⚠️ Urgent! Active Attacks on MODX Revolution Sites Below Revolution 2.6.5
Subscribe: RSS
  • Hi.
    I'm unable to log in to the manager after Revo 2.6.5 upgrade from 2.3.3.
    My username/password is not recognized.
    I can receive the reset password email, but the password in the email does not work either.
    I have tried resetting the password manually with this procedure, but that does not work either. I can see that the database is updated. I have verified that the MD5 hash generated is correct.
    UPDATE modx_users SET hash_class = 'hashing.modMD5', password = MD5('the-new-password') WHERE username = 'theusername';


    I did an upgrade install like this:
    1. Cleared caches from within the manager
    2. Logged out all users from within the manager
    3. Cleared the core/cache folder manually
    4. Downloaded the latest version
    wget https://modx.com/download/direct?id=modx-2.6.5-pl.zip --no-check-certificate --content-disposition

    5. Unzipped and renamed the unpacked folder to modx
    6. Did an rsync copy
    $ rsync -avP modx/connectors/ connectors*/
    $ rsync -avP modx/core/ core*/
    $ rsync -avP modx/manager/ manager*/
    $ rsync -avP modx/setup/ setup/

    7. Ran setup, selecting 'Upgrade existing install' without any issues.

    Now stuck at the login screen.

    Any ideas?

    This question has been answered by multiple community members. See the first response.

    • Does it say your user or pass is incorrect, or does it just reload to the manager login screen without an error?

      If the latter, there could be a problem with your sessions table or your session settings (like cookie domain, path, or secureOnly being enabled on http).

      Try looking at the session table - is it showing data when you try to login?
      Try looking at the http request through the browser dev console when you login, in particular the Set-Cookie response header on the POST. Does it show the right domain and path?
        Mark Hamstra • Developer spending his days working on Premium Extras and a MODX Site Dashboard with remote management features to make the MODX world a little better.

        Tweet me @mark_hamstra, check my infrequent blog at markhamstra.com, my slightly more frequent ramblings at MODX.today or see code at Github.
      • Thanks for the reply.
        It says the username/password is incorrect or words to that effect in red letters and stays on the login screen.
        I have not checked the sessions table, but I have checked that the wrong login counter is not incremented. It is still at 0.
        • It does sound like a session problem. Sometimes, in that case, you're actually logged in. See if you can go to yoursite.com/manager by typing it in the browser's address window.
            Get my Book: MODX:The Official Guide
            MODX info for everyone: http://bobsguides.com/MODx.html
            My MODX Extras
            Bob's Guides is now hosted at A2 MODX Hosting
          • This I have tried. It loads the login window only.
            I will have a look at the sessions table when I have access a bit later.
            I don’t think there could be any session active as I logged out all users first and have tried from another browser with the same result.
            That would also mean there would have to be a bug somewhere as any sessions should be destroyed when new passwords are sent out.
            • Mark Hamstra Reply #6, 2 months ago
              If it shows an error about the details being incorrect, maybe it can't load your user object, or the details are actually wrong wink

              Have you checked the MODX error log? It's at core/cache/logs/error.log. Maybe that has an explanation.
                Mark Hamstra • Developer spending his days working on Premium Extras and a MODX Site Dashboard with remote management features to make the MODX world a little better.

                Tweet me @mark_hamstra, check my infrequent blog at markhamstra.com, my slightly more frequent ramblings at MODX.today or see code at Github.
              • Quote from: markh at Jul 14, 2018, 10:41 AM
                Have you checked the MODX error log? It's at core/cache/logs/error.log. Maybe that has an explanation.

                It did indeed. Thank you so much. I was actually unaware of this error log.
                It appears the column 'createdon' did not exist in the database.
                Here is the error:
                [2018-07-14 19:01:28] (ERROR @ xxx/core/xpdo/om/xpdoobject.class.php : 240) Error 42S22 executing statement: 
                Array
                (
                    [0] => 42S22
                    [1] => 1054
                    [2] => Unknown column 'modUser.createdon' in 'field list'
                )


                I inserted a column 'createdon' of type datetime in 'modx_users' and it did the trick. I could now log in again and no error was produced.
                Thanks again.

                P.S. This does seem to be a bug in the setup by not checking for the presence of this column and and/or not creating it when it is missing.
                • It's usually the result of skipping over a major version (ending in .0) when upgrading. That said, Setup should really make sure that all the major version changes have been implemented. The details on all the possible missing fields are documented here: https://bobsguides.com/blog.html/2016/06/27/missing-db-fields-(unknown-column)/. You might want to check the others, and the details of the field you created. Sometimes the problems don't show up right away.
                    Get my Book: MODX:The Official Guide
                    MODX info for everyone: http://bobsguides.com/MODx.html
                    My MODX Extras
                    Bob's Guides is now hosted at A2 MODX Hosting
                  • Thank you Bob.
                    I will, thanks for the link.
                    This caveat should really be mentioned during the setup process if it cannot be verified by the installer. I was unaware that such provisions existed when upgrading.
                    I took for granted that any changes to the database was handled by the installer.
                    • They used to be, but something slipped along the way.

                      In setup/includes/upgrades/common. There is a file called 2.5-user-createdon.php that's supposed to be run if you're upgrading from < 2.5.0 to > 2.5.0, but obviously it didn't for you.
                        Get my Book: MODX:The Official Guide
                        MODX info for everyone: http://bobsguides.com/MODx.html
                        My MODX Extras
                        Bob's Guides is now hosted at A2 MODX Hosting