ECE (Emergency Configuration Editor)

One off tools that don't edit core files and perform single use functions
Forum rules
One off tools that don't edit core files and perform single use functions
Post Reply
User avatar
Dion
Support
Support
Posts: 18
Joined: Fri Dec 06, 2024 3:37 am

ECE (Emergency Configuration Editor)

Post by Dion »

The Emergency Configuration Editor (ECE) allows admins to securely access and modify selected phpBB configuration settings to fix broken logins due to incorrect ACP settings. ECE automatically fixes most broken cookie settings, and it automatically disables three obsolete security settings that should never be enabled on a production phpBB board:
The "Check IP against DNS Blackhole List" security option is broken, and the "Validate X_FORWARDED_FOR header" and "Tie forms to guest sessions" security options have high false positive rates (sometimes as much as 50%). These were good options in 2009. It's 2025. :-)
ECE requires an installed (deactivated is OK) Prosilver theme for its login page, which should not be an issue since Prosilver has been uninstallable since phpBB 3.2.8. And for that reason, ECE requires phpBB 3.3, or 3.2.8 - 3.2.11.

To install ECE, un-zip the attached archive and place the ece.php file in your phpBB root directory. To run ECE, point your browser to the ece.php file. If you are currently logged out of phpBB, you will see a login page using the Prosilver theme. Enter your credentials to log in, and if you have the required permissions, you will see the ECE main page,

If you log in to ECE, click the ACP button, and do not see the ACP re-authentication page, it means that one or more of the phpBB settings displayed in ECE is incorrect. You should log back in to ECE, remove checkmarks on all phpBB settings that have a checkmark, save the new settings, and then click the ACP button. If you can now see the ACP re-authentication page, then log into the ACP and experiment to see which formerly-checkmarked setting was causing the problem. (Best guess is the "Session IP validation" and/or "Validate Referrer" security settings because their false positive rates are also high.)

If you are unable to log in to ECE, then you may have browser issues, or perhaps your webserver (Apache/nginx/litespeed/etc) is blocking your access. If you rule out browser issues, then you should contact your hosting company.

Otherwise, please feel free to ask questions about ECE, and I'll do my best to answer them. There are also a few "outside-the-box" tricks in the code that might be of interest to extension developers.

ece.zip
(6.63 KiB) Downloaded 4 times
User avatar
Kailey
Administrator
Administrator
Posts: 50
Joined: Sat May 18, 2024 4:11 am
Name: Kailey Snay

Re: ECE (Emergency Configuration Editor)

Post by Kailey »

I've been meaning to reply to this. Would you mind uploading it to GitHub? If not, I can do it.
User avatar
Dion
Support
Support
Posts: 18
Joined: Fri Dec 06, 2024 3:37 am

Re: ECE (Emergency Configuration Editor)

Post by Dion »

Please feel free to upload ECE to the phpBB Modders Github account. Note that I won't be responding to any issues or pull requests that may be posted there; all support I may provide for ECE will be in this topic.
Post Reply