.anonymousUser for core plugin file_exists(/home/htoerrin/ht-foto.org/gallery/modules/httpauth/module.inc) file_exists(/home/htoerrin/ht-foto.org_gallery_g2data/cache/module/httpauth/0/0/0.inc) getParameter default.theme for core plugin Loading plugin classic classic plugin successfully instantiated Check the version of the classic plugin The version of the classic plugin is ok Loading plugin core core plugin successfully instantiated Check the version of the core plugin The version of the core plugin is ok getParameter id.adminGroup for core plugin realpath(/home/htoerrin/ht-foto.org/gallery/modules/core/classes/../../../) realpath(/home/htoerrin/ht-foto.org/gallery/) getParameter id.rootAlbum for core plugin getParameter default.theme for core plugin Loading plugin classic classic plugin successfully instantiated Check the version of the classic plugin The version of the classic plugin is ok file_exists(/home/htoerrin/ht-foto.org_gallery_g2data/smarty/templates_c/%%1277379120/classic) is_dir(/home/htoerrin/ht-foto.org_gallery_g2data/smarty/templates_c/%%1277379120/classic) file_exists(/home/htoerrin/ht-foto.org_gallery_g2data/smarty/templates_c/%%1277379120/classic) is_writeable(/home/htoerrin/ht-foto.org_gallery_g2data/smarty/templates_c/%%1277379120/classic) file_exists(/home/htoerrin/ht-foto.org_gallery_g2data/smarty/templates_c/%%1277379120/classic/v_14) file_exists(/home/htoerrin/ht-foto.org/gallery/lib/javascript/local/BlockToggle.js) file_exists(/home/htoerrin/ht-foto.org/gallery/modules/core/../../themes/classic/local/theme.css)

 
Hardsniffer

Joined: 2008-01-09
Posts: 2
Posted: Wed, 2009-05-27 13:08

I get the sam message but still no solution founded