Just upgraded one of my sites to 2.0.14 and get a test failed error on the custom theme (Gray Style).
The code <input type="hidden" name="hash_passwrd" value="" /> doesn't appear to be in the file. I read in another thread https://www.simplemachines.org/community/index.php?topic=553860.0 that this error can be ignored. Anyway gave it a try and if I use the login at the top of the theme //mywebsitedotcom/index.php?action=login2 it gives
An Error Has Occurred!
Your session timed out while posting. Please go back and try again.
If however I log in from the main menu = //mywebsitedotcom/index.php?action=login Then I can log in ok.
I uninstalled the patch and reistalled the patch this time not checking install on other themes, and same result as above.
Any ideas?
I would put that code from the patch before </form> tag if you have a login option on that theme.
Thanks vbgamer45, that was quick. 8) You mean exactly like this this?
echo '
<div class="user_bar">
<script type="text/javascript" src="', $settings['default_theme_url'], '/scripts/sha1.js"></script>
<form id="guest_form" action="', $scripturl, '?action=login2" method="post" accept-charset="', $context['character_set'], '" ', empty($context['disable_login_hashing']) ? ' onsubmit="hashLoginPassword(this, \'' . $context['session_id'] . '\');"' : '', '>
<span>'.$txt['username'].': </span><input type="text" name="user" size="10" class="input_text" />
<span>'.$txt['password'].': </span><input type="password" name="passwrd" size="10" class="input_password" />
<input type="submit" value="', $txt['login'], '" class="button_submit" />
<input type="hidden" name="hash_passwrd" value="" /><input type="hidden" name="', $context['session_var'], '" value="', $context['session_id'], '" />
</form>
</div>';
}
If I have it correct I'll give it a go on my site and report back.
From what I tested in my site this should be enough, I do modify my theme because of that error.
<input type="hidden" name="', $context['session_var'], '" value="', $context['session_id'], '" />
Quote from: vbgamer45 on May 15, 2017, 05:02:53 PM
I would put that code from the patch before </form> tag if you have a login option on that theme.
Thanks vbgamer45, I went ahead and tried it, works nicely now.
Cheers.
Quote from: Gluz on May 15, 2017, 05:16:18 PM
From what I tested in my site this should be enough, I do modify my theme because of that error.
Gluz, I was doing the edit that vbgamer45 suggested while you posted, and his fix appears to have done the trick. Thanks for the help though. ;)
Thanks to whoever marked this solved for me, I did come back to do this yesterday but was too late.
I did have a follow up question regarding this issue though. What happens if the theme is downloaded and installed after the 2.0.14 patch? Do all the themes need updating now? Just curious.
All themes need updating now.
Quote from: Arantor on May 16, 2017, 04:03:07 PM
All themes need updating now.
Thanks, thought that might be the case but wasn't sure.
My forum has been having this exact same problem since I updated to 2.0.14. This is probably the dumbest question of the day, but, in which file should I be placing the code? <input type="hidden" name="hash_passwrd" value="" />
I'm using a slightly customized version of the Black Day theme. Thanks for your help and patience.
in your themes index.template.php look BEFORE the </form> tag add
<input type="hidden" name="', $context['session_var'], '" value="', $context['session_id'], '" />
Thank you! :)
Quote from: vbgamer45 on May 20, 2017, 01:05:17 PM
in your themes index.template.php look after the </form> tag add
<input type="hidden" name="', $context['session_var'], '" value="', $context['session_id'], '" />
Jut curious. Does it matter if it's before or after the </form> tag? Just I added it before the tag as per your post above.
Needs to be inside the <form> so it if it is after the </form> it is outside of everything the form is...
Yeah my mistake on the wording there. should be that closing </form> tag
Quote from: Arantor on May 20, 2017, 01:20:24 PM
Needs to be inside the <form> so it if it is after the </form> it is outside of everything the form is...
Thanks Pete.
Quote from: vbgamer45 on May 20, 2017, 01:30:29 PM
Yeah my mistake on the wording there. should be that closing </form> tag
Thanks, yes it's working fine. I just noticed a few posts where its saying to add it after the closing form tag that's all. None of them complained which made me ask.
