Patching to 2.0.14 test failed on custom theme.

Started by lurkalot, May 15, 2017, 05:01:44 PM

Previous topic - Next topic

lurkalot

Just upgraded one of my sites to 2.0.14 and get a test failed error on the custom theme (Gray Style). 

The code <input type="hidden" name="hash_passwrd" value="" /> doesn't appear to be in the file. I read in another thread https://www.simplemachines.org/community/index.php?topic=553860.0 that this error can be ignored. Anyway gave it a try and if I use the login at the top of the theme //mywebsitedotcom/index.php?action=login2 it gives 

An Error Has Occurred!
Your session timed out while posting. Please go back and try again.

If however I log in from the main menu = //mywebsitedotcom/index.php?action=login  Then I can log in ok.

I uninstalled the patch and reistalled the patch this time not checking install on other themes, and same result as above.
 
Any ideas?

vbgamer45

I would put that code from the patch before </form> tag if you have a login option on that theme.
Community Suite for SMF - Take your forum to the next level built for SMF, Gallery,Store,Classifieds,Downloads,more!

SMFHacks.com -  Paid Modifications for SMF

Mods:
EzPortal - Portal System for SMF
SMF Gallery Pro
SMF Store SMF Classifieds Ad Seller Pro

lurkalot

Thanks vbgamer45, that was quick.  8) You mean exactly like this this?


       echo '
         <div class="user_bar">
<script type="text/javascript" src="', $settings['default_theme_url'], '/scripts/sha1.js"></script>
<form id="guest_form" action="', $scripturl, '?action=login2" method="post" accept-charset="', $context['character_set'], '" ', empty($context['disable_login_hashing']) ? ' onsubmit="hashLoginPassword(this, \'' . $context['session_id'] . '\');"' : '', '>
<span>'.$txt['username'].': </span><input type="text" name="user" size="10" class="input_text" />
<span>'.$txt['password'].': </span><input type="password" name="passwrd" size="10" class="input_password" />
<input type="submit" value="', $txt['login'], '" class="button_submit" />
<input type="hidden" name="hash_passwrd" value="" /><input type="hidden" name="', $context['session_var'], '" value="', $context['session_id'], '" />
</form>
      </div>';
      }


If I have it correct I'll give it a go on my site and report back.

Gluz

From what I tested in my site this should be enough, I do modify my theme because of that error.

<input type="hidden" name="', $context['session_var'], '" value="', $context['session_id'], '" />

lurkalot

Quote from: vbgamer45 on May 15, 2017, 05:02:53 PM
I would put that code from the patch before </form> tag if you have a login option on that theme.

Thanks vbgamer45, I went ahead and tried it, works nicely now.

Cheers.

lurkalot

Quote from: Gluz on May 15, 2017, 05:16:18 PM
From what I tested in my site this should be enough, I do modify my theme because of that error.

Gluz,  I was doing the edit that vbgamer45 suggested while you posted, and his fix appears to have done the trick. Thanks for the help though.  ;)

lurkalot

Thanks to whoever marked this solved for me, I did come back to do this yesterday but was too late. 

I did have a follow up question regarding this issue though.  What happens if the theme is downloaded and installed after the 2.0.14 patch?  Do all the themes need updating now?  Just curious.

Arantor


lurkalot

Quote from: Arantor on May 16, 2017, 04:03:07 PM
All themes need updating now.

Thanks, thought that might be the case but wasn't sure.

PPI Karl

My forum has been having this exact same problem since I updated to 2.0.14.  This is probably the dumbest question of the day, but, in which file should I be placing the code? <input type="hidden" name="hash_passwrd" value="" /> 

I'm using a slightly customized version of the Black Day theme.  Thanks for your help and patience.

vbgamer45

#10
in your themes index.template.php look BEFORE the </form> tag add

<input type="hidden" name="', $context['session_var'], '" value="', $context['session_id'], '" />
Community Suite for SMF - Take your forum to the next level built for SMF, Gallery,Store,Classifieds,Downloads,more!

