Author Archives: Tech Admin

Comprehensive Solution For Joomla Admin Session Problem After Upgrading To Joomla 1.0.13

22 Replies

Joomla logoJoomla 1.0.12 was known to have security problem so that Joomla users were urged to upgrade their Joomla to Joomla 1.0.13. For some users, upgrading went smoothly. However, others reported that there was problem with Joomla administrator login. It forced them to logout immediately after entering Joomla admin panel. Message found was either “Invalid Login”, “Admin Session Expired”, or “You need to login”. Did you also experience this issue? This article may help you explaining why it occured and alternative solutions available.

Active Session Id Verification in Joomla 1.0.13

If you follow Joomla development and compare how Joomla admin authentication works, you will notice that Joomla 1.0.13 implements internal active session id verification for the administrator login. This change prevents session fixation attempt and add more security to joomla authentication by ensuring current session id used is still active and uses Joomla’s session namespace.

However, Joomla 1.0.13 was shipped with broken session handler for administrator authentication. A new session namespace and id were generated when somebody pressed buttons other than “save” and “task” even if the session was not expired yet. Consequently, user experienced forced logout.

Continue reading

MySQL 5.0: Recovering Crashed/Corrupted InnoDB Database

10 Replies

restore crashed InnoDBIf you are a frequent user of transactional database feature in MySQL, you must be familiar with InnoDB storage engine. Along with BDB, InnoDB provides transaction safe database within MySQL environment.

Nobody wants bad thing happens although it often does. Sometimes, power outage or internal system malfunction or even human error makes the database crashed or corrupted. This article will provide steps taken to recover corrupted InnoDB database based on real crash course experience within *NIX environment.

Continue reading

Community Builder Advanced Search (Modified Version) Bugtrack and Wishlist

15 Replies

Community Builder Advanced SearchBeing away from the web development world for a while has given me some real life experiences which I’m afraid I couldn’t get only by sitting in from of my laptop tinkering with codes. And now, after quite some time, I feel recharged to do some work and continue the development of my abandoned app and projects.

Noticing that my modified version of CB advanced search gets attention even the modification is minor, I’d like to add more effort on it by providing simple bugtrack and wishlist. As simple is relative to someone’s point of view, I’ll clarify that the bugtrack and wishlist will be as simple as single wordpress’ entry, without messing up with 3rd party apps.

Bugs and wishlist will be compiled from comments in my blog. Please add your comment to this post if you have suggestion, bug report, or concern about this component. I’ll later manually put entry to this post consisting verified bugs to resolve and wishlist to work at.

Continue reading

Moving To South Korea

2 Replies

You may notice that this blog hasn’t been updated for a while. I moved to South Korea a week ago. Now I’m still struggling to adapt with the new environment and restoring data from my storage device.

I hope I will be back soon with more posts about my work and  I will start answering comments right after sorting out my personal problems. South Korea is very nice at my first impression. I hope my adaptation is fast and I won’t face any staggering problem with daily life here.

So, please stay tune.

In The Realm of Passwordless Authentication With OpenID (Featuring Vidoop)

1 Reply

How many sites do you visit regularly? How many times do you repeat the process of inputting username and password? Are you a regular visitor of “Forget your password?” link or you vehemently deny, saying you always remember all your passwords because they are all the same or follow the same pattern?

I Can Not Remember Passwords

You might say, “Are you kidding me, or you’re plainly a moron?” Yes, I probably am. During my early ages with internet, services offered were not that many and diverse like todays. I mainly used internet to check my email, hence remembering password was not a problem because I apparently used single password (or two for my other account).

Internet evolves, applications are built. New sites emerge everyday. I read news and article about new technology especially on websites and web apps. Another Joe said site A was cool because it offered yada-yada service. I dropped a visit, took a demo, and was eager to use the service offered. But it’s not free even it’s free (or it’s free with limitation if money is the term), i should be authenticated and authorized to use the service, hence registration (+payment) and another username-password pair.

After years, I found out that I had collected hundreds of username-password pairs. Hundreds? Yes, for sure. Credentials for e-payment should be different with the ones used in forums, emails, or other less critical service. Unfortunately,remembering which pair to be used in a site was and is always PITA. After being a regular patient of “Forget your password?”, I decided to organize login credentials so that I would never forget and could easily find out the username/password for a website/service. How?

Continue reading