Either add it in after the starting <form> or before the closing </form> would work :)
Quote from: Arantor on May 20, 2017, 02:28:20 PM
Either add it in after the starting <form> or before the closing </form> would work :)
Thanks. Yes I've got it like that, but if you look here for example, https://www.simplemachines.org/community/index.php?topic=553950.msg3926390#msg3926390
That's taken directly from the patch where the actual code says 'after' because position="after" means 'put the thing I found after the code I want to add' because Package Manager is internally backwards.
This is why i usually wait a week for 2 before installing new updates. Customers are not going to try all the different login methods to get in .. they'll use one then give up. How long do you think that we'll need to wait until there is an update to fix this update? If you make the fix in 2.0.15 then I'll prob skip 2.0.14 if possible. IMO, it sounds like a big problem (people not being able to log in). I know i can edit some code to fix this but if all SMF users need to do this then that's really asking a lot.
this is not something we can fix in a patch. many custom themes do things differently so it requires some work on your end to make it work with with your custom theme.
Actually, this will not be "fixed" In Any future release, because the issue is that the login form changed to be more secure... and all themes that have a login box need to be updated.
So, this is not a bug... this is an issue with custom themes that may require all themes to be updated by the author or the admin/user of the theme
edit -- darned autocorrect (also, did not see Illori's response above when I posted)
Ok thanks for the clarification. I saw Arantor say 'all themes need updating now' and thought it meant non-custom themes too.
I have a similar issue...
On my case and from the theme I am using, the code that's supposed to be edited isn't under index.template but BoardIndex, is it the same thing? Should I edit it there then?
Thanks!
If it is a login form then yes
It looks the same, just in a different file. Thank you!
Thank you @vbgamer45 and @lurkalot this thread saved my life!!!
I too had the same problem, when I upgraded to 2.0.14. ;D
I remember testing everything up until 2.0.13, everything was going well. Then I saw the upgrade to "2.0.14" button. It was like moth to a flame tbh. After that I began experiencing login problems. Luckily members could login via /index.php?action=login.
Thanks people. Phew, man I felt the stress levels rise like no tommarh....
I have just upgraded to 2.0.14, and the fix posted to include the line of code does not seem to have worked for me. Can anyone provide any further assistance?
I am currently getting 'Your session timed out while posting. Please go back and try again.' This happens when attempting to login, not when posting.
Here is what I have in 'index.template.php':
<form action="', $scripturl, '?action=search2" method="post" accept-charset="', $context['character_set'], '" name="searchform2" id="searchform2">
<div id="search_term_input2">
<input placeholder="Search..." type="text" id="search" name="search"', !empty($context['search_params']['search']) ? ' value="' . $context['search_params']['search'] . '"' : '', ' maxlength="', $context['search_string_limit'], '" class="input_text" />
</div>
<input type="hidden" name="', $context['session_var'], '" value="', $context['session_id'], '" /></form>';
Does this seem to be the correct place?
I am also unable to log into the forum at all to access the admin panel (unsure if there is a way to access it otherwise).
Not that area. It would be in either the following files index.template.php boardindex.template.php or login.template.php Attach them if you need help.
It would be any form that has login password box.
I have attached the files if you could point me in the right direction - thanks again
boardindex and index.template.php are ok
Attach your SSI.php i see your theme uses some SSI functions..
Attached updated login.template.php file
Thanks so much for the prompt replies! I seem to have 2 SSI files, they are attached.
Quote from: paybacks1 on June 15, 2017, 07:30:50 PM
Thanks so much for the prompt replies! I seem to have 2 SSI files, they are attached.
I actually managed to sort the issue out in the SSI2 file. I now have one other issue where the body of any post is not loading past the initial banner with the thread title, so I will have to see about that!
Thanks again for the assistance.
I have a similar problem, I found that in my custom theme the <input type="hidden" name="hash_passwrd" value="" /> did not exist so I manually added it, the upgrade went ok. Now after several days I'm getting the
An Error Has Occurred!
