Login Form Hidden on Joomla’s Administrator Login Page

Nearly every day, we have one or two clients calling us and telling us that they can’t login to the backend of their Joomla website. Usually, their problem is one of the following:

  • They are seeing a completely blank page when they try to login to their Joomla website. In other words, they see the login form when they go to http://clientjoomlawebsite.com/administrator but when they enter their credentials (and press on the “Log in” button) they see a blank page. Usually, the cause of this problem is a PHP error in one of the non-core system plugins.
  • They are seeing a completely blank page instead of the login screen. The root cause of this problem is an error in one (or more) of the core Joomla files that loads the login screen. This is not very common, but it does happen, especially after a PHP and/or a MySQL upgrade for websites that are powered by a modified Joomla core.

  • They are seeing an “invalid token” error when they enter their credentials. There are many, many causes to this problem, ranging from issues with cookies to badly written and/or conflicting extensions.

  • They are getting a “username and password do not match” error, although they are absolutely sure that they are correct. Again, the causes of this problem are many, ranging from a hacked website (e.g. the Joomla database is hacked and the password of the super admin is altered by the hacker) to a PHP upgrade (by the hosting company) that creates session issues making administrators of some old Joomla websites unable to login.

  • They are able to login, but they are not able to see the menu. The cause of this problem (in most cases) is wrong permissions, and it usually happens when the Joomla administrator alters default Joomla’s permissions that have to with viewing access. Fixing the problem can be done by resetting Joomla’s default permissions.

As you can see, we have seen all the Joomla login issues and we have fixed them all – or so we thought!

This time it was different. The Administrator login page was displaying (so it wasn’t blank), but the form was not. Only the sentence:
“Use a valid username and password to gain access to the Administrator Back-end.” along with the standard Joomla “lock” image showed up. Take a look at the below picture to see what we mean:

Joomla admin login without the form

Figure 1: Joomla’s admin login page without the form – in other words the username, the password, and the language fields as well as the submit button do not show up on the login form.

What could be the cause of the above problem, we wondered?

Our first attempt was to check the index.php file located under the administrator folder to see if it was tampered with. It was OK – we then checked the admin.login.php under the administrator/components/com_login and it was also OK. We then started debugging the admin.login.php file, and we noticed that the line: $module = & JModuleHelper::getModule('mod_login'); is being executed properly, but it’s returning an empty string – which means that the module might’ve been disabled. We then printed, using the below code the module information to see if it was disabled or not (we didn’t have phpMyAdmin access to the database):

	jimport( 'joomla.database.database' );
	$db = JFactory::getDBO();
	$query = "SELECT * FROM #__modules WHERE module='mod_login'";
	$db->setQuery($query);
	$arrResult = $db->loadObjectList();
	$objResult = $arrResult[0];
	print_r($objResult);

and we had the following returned:

stdClass Object
(
	[id] => 2
	[title] => Login
	[content] => 
	[ordering] => 1
	[position] => login
	[checked_out] => 0
	[checked_out_time] => 0000-00-00 00:00:00
	[published] => 1
	[module] => mod_login
	[numnews] => 0
	[access] => 0
	[showtitle] => 1
	[params] => 
	[iscore] => 1
	[client_id] => 1
	[control] => 
)

The returned result demonstrates that the mod_login module has not been disabled (since published is set to 1). We then thought, let’s see if the login module actually exists under the administrator/modules folder, and to our surprise, not only the mod_login folder did not exit, the whole modules directory did not exist. Further investigation concluded that the previous designer working on our client’s Joomla website has deleted the whole administrator/modules directory (possibly to block our client from making edits to the website), so we re-uploaded a clean copy of the modules directory (to the right location), and the problem was fixed (although we have later discovered that the designer has also changed our client’s password, so we reset it).

Now, if you’re having the same problem as above (or any other Joomla login problem, for that matter) and you’re not able to solve it yourself, then fear not, we will help! Just contact us and we’ll fix it for you in no time (usually this only takes a few hours). By the way, you needn’t worry about our fees, they are very competitive!

8 Responses to “Login Form Hidden on Joomla’s Administrator Login Page”
  1. Pingback by Blank Page on Joomla’s Administrator Instead of the Login Form | itoctopus — August 20, 2012 @ 7:28 pm

    […] problem will be very easy to fix because we’ve seen it many times before – we have even discussed this problem and all its variations – but the thing is, the variations of a Joomla problem can be endless, […]

  2. Pingback by 10 Reasons Why You’re Not Able to Login to Your Joomla Website | itoctopus — March 12, 2013 @ 8:36 pm

    […] When this happens, not only the person won’t be able to login to Joomla – he just won’t be able to see the login form. We have discussed this issue in detail here. […]

  3. Comment by Pheabz — July 7, 2014 @ 10:37 am

    Hello,

    i recently transferred my Joomla 2.5 website from my localhost to a webhost (online).

    The Frontend loads properly but when i try to access the http://www.sitename.com/administrator page, it shows nothing! just a blank page staring back at me.

    Ive tried re-uploading the entire administrator folder but it still gives the same error.

    Ive also enabled error reporting in the index.php file of the administrator page. The blank page is still what i get.

    I’m getting really frustrated and I need help with this.

    Thanks in advance for your assistance

  4. Comment by Fadi — July 7, 2014 @ 10:59 am

    Hi Pheabz,

    Check the paths to the tmp and the logs folders in the configuration.php file. You will need to change them.

  5. Comment by Ricardo — May 13, 2015 @ 4:12 pm

    Hi, I solved this problem with your instructions! In my case the fields for entering the username and password were not there. Here’s how I fixed it: I browsed the content of the site to the folder administrator and then the folder mod_login and it was empty, then I copied the content of the original folder mod_login from another Joomla site and pasted it into the empty folder. At the beginning I could not do it as I was having a “permission denied” error, then I checked the permissions of the folder, and they were 000 so I changed them to 755 and it showed me the content. I tried again to login and it was fixed!

  6. Comment by Fadi — June 12, 2015 @ 10:32 am

    Hi Ricardo,

    Excellent news! We have many clients calling us for Joomla login issues nowadays, and quite a few of them have this exact problem!

  7. Comment by Antini Frost — February 12, 2016 @ 5:17 pm

    Thanks a lot. The above information helped us access our site which was damaged after a hacking attack: admin.login.php in folder administrator/components/com_login was almost empty. By the way, is it a good idea to place back the damaged file for time when no access to admin panel is required in order to prevent attacks. What do you think about?

  8. Comment by Fadi — February 15, 2016 @ 11:53 pm

    Hi Antini,

    Leaving a hacked file on your website is never a good idea. If you want to prevent access to your administrator account, then you can do this by creating an empty .htaccess file under the administrator folder and then adding the following line to it:

    deny from all

    Note that doing the above might cause problems if you have extensions that request CSS/JavaScript/Image files from the administrator folder – so proceed with caution.

Leave a comment