Environment
- Joomla 3.6.4
- Akeeba Admin Tools Professional 4.0.2
- Eventbooking 2.11.2
After updating to Eventbooking 2.11.2 from previous version Akeeba Admin Tools requires a login in frontend. This seems to be the reason:
Akeeba Troubleshooter: Admin Tools administrator password protection issues
This is not a bug in Admin Tools, but a problem with one of the extensions (components, modules or plugins) you are using. More specifically, Joomla! extensions are not supposed to load anything from the administrator area of your site in the front-end. However, some badly written extensions try to access static media files (CSS, Javascript, images) from directories inside the administrator directory. Since all of the contents of your administrator directory are protected with a username/password, your browser will prompt you for one as soon as it is instructed to download a file from that protected directory or any of its subdirectories.
There are two workarounds:
- Disable the administrator password protection. This degrades your site's security but is the easiest and most immediate change.
- Consult the developer of the offending extension and explain to him that loading files from the administrator area of the component in the front-end of the site is insecure and he has to resolve this issue. Hopefully, developers will realize that this practice is unsafe and fix their software.
Since this behaviour did not appear before the update, I assume that Eventbooking is trying to access some data in administrator area.
Please help / advise / check coding and change in next update.
Thanks,
Jörg
