FreePBX Administration login


#1

Don’t know why I never noticed this before but after the last distro upgrade when I want to login to our system and type URL
http://mysystem/admin
I get a login screen with 3 choices. FreePBX admin, User panel and support.

I would prefer to go directly to admin login and don’t even want to offer the other choices. I think the user panel is a huge security risk and don’t want it by default on our public IP. I can not control the passcode users chose (e.g. 1234) and while this won’t compromise my system it will create major issues.

I am not good at php coding so a simple suggestion or switch in FreePBX would be appreciated.


#2

to clarify. I want to bypass the triple login screen and go directly to the FreePBX Administration login.


#3

I just need to know the login URL for FreePBX Admin.
The default http://x.x.x.x/admin/config.php
just points to the login for Admin, user panel and support. I want to go straight to admin login. Thanks.


#4

http://192.168.10.73/admin/config.php

My house, goes straight to FreePBX


#5

It used to do that for me too but not anymore since I upgraded to 3.211.63-7
Have you upgraded? I have 3 systems and it’s the same on all of them.
http://x.x.x.x/admin/
goes to
http://x.x.x.x/admin/config.php
and both go to the admin, user and support index page.


#6

No, this system at home was update about 30 days ago.

I will apply the latest updates and try.

Will also try the latest ISO in a VM.


#7

dcitelecom, did you by change enable FreePBX Framework? I have one system doing what you describe, and that’s the only module difference that I can see. I can’t disable it in the GUI, but might just rm the files.


#8

Yes. FreePBX Framework is installed in all my versions of FreePBX. It never caused this issue before and I don’t think it should be removed.


#9

No, Framework can’t be removed.


#10

Yet it is disabled by default in AsteriskNow 3.0.

In any case, it sounds like this isn’t related to the problem.


#11

I just installed FreePBX v2.11 rc1 from scratch and now getting this same problem. If I go directly to http://xx.xx.xx.xx/admin/config.php# I get that landing page with the 3 or 4 (if you install FOP framework) icons. Only way I can get to the login prompt is to click on the Admin icon on that landing page. I cannot go directly to the login prompt from a url.


#12

There are other problems with this new landing page scheme. No way to customize it as far as I can tell and after you install FOP framework to get the 4th icon to show up the link to FOP is wrong. It adds 2 /admin directories like so:
http://xx.xx.xx.xx/admin/admin/modules/fw_fop


(Tony Lewis - https://bit.ly/2SbDAyc) #13

The double admin looks like a bug as I dont think anyone tested it with original FOP since we dropped support for FOP officially in 2.10 as blogged about. Open a bug report on this.

As far as not being able to go straight to login prompt open a feature request.

The landing page was changed at the request of lots of users and some other Distros to have a nice landing page compared to the old nasty one with just 2 lines of text on it.


(Andrew Nagy) #14

‘disabling’ framework does nothing. rming framework also does nothing. Why? Because framework is just that, it’s a FRAMEWORK. It is all of the files surrounding the module folders. If you actually removed framework freepbx would be a bunch of 500 service errors.


#15

I spent more time on this yesterday. There is definitely at least 2 bugs. Inability to get to admin login prompt directly from url and the wrong url generated to fop. I’ve created bug reports for both as well as a feature request to make this customizable.

Please please do NOT release v2.11 until you fix the 2 bugs as it would create a lot of problems for me otherwise.

I’m ok with the idea of a new landing page under /admin and definitely prefer it to the old one. There should be some way to customize it though just like the old one.


#16

the problem with the new landing page is the public login to the “user control panel”. Most of our users don’t have strong voice mail pass codes (no matter how often we ask them to change the code) and in the past we thought it best not to publicly advertise the /recordings URL. I understand it’s not a security risk for the entire system but a hacker could easily guess a users pass code and listen to his voice mail, forward calls, enable do not disturb, etc… all nasty stuff. Currently it’s still possible but you have to know the URL whereas with 2.11 you simply go to the system login screen and there it is.


#17

I can see in the “changes file” the ability for index.php to be replaced if index_custom.php exists in webroot but what’s the point if I can’t point it to a direct Admin login URL?


#18

You have always been able to go directly to /recordings directory so nothing different there. I’m kind of surprised they haven’t moved it in behind /admin yet like everything else.


#19

I agree but in the past you had to know the /recordings URL to get there and we never posted the link publicly whereas now it’s on the main login page to FreePBX. It’s like calling card access numbers. Every customer can get them but we don’t put the list on the web for everyone to see.


#20

Good point however any hacker targeting FreePBX knows about that directory already.