Suddenly unable to log into manager

My MODx install has been working fine for months. Today I can’t log into the manager - the front-end site is still working fine. I haven’t made any change to any files on the server since it was working yesterday.

The manager login screen looks normal. If I enter an incorrect username or password, it tells me so (as expected). But when I enter the correct username/password it just shows the login screen again with no error message. No JS errors reported by firefox.

I checked the database, and the manager_log table indicates that I’ve logged in successfully.
I’ve tried multiple browsers and machines (PC/Mac) with the same result.
I’ve cleared my browser cache and MODx cache directory.
Checked server error logs - no problem there.

I’m at a complete loss - can anyone suggest what might be happening, or what else I can check?

Do you have MySQL access, e.g. via phpMyAdmin? Then you can try resetting your manager login or create a new manager user altogether.

What version of MODx? PHP? MySQL? Which host?

MODx 0.9.6.3, PHP 5.2.10, MySQL 5.0.81, shared cPanel hosting. None of these things have changed since yesterday.

I do have access to phpMyAdmin, but not sure what I can do. The problem occurs for ALL manager users and the password used is definitely correct. I tried emptying user_attributes.sessionid for 1 user, but the problem remains.

It sounds like a session problem. Maybe the dir. where sessions are saved (session_save_path, IIRC), has become read-only. This has been happening to people lately -- some hosts’ upgrades are doing it.

Thanks for the suggestion. session.save_path was set to /tmp which is out of my control. I created a directory in my web space and added the following to /manager/php.ini
session.save_path="/home/USERNAME/public_html/_session"

I tried again, and session files are being created in this directory - but it hasn’t solved the problem

That’s an odd one. Have you checked the MODx error log?

There’s nothing relevant in the event_log table.
I’m convinced that something must have changed in the server environment, and I’ve asked my host about any changes they’ve made recently - hopefully I’ll get some info from them soon-ish. The frustrating thing is that without any hint of an error message, I’m at a loss.

If they’ve adopted suPHP, the file and folder permissions would need changing.

The only other think I can think of is mod_security.

Still waiting for a response from the hoster.
I think suPHP was already in place - anyway a problem with permissions would have thrown some kind of error somewhere wouldn’t it?

I don’t know much about mod_security but I have this in /manager/.htaccess:
<IfModule mod_security.c>
# Turn the filtering engine Off
SecFilterEngine Off
</IfModule>

Sessions must be working because frontend users can stay logged in - what’s different about backend login?
Maybe I can hack into the manager login scripts (put in a few echo statements?) to try to pinpoint where it fails - no idea where to start though - any ideas?

Check your file permissions, just to eliminate that possibility. If suPHP is involved, they need to be 755 for folders and 644 for files.

Take a look at your memory_limit setting in phpInfo(), maybe your host has messed with it.

Look also at the .htacces and index.php files in the root and Manager in case the site has been hacked.

You might also try repairing the DB tables and trying the Manager login trick in the next-to-last item here: http://bobsguides.com/modx-newbie-faq.html