Not trying to hijack thread but I am also getting this message since day one with user=guest...
https://bmwr65.org/smf/index.php?action=login2
Unable to verify referring url. Please go back and try again.
Type of error: User
I had originally thought these might be generated by random bots trying to register on the forum but it has now happened to me! i am up in the mountains using my phone hot-spot and when I try to log in as admin I get this message.
I am not getting to the forum by any "referred" side just typing "https://www.bmwr65.org"
What do I do? I log in fine from home...
Quote from: justinbowser on October 19, 2020, 05:21:05 PM
I had originally thought these might be generated by random bots trying to register on the forum but it has now happened to me! i am up in the mountains using my phone hot-spot and when I try to log in as admin I get this message.
I am not getting to the forum by any "referred" side just typing "https://www.bmwr65.org"
What do I do? I log in fine from home...
Seems to me, hitting your site with this url, without the www https://bmwr65.org/smf/index.php will help. Your login url removes the www
If I visit your site using the url you gave above "https://www.bmwr65.org" clicking the login gives me the error you are seeing.
lurk - Thanks a bunch! I have a hard time wrapping my tiny brain around why this would kame any difference but I appreciate the help.
it makes a difference because -- technically they are two different addresses.
https://bmwr65.org is your site
https://www.bmwr65.org is TECHNICALLY a subdomain of your site. It just so happens that the www subdomain normally points to the same location as the url without the www.
to fix this, add a redirect to your htaccess which automatically forces people to the non-www version of the url.
Might be useful though:
https://www.simplemachines.org/community/index.php?topic=575127.msg4070848#msg4070848
Kindred - thank you for the explanation.
Dzonney - Thanks, I will try to incorporate that into my .htaccess when I get back to civilization. I'll need to look closely at my current .htaccess as it contains the redirect to the smf installation and tweaks to force https:.
Dzonney - Here is my current .htacess filw. It contains the redirect to the smf forum as well as forcing https: Do I just add your code to the end of it, or what?
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTP_HOST} ^bmwr65\.org$ [OR]
RewriteCond %{HTTP_HOST} ^www\.bmwr65\.org$
RewriteRule ^/?$ "https\:\/\/www\.bmwr65\.org\/smf\/index\.php" [R=301,L]
Thanks!
Replace what you have with this
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [R=301,L]
</IfModule>
Kindred - Thank you. I replaced my .htaccess with this and we'll see if the errors go away. I was at least able to log on at https://www.bmwr65.org!
Kindred - My hat's off to you, no further errors since this change! 8)
Thank you!
Kindred - I think we can put a fork in this issue with your patch! The .htaccess change still allowed at least one of these errors to occur before I applied your fix, since then no more of this error!!! ;D ;D ;D
Digging up an old thread, If I go into my Error log, It is all this login 2 error also.
I went to the server, file manager.
My Question is which htacess file. I have a few in different locations and some with "." in the beginning and others without.
Thanks a million
The correct one would be with the dot, so ".htaccess" file in the root of your forums directory. You can take a look at it, and see what it has, might be something added previously, or something that the mod required.
Quote from: Dzonny on January 23, 2021, 03:23:58 PM
The correct one would be with the dot, so ".htaccess" file in the root of your forums directory. You can take a look at it, and see what it has, might be something added previously, or something that the mod required.
# php -- BEGIN cPanel-generated handler, do not edit
# Set the "ea-php73" package as the default "PHP" programming language.
<IfModule mime_module>
AddHandler application/x-httpd-ea-php73 .php .php7 .phtml
</IfModule>
# php -- END cPanel-generated handler, do not edit
#Force HTTPS
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
#Insecure Content
RewriteOptions inherit
RewriteEngine on
Header set content-Security-Policy: upgrade-insecure-requests
That looks like a lot of extra
Noted.
Try to replace it with this:
# php -- BEGIN cPanel-generated handler, do not edit
# Set the "ea-php73" package as the default "PHP" programming language.
<IfModule mime_module>
AddHandler application/x-httpd-ea-php73 .php .php7 .phtml
</IfModule>
# php -- END cPanel-generated handler, do not edit
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [R=301,L]
</IfModule>
#Insecure Content
RewriteOptions inherit
RewriteEngine on
Header set content-Security-Policy: upgrade-insecure-requests
If something goes wrong just switch it back to your previous content.
Let us know if that helped though.
I did the updated file and I could login at the login2 address. From just overnight I have 40 pages of that error so i will see if there are more (Or at least a lot less) after the time I replaced the file.
I will let everyone know. later on today when I check the error log.