KeepAlive: repeatedly logs attempted access to unauthorized page

[RixStix]

zc 1.5.4
upgraded from v1.5.3, from 1.3.9h, from 1.3.8a, from 1.3.8
php 5.5.25
mysql 5.5.42

Admin Logs have repeated "attempted access to unauthorized page [keepalive] for legitimate admin user.
This admin user is not a 'superuser', ie: has restricted permissions.
SuperUser admin does not cause similar log entries.

I looked in the admin profile for the dailyuser to see if there were a keepalive checkbox that I did not check and did not find one.

Am I missing a checkbox? Should there be a checkbox for keepalive in the admin profile to prevent this log entry from occurring once per minute (it seems, but I did not go back further than one html screen of log entries).

Code:

notice
2015-07-21 06:29:06
199.xx.xx.xx
2 DailyAdminUser (not SuperUser)    
keepalive.php    
r=0.8515617775265127    
1        
Attempted access to unauthorized page [keepalive]. Redirected to DENIED page instead.    
Array
(
)

[mc12345678]

Version of keepalive installed?

[RixStix]

Dr Byte's version. (beta 0.3)

I am not saying the update from zc1.5.3 to zc1.5.4 introduced this. I just happened to notice the details when looking for login attempts that use ID=0.

I suspect it is somehow related to a user without all the superuser access to admin but that is a guess rather than anything substantiated by data at this time.

[mc12345678]

Dr Byte's version. (beta 0.3)

I am not saying the update from zc1.5.3 to zc1.5.4 introduced this. I just happened to notice the details when looking for login attempts that use ID=0.

I suspect it is somehow related to a user without all the superuser access to admin but that is a guess rather than anything substantiated by data at this time.

To try to ensure clarity.. The individuals being logged have an id of 0? Or this is something that was stumbled upon where the logged individuals have an id other than zero but it was found "adjacent" to a record with a userid of 0?

Not sure if the logging is intentional or inadvertent as it does periodically signify that someone is logged in providing the "user" or access level granted, but only if not a superUser... Ohh, does the user profile that is logged have an id value of zero? (Actual value not necessary, just to know that it is either zero or non-zero for the purposes of the discussion.)

[RixStix]

To try to ensure clarity.. The individuals being logged have an id of 0?

Just to ensure clarity, the admin ID I am referencing is the same adminID that I included in the original post. It has nothing, nada, to do with AdminID=0. I don't think AdminID=0 is even supposed to exist or be used since that seems to be the default ID until a legitimate admin ID identifies themselves

This log entry seems to occurs every 60 to 61 seconds while that admin ID is legitimately logged into the admin account and on a page without updating the page.

There isn't (that I have found) an admin permission checkbox for keepalive as there is for most every other admin function; thus my assumption. My next step is to add permissions back to the user and remove until the log entry is generated. I was hoping to take a shortcut and not have to do that.

I did just notice that the popup for the non-superuser is not the same popup. The popup has more of a cpanel appearance and indicates

We are unable to connect to the server. Your work may be lost. Please review your work and perhaps copy information to you clipboard if you had any work in progress which yoiu do not wish to lose.

Sorry I wasn't able to reply earlier. I've been in the production facility and the WindowsRT version of Internet Explorer doesn't play nice with this forum.

[RixStix]

Edited the user profile by "Check All", log entries still made every minute that passes without a page update by a non-superuser admin.

Edited the user profile to "SuperUser", no log entries for each idle minute.

Edited the user profile back to "Daily User", log entries begin for each idle minute.

I'm beginning to think this is by design to keep track of non-SuperUser activity or lack of activity.

The downside is that non-superusers do not receive the nicely formatted reminder message to refresh the page so that work is saved.

[mc12345678]

Good test.

Fyi, I have posted to the forum related to KeepAlive about this issue pointing to this thread. Post is at: https://www.zen-cart.com/showthread....24#post1287724

[RixStix]

Thank you. Don't know why I didn't think to do that in the first place.

Maybe a moderator can copy/paste this to the support thread & remove this one.

[mc12345678]

Thank you. Don't know why I didn't think to do that in the first place.

Maybe a moderator can copy/paste this to the support thread & remove this one.

Well, I kinda' thought about it from the first post, but also thought that it would be a "quick" fix that could then be posted to the forum... Now with the testing that you've done? Doesn't quite seem that way...

Briefly looking through the code (and also having read through the few pages of the plugin's thread) this seems to be a server connection issue, but why it seems to only happen with a non-superuser? That's where more digging seems to be needed... At the moment I am unable to upload the files to a suitable test location so I can't even try to reproduce the issue. I even had to go back to review the identified output to see which condition(s) were being met to cause the problem.

Right now it looks like either the incorrect server response is being looked for when a non-superuser is logged in, or there is some sort of system slowdown that is causing the response to "timeout" which is what gives the error message every minute (time at which the code does some of its checking) and meeting other requirements to cause the message. Hopefully though it can be duplicated (well not exactly hopefully) and a solution found. Might I suggest doing code comparison of the site to a vanilla install (looking for files present on the site that are not in the install, differences between equivalent files, and files in the vanilla install that are not in the site, initially suggest focusing on the admin folder, but there may also be applicable directories on the store side that may be involved not including templates)/identifying the other plugins that are installed so that perhaps some conflict resolution can be found.

[RixStix]

Right now it looks like either the incorrect server response is being looked for when a non-superuser is logged in, or there is some sort of system slowdown that is causing the response to "timeout" which is what gives the error message every minute (time at which the code does some of its checking) and meeting other requirements to cause the message. Hopefully though it can be duplicated (well not exactly hopefully) and a solution found. Might I suggest doing code comparison of the site to a vanilla install (looking for files present on the site that are not in the install, differences between equivalent files, and files in the vanilla install that are not in the site, initially suggest focusing on the admin folder, but there may also be applicable directories on the store side that may be involved not including templates)/identifying the other plugins that are installed so that perhaps some conflict resolution can be found.

Looking at a larger set of admin activity data by viewing ALL instead of Default (both notice and warning):
SuperUser is logged but with a different severity code not displayed with the default activity HTML settings.

SuperUser: Severity=Info LogMessage: accessed page [keepalive]
Non superuser: Severity=Notice LogMessage: attempted access to unauthorized page [keepalive]

Check vanilla install on the 'to do' list after daily production work. Don't see this as critical, just observation of a difference.