Users can't login / password incorect

[pacho_bg2]

Hi I host a 2.0 SMF forum, no bridges, no themes, very little mods and most of the basic. Half of my users can't login because of incorect password error, I have talked to them several times and they are shure that they haven't forgot theys passowords. I have read all topics on the subject that the search engine found here, and where someone had posted a solution I have tried it. Nothing works, mods againtst bots, mods to hide user info, I have disabled the quick login and using only traditional. PLEASE SMF DEVELOPERS AND HEROES HELP US! This is effecting a lot of people since smf 1.1, so I have red in all the topics on the mather.

P.S. Sorry if I have errors in my writing, my english is a little rusty.

[pacho_bg2]

When I restart my server there are no errors for about a day or two, and I have noticed that I gen an error for incorrect password when I browse on my home PC and the next day I go to work and try to log in from there and I get incorrect password, no mater with what browser. So it may be something with loging in from diferent IP adress, I don't know. A lot of people are complaining, some times they can't login for days, please HELP.

[Angelina Belle]

What mods have you installed?
At what point did the problem begin?

[pacho_bg2]

1.   Ad Managment    3.0.1     
2.   Align text with Smiley    1.2     
3.   Birthday Posts    0.12.1 Beta     
4.   Custom Copyright    1.0.2     
5.   Enhanced PM Popup    1.0.1     
6.   Google Analytics Code    1.4     
7.   Hide User Names from Guests    1.1     
8.   Add Honey Pot to Track IP    1.1     
9.   Holiday/Sunday Color Red    1.0.1     
10.   Login Security    1.0.2.2     
11.   Menu_Icons    1.0     
12.   NChat    1.2     
13.   New In Topic View    1.1   
14.   PM to New Members    1.2     
15.   Remove XHTML, RSS & WAP2 Links in Footer    v1.1     
16.   Simple Icons & RSS    18-05-11     
17.   SMF 2.0.1 Update    1.0     
18.   VB Style Board Index    1.8     

Here is the list with mods, nothing special. The problem is from the beginig, I use Bulgarian language pack, and the data is transferred from Phorum 5.3 with converter. Recently I downgraded my PHP version to 5.2 (before was 5.3) and the problem is less frequent but still present. I use my own dedicated server.

[Angelina Belle]

You have some mods which are specifically intended to prevent logins, depending on certain conditions.
JUST FOR THE SAKE OF TESTING -- what happens if you turn these mods off, temporarily? Maybe just one at a time?

[French]

Take a closer look at settings Mod Login Security.

Login Security
Major features receive email on failed login attempt, account login protection by ip address, and locking of an account after too many failed attempts.
Features:
-Email alerts on failed login attempts plus using the failed login attempt ip address finds any members on the forum using that ip address and lets the account owner know who it could be.
-Account lock protection after a certain number of tries the account can be locked for certain amount of time.
-Account lock protection. You are able to bind an account to an ip address or multiple ip addressed preventing people from logging into the account if they are not in the user's allowed ip addresses. Set via the user's profile.

[MC73]

Uninstall #8 and #10 in your mod list .... Just from the looks of it, those two mods could be a possible problem. But like AngelinaBelle also said, uninstall them one at a time just to see if one of them may be causing the trouble.

[iui87tel]

At what point did the problem begin?

[pacho_bg2]

I installed these mods spesificly to prevent bot's from trying to log in. I'll uninstall them and see if there is any change. Like I said the problem is from the begining, I used a fresh RC5 installation then when 2.0 came out I did a full upgrade and installed all mods.

[Angelina Belle]

If you can narrow the problem down to one mod, or two a couple of mods together, that would help solve your problem.
If you still have the problem after uninstalling all the mods, that would also offer some hints as to the cause of the problem.

Please let us know what you find out.
Thanks!

[pacho_bg2]

After uninstalling Login Security mod the problem got worse, a lot worse, I uninstalled a couple of other mods and no change was noticed. Could it be the server's fault?

[Angelina Belle]

The login security mod is designed to "lock out" an account if there are too many login attempts on the account.
It can also be used to restrict a user to certain IP adresses.

