Welcome to Geeklog, Anonymous Thursday, November 28 2024 @ 12:35 am EST
Geeklog Forums
User Accounts Acting Buggy
Status: offline
winnerdk
Forum User
Full Member
Registered: 04/24/05
Posts: 339
Location:Panama City, Republic of Panama
I recently moved my primary website behind a "pay wall" and now only logged on users with accounts will be able to access the full text of the news articles I publish.
As a result of this change, now, and for the first time, the User Accounts section of the website is really getting a workout.
I've been getting reports of sporadic problems, particularly with users who try to change the passwords on their accounts.
About three or four people have reported the same thing. The password change appears to "take" or be accepted and implemented, but then the next time they try to log on using their new password it does not work. Somehow, and for some reason, the password reverted back to the "old" password (the initial password for new accounts that's generated randomly.) They can log in successfully to their accounts using those credentials.
So, does anyone have a clue as to what's going on with this, or what's causing it, or how I can make it stop?
Thanks.
Don
www.panama-guide.com
As a result of this change, now, and for the first time, the User Accounts section of the website is really getting a workout.
I've been getting reports of sporadic problems, particularly with users who try to change the passwords on their accounts.
About three or four people have reported the same thing. The password change appears to "take" or be accepted and implemented, but then the next time they try to log on using their new password it does not work. Somehow, and for some reason, the password reverted back to the "old" password (the initial password for new accounts that's generated randomly.) They can log in successfully to their accounts using those credentials.
So, does anyone have a clue as to what's going on with this, or what's causing it, or how I can make it stop?
Thanks.
Don
www.panama-guide.com
36
11
Quote
Status: offline
suprsidr
Forum User
Full Member
Registered: 12/29/04
Posts: 555
Location:Champaign, Illinois
Is your theme up to date w/ the GL release your site is running on?
The easiest way to make sure your theme is capable is to copy directories contained in your release cycle's professional theme to your theme.
this means layout/professional/admin, article, breadcrumb, comment, lists, navbar, preferences, profiles, search, stats, submit, tooltips, trackbacks, user
Not likely the images directory.
This should make sure all your forms contain the CRF token
-s
FlashYourWeb and Your Gallery with the E2 XML Media Player for Gallery2 - http://www.flashyourweb.com
The easiest way to make sure your theme is capable is to copy directories contained in your release cycle's professional theme to your theme.
this means layout/professional/admin, article, breadcrumb, comment, lists, navbar, preferences, profiles, search, stats, submit, tooltips, trackbacks, user
Not likely the images directory.
This should make sure all your forms contain the CRF token
-s
FlashYourWeb and Your Gallery with the E2 XML Media Player for Gallery2 - http://www.flashyourweb.com
15
19
Quote
Status: offline
Laugh
Site Admin
Admin
Registered: 09/27/05
Posts: 1470
Location:Canada
It is a security measure.
http://wiki.geeklog.net/index.php/CSRF_Protection
One of the Geeklog Core Developers.
http://wiki.geeklog.net/index.php/CSRF_Protection
One of the Geeklog Core Developers.
12
13
Quote
Status: offline
winnerdk
Forum User
Full Member
Registered: 04/24/05
Posts: 339
Location:Panama City, Republic of Panama
I'm using the Professional theme that shipped with GL, so there should not be any problems there with the tokens.
Users are still reporting the same problem. Some of them cannot change their password. When they change the password it "takes" for a period of time, then some eight hours later the password reverts back to the original password sent via email when the account was originally created.
This problem (bug) is causing serious problems.
How can I find out what's causing this, and fix it?
Thanks.
Don
www.panama-guide.com
Users are still reporting the same problem. Some of them cannot change their password. When they change the password it "takes" for a period of time, then some eight hours later the password reverts back to the original password sent via email when the account was originally created.
This problem (bug) is causing serious problems.
How can I find out what's causing this, and fix it?
Thanks.
Don
www.panama-guide.com
12
14
Quote
Status: offline
Laugh
Site Admin
Admin
Registered: 09/27/05
Posts: 1470
Location:Canada
What version of Geeklog?
Is this happening with all users who change a password or just some of them?
For the users reporting the problem what is their "Remember Me For" set at?
Are these Oauth user accounts (Facebook, Twitter, or LinkedIn) or just regular user accounts?
One of the Geeklog Core Developers.
Is this happening with all users who change a password or just some of them?
For the users reporting the problem what is their "Remember Me For" set at?
Are these Oauth user accounts (Facebook, Twitter, or LinkedIn) or just regular user accounts?
One of the Geeklog Core Developers.
13
10
Quote
Status: offline
winnerdk
Forum User
Full Member
Registered: 04/24/05
Posts: 339
Location:Panama City, Republic of Panama
Quote by: Laugh
What version of Geeklog?
Is this happening with all users who change a password or just some of them?
For the users reporting the problem what is their "Remember Me For" set at?
Are these Oauth user accounts (Facebook, Twitter, or LinkedIn) or just regular user accounts?
I'm running GL version 1.7.1sr1
It's happening with just some users, as far as I can tell.
As far as their "Remember Me" setting - I don't know.
These are just regular accounts, not Oauth
Don
15
15
Quote
Status: offline
winnerdk
Forum User
Full Member
Registered: 04/24/05
Posts: 339
Location:Panama City, Republic of Panama
Yes. I just reproduced the error.
I created a "normal" or non-admin account, and signed in using those credentials.
Using Chrome as a browser, I tried to change the password and "remember me" time for that account. When I tried to save those changes, I was kicked out to the "index" of the website, and the changes were not saved.
Then I tried the exact same thing using the Internet Explorer as a browser. It worked fine, I got the "message 5" Your account information has been successfully saved.
Then I switched back to the Chrome browser and logged in to that same account using the new password that I had just set using the Internet Explorer browser, and it worked fine.
So, it seems like anyone using the Internet Explorer browser won't have a problem, and anyone on Chrome will. I have not yet tried any other browsers.
Any suggestions on how I can fix this for Chrome (and possibly other) browsers?
Don
I created a "normal" or non-admin account, and signed in using those credentials.
Using Chrome as a browser, I tried to change the password and "remember me" time for that account. When I tried to save those changes, I was kicked out to the "index" of the website, and the changes were not saved.
Then I tried the exact same thing using the Internet Explorer as a browser. It worked fine, I got the "message 5" Your account information has been successfully saved.
Then I switched back to the Chrome browser and logged in to that same account using the new password that I had just set using the Internet Explorer browser, and it worked fine.
So, it seems like anyone using the Internet Explorer browser won't have a problem, and anyone on Chrome will. I have not yet tried any other browsers.
Any suggestions on how I can fix this for Chrome (and possibly other) browsers?
Don
10
16
Quote
Status: offline
Laugh
Site Admin
Admin
Registered: 09/27/05
Posts: 1470
Location:Canada
Not off the top of my head. We have had problems with the Chrome Browser before:
http://project.geeklog.net/tracking/view.php?id=1314
I tried Chrome on Geeklog.net and was able to change my password fine. Can you?
One of the Geeklog Core Developers.
http://project.geeklog.net/tracking/view.php?id=1314
I tried Chrome on Geeklog.net and was able to change my password fine. Can you?
One of the Geeklog Core Developers.
16
10
Quote
All times are EST. The time is now 12:35 am.
- Normal Topic
- Sticky Topic
- Locked Topic
- New Post
- Sticky Topic W/ New Post
- Locked Topic W/ New Post
- View Anonymous Posts
- Able to post
- Filtered HTML Allowed
- Censored Content