Welcome to Geeklog Tuesday, July 23 2019 @ 06:49 pm EDT

Geeklog Forums

User Accounts Acting Buggy


Status: offline

winnerdk

Forum User
Full Member
Registered: 24/04/05
Posts: 339
Location:Panama City, Republic of Panama
I recently moved my primary website behind a "pay wall" and now only logged on users with accounts will be able to access the full text of the news articles I publish.

As a result of this change, now, and for the first time, the User Accounts section of the website is really getting a workout.

I've been getting reports of sporadic problems, particularly with users who try to change the passwords on their accounts.

About three or four people have reported the same thing. The password change appears to "take" or be accepted and implemented, but then the next time they try to log on using their new password it does not work. Somehow, and for some reason, the password reverted back to the "old" password (the initial password for new accounts that's generated randomly.) They can log in successfully to their accounts using those credentials.

So, does anyone have a clue as to what's going on with this, or what's causing it, or how I can make it stop?

Thanks.

Don
www.panama-guide.com

Status: offline

suprsidr

Forum User
Full Member
Registered: 29/12/04
Posts: 555
Location:Champaign, Illinois
Is your theme up to date w/ the GL release your site is running on?
The easiest way to make sure your theme is capable is to copy directories contained in your release cycle's professional theme to your theme.
this means layout/professional/admin, article, breadcrumb, comment, lists, navbar, preferences, profiles, search, stats, submit, tooltips, trackbacks, user

Not likely the images directory.

This should make sure all your forms contain the CRF token

-s
FlashYourWeb and Your Gallery with the E2 XML Media Player for Gallery2 - http://www.flashyourweb.com

Status: offline

winnerdk

Forum User
Full Member
Registered: 24/04/05
Posts: 339
Location:Panama City, Republic of Panama
What's a CRF token?

Status: offline

Laugh

Site Admin
Admin
Registered: 27/09/05
Posts: 1356
It is a security measure.

http://wiki.geeklog.net/index.php/CSRF_Protection
One of the Geeklog Core Developers.

Status: offline

winnerdk

Forum User
Full Member
Registered: 24/04/05
Posts: 339
Location:Panama City, Republic of Panama
I'm using the Professional theme that shipped with GL, so there should not be any problems there with the tokens.

Users are still reporting the same problem. Some of them cannot change their password. When they change the password it "takes" for a period of time, then some eight hours later the password reverts back to the original password sent via email when the account was originally created.

This problem (bug) is causing serious problems.

How can I find out what's causing this, and fix it?

Thanks.

Don
www.panama-guide.com

Status: offline

Laugh

Site Admin
Admin
Registered: 27/09/05
Posts: 1356
What version of Geeklog?

Is this happening with all users who change a password or just some of them?

For the users reporting the problem what is their "Remember Me For" set at?

Are these Oauth user accounts (Facebook, Twitter, or LinkedIn) or just regular user accounts?



One of the Geeklog Core Developers.

Status: offline

winnerdk

Forum User
Full Member
Registered: 24/04/05
Posts: 339
Location:Panama City, Republic of Panama
Quote by: Laugh

What version of Geeklog?

Is this happening with all users who change a password or just some of them?

For the users reporting the problem what is their "Remember Me For" set at?

Are these Oauth user accounts (Facebook, Twitter, or LinkedIn) or just regular user accounts?





I'm running GL version 1.7.1sr1

It's happening with just some users, as far as I can tell.

As far as their "Remember Me" setting - I don't know.

These are just regular accounts, not Oauth

Don

Status: offline

Laugh

Site Admin
Admin
Registered: 27/09/05
Posts: 1356
Can you reproduce the error? Maybe try it with one of the accounts that report the problem?

Is the problem with only users who use a certian browser?


One of the Geeklog Core Developers.

Status: offline

winnerdk

Forum User
Full Member
Registered: 24/04/05
Posts: 339
Location:Panama City, Republic of Panama
Yes. I just reproduced the error.

I created a "normal" or non-admin account, and signed in using those credentials.

Using Chrome as a browser, I tried to change the password and "remember me" time for that account. When I tried to save those changes, I was kicked out to the "index" of the website, and the changes were not saved.

Then I tried the exact same thing using the Internet Explorer as a browser. It worked fine, I got the "message 5" Your account information has been successfully saved.

Then I switched back to the Chrome browser and logged in to that same account using the new password that I had just set using the Internet Explorer browser, and it worked fine.

So, it seems like anyone using the Internet Explorer browser won't have a problem, and anyone on Chrome will. I have not yet tried any other browsers.

Any suggestions on how I can fix this for Chrome (and possibly other) browsers?

Don

Status: offline

Laugh

Site Admin
Admin
Registered: 27/09/05
Posts: 1356
Not off the top of my head. We have had problems with the Chrome Browser before:

http://project.geeklog.net/tracking/view.php?id=1314

I tried Chrome on Geeklog.net and was able to change my password fine. Can you?

One of the Geeklog Core Developers.

All times are EDT. The time is now 06:49 pm.

  • Normal Topic
  • Sticky Topic
  • Locked Topic
  • New Post
  • Sticky Topic W/ New Post
  • Locked Topic W/ New Post
  •  View Anonymous Posts
  •  Able to post
  •  Filtered HTML Allowed
  •  Censored Content