Do your SMF error logs show a large number of failed login attempts?

[Kimmie]

this has been a problem within smf since the old 1.x versions. I talked about this on here a long time ago and was told that its a bug within smf, that person put in a big report, and I never heard anything else on it.

I have several members that it doesnt matter if they type in the right password, they still get the error. Some can get in after 2-3 attempts, others it locks them out, and then the next time they try it lets them in after 2-3 attempts.

I would REALLY Love to see this finally addressed and resolved. I get about 100 "incorrect password" errors a day in my log and 99% of them are because of this issue not because they typed in their password wrong. I have no mods installed that affect logins in any way, never have and I have had this issue pretty much since the day I started using SMF over 3 years ago.

[French]

Kimmie Personally i have never heard a single complaint about this
Is it an option to increase thresholds for failed login attempts ?

[IchBin™]

I've only seen this problem a handful of times. If it was an known SMF bug it would have been fixed. It usually comes down to server configuration. Can you post a phpinfo() page please?

What is phpinfo.php?

The only things that spring to mind for me, is that if the session save path is shared on a server there could be a possible conflict with session ID's from multiple sites sharing the same ID. Doubt this is the case, but I've heard of it happening before.

Maybe something else is causing the session table to not get updated properly. It may be a good idea to setup a test site without any mods installed and see if you have this same problem.

[Kimmie]

It was all over the place here 2 years ago because thats when I also posted about it. There were tons of folks talking about it. I myself spent over a month with someone on here about it until they finally said, its a bug, they had filed a bug report and gave me a link to the tracker page. I guess it got pushed down on the priority list. Way down, because for a while I used to check the tracker on it, and got tired of doing so because nothing was ever done about it. I just learned to live with it. If you have the time, you can look through all my old posts, you will find it eventually.


Unfortunately I do not have the time to do anything with a test site as I have a real life and work 14 hours a day 6 days a week. The person that helped me already looked at all the mods I use/used then, and ruled every one of them out.

I only have one site so I dont see how someone elses sites save path could be sharing mine. I also have no control over server configuration, have used more than 6 hosts in the past 2 years and its happened regardless, so it being a server config issue doesnt really make sense to me either. The odds of all 6 of them being configured in the exact same way.. are slim to none I would think.


I will try and do the php thing later tonight. Right now I am trying to enjoy my only day off. . That page doesnt say where to upload it so I assume its to be uploaded to my publichtml folder.

[IchBin™]

Yes put the file in your public html folder so we can hit the page and view the information. As for the session path being shared, a lot of hosts share the session path across hundreds of sites. So it's just a thought and maybe something to work with.

It could be a number of things. As you say you can't understand how it could be a server issue, I say how could it only be an SMF problem? If it was only an SMF problem, we should be seeing everyone posting about the same problem. At this point, we are just taking shots though so that hopefully we can hit something and figure it out.

[Kimmie]

Sorry I havent responded until now. I have been busy at work as well as moving my site to a new host.


I created that file, uploaded it.. but my browser cant access it.


Its there now and I will leave it for a few hours so you can have time to see for yourself.

patriotgames2.info/phpinfo.php


(I think there might be an issue with permissions or somthing because I uploaded repair_settings.php earlier and it wont let me access that either. I have since removed it)

[Angelina Belle]

Warning: phpinfo() has been disabled for security reasons in /home/patriotg/public_html/phpinfo.php on line 1

This is not a file permission issue.
This feature has been disabled, either in your php.ini file, or else your host has disabled phpinfo as a security measure.

What error message did you get when you attempted repair_settings.php?

[Kimmie]

The same one I got when trying to access the php fille "Could not locate remote server"

It may have been a propogation issue. I moved to a new host and has to use a backup from the 3rd of october and my site was still showing posts from today when it should have reverted. It is now finally reverting.

the phpinfo file is still uploaded if you wanna try it.


EDIT:: Nevermind dont bother. Apparently its been disabled

Warning: phpinfo() has been disabled for security reasons in /home/*****/public_html/phpinfo.php on line 1