Your session timed out while posting. Please go back and try again.
I know nothing about SSI files can someone help me here.
This also have another forum with bespoke themes where this happening. Users can still get in using
Myforum/index.php?action=login
I have added the suugested line of code within the form /form section as you can see from the sample below. Would any files other than index.template be affected?
Despite the upgrade having gone through successfully after I added the missing code in the form section that it was looking for, the upgrade DID NOT change and replace that code. I've now gone into both forums affected and can see that this is the case for both of them. I have replaced the original missing line
<input type="hidden" name="hash_passwrd" value="" />
with
<input type="hidden" name="', $context['session_var'], '" value="', $context['session_id'], '" />
I'll see if that cures the problem.
I've recently had an issue upgrading from 2.0.13 to 2.0.14 I think it is resolved BUT I have a few questions to help my understanding and clarification of how the SMF system works.
I have two sites let's call then A and B. Both sites use bespoke templates and the upgrade failed on both sites when it came to the following find and replace action :
Operation #2
Find: [Select]
<input type="hidden" name="hash_passwrd" value="" />
Replace With: [Select]
<input type="hidden" name="hash_passwrd" value="" /><input type="hidden" name="', $context['session_var'], '" value="', $context['session_id'], '" />
After double checking the current theme file location in Admin, I duly added the
<input type="hidden" name="hash_passwrd" value="" />
in the appropriate place in the login form area of the index.template.php file – I did this for both sites.
I ran the upgrade again and it went through no problem on both sites.
Then I started to get emails from users on both sites saying they couldn't login.
I checked the index.template.php file on sites A and B in the current theme directory and found that the line I had added had not been replaced, so I did the replacement manually and all seems to be well.
My question/concern is this: Why didn't the replacement happen? Should it have updated the index.template.php file in the core and babylon theme directories as well as I can see no changes to them.
Am I getting confused because some altered files are copied to the "Default" theme directory as the index.template.php has the correct updated code in it?
I'm just trying to sort out in my own mind how it works.
I seem to be having this same problem. When I try to login I get:
Session verification failed. Please try logging out and back in again, and then try again.
The thing is I am NOT using a custom theme. I am using the SMF default curve theme. It did just happen after upgrading the forum to 2.0.14.
If it matters I do use the PortaMx portal but I am trying to login via the standard SMF login. Any ideas?
That's a 2.0.14 bug, it's only affected a few forums. Only way I found to fix it is disable sression check in LogInOut.php -
// Are you guessing with a script?
// checkSession('post');
spamProtection('login');
Quote from: Sir Osis of Liver on November 06, 2017, 11:56:49 AM
That's a 2.0.14 bug, it's only affected a few forums. Only way I found to fix it is disable sression check in LogInOut.php -
// Are you guessing with a script?
// checkSession('post');
spamProtection('login');
Well disabling that allowed me to login to the forum but when I try to go to admin it still wants my password and I get the same error after I enter it. And now it won't let me logout. Even after re-enabling checkSession. Same error. So now I still can't get into admin and now I can't logout.
Revert to 2.0.13.
I can't get into admin to uninstall the 2.0.14 patch.
Look in /Packages/backups, download the zip from before 2.0.14 install, unzip, upload to forum root.
The zip before 2.0.14 was smf_patch_2.0.13.zip and the only files in it are:
package-info.xml
readme.txt
smf_2-0-13_patch.xml
Look inside the backups folder.
Oh. There are not any zip files in there but there are a lot tar.gz files. The most recent is 2017-11-05_before_smf_patch_2_4.tar.gz and the last thing I did was to install the 2.0.14 patch so I assume this file would contain the 2.0.13 files?
Yup, it contains a backup of the files (not attachments) for 2.0.13.
OK I am back to 2.0.13 now and I can get to admin and everything seems to be working fine. The downside is I had to change my php version back from 7.1 to 5.6. :(
You can try this (https://www.simplemachines.org/community/index.php?topic=556816.msg3946247#msg3946247), don't know if it works. Also go to Admin -> Security and Moderation and check 'Disable administration security' until you get this resolved.