SMFHacks.com -  Paid Modifications for SMF

Mods:
EzPortal - Portal System for SMF
SMF Gallery Pro
SMF Store SMF Classifieds Ad Seller Pro


lurkalot

Quote from: vbgamer45 on May 20, 2017, 01:05:17 PM
in your themes index.template.php look after the </form> tag add

<input type="hidden" name="', $context['session_var'], '" value="', $context['session_id'], '" />


Jut curious. Does it matter if it's before or after the </form> tag?  Just I added it before the tag as per your post above.

Arantor

Needs to be inside the <form> so it if it is after the </form> it is outside of everything the form is...

vbgamer45

Yeah my mistake on the wording there. should be that closing </form> tag
Community Suite for SMF - Take your forum to the next level built for SMF, Gallery,Store,Classifieds,Downloads,more!

SMFHacks.com -  Paid Modifications for SMF

Mods:
EzPortal - Portal System for SMF
SMF Gallery Pro
SMF Store SMF Classifieds Ad Seller Pro

lurkalot

Quote from: Arantor on May 20, 2017, 01:20:24 PM
Needs to be inside the <form> so it if it is after the </form> it is outside of everything the form is...

Thanks Pete.

Quote from: vbgamer45 on May 20, 2017, 01:30:29 PM
Yeah my mistake on the wording there. should be that closing </form> tag

Thanks, yes it's working fine.  I just noticed a few posts where its saying to add it after the closing form tag that's all.  None of them complained which made me ask.

Arantor

Either add it in after the starting <form> or before the closing </form> would work :)

lurkalot

Quote from: Arantor on May 20, 2017, 02:28:20 PM
Either add it in after the starting <form> or before the closing </form> would work :)

Thanks.  Yes I've got it like that, but if you look here for example, https://www.simplemachines.org/community/index.php?topic=553950.msg3926390#msg3926390

Arantor

That's taken directly from the patch where the actual code says 'after' because position="after" means 'put the thing I found after the code I want to add' because Package Manager is internally backwards.

ForumGuy789

#19
This is why i usually wait a week for 2 before installing new updates. Customers are not going to try all the different login methods to get in .. they'll use one then give up. How long do you think that we'll need to wait until there is an update to fix this update? If you make the fix in 2.0.15 then I'll prob skip 2.0.14 if possible. IMO, it sounds like a big problem (people not being able to log in). I know i can edit some code to fix this but if all SMF users need to do this then that's really asking a lot.

Illori

this is not something we can fix in a patch. many custom themes do things differently so it requires some work on your end to make it work with with your custom theme.

Kindred

#21
Actually, this will not be "fixed" In Any future release, because the issue is that the login form changed to be more secure... and all themes that have a login box need to be updated.

So, this is not a bug...  this is an issue with custom themes that may require all themes to be updated by the author or the admin/user of the theme


edit -- darned autocorrect (also, did not see Illori's response above when I posted)
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

ForumGuy789

Ok thanks for the clarification. I saw Arantor say 'all themes need updating now' and thought it meant non-custom themes too.

Veee

I have a similar issue...

On my case and from the theme I am using, the code that's supposed to be edited isn't under index.template but BoardIndex, is it the same thing? Should I edit it there then?

Thanks!

vbgamer45

Community Suite for SMF - Take your forum to the next level built for SMF, Gallery,Store,Classifieds,Downloads,more!

SMFHacks.com -  Paid Modifications for SMF

Mods:
EzPortal - Portal System for SMF
SMF Gallery Pro
SMF Store SMF Classifieds Ad Seller Pro

Veee

It looks the same, just in a different file. Thank you!

Wellwisher

Thank you @vbgamer45 and @lurkalot this thread saved my life!!!

I too had the same problem, when I upgraded to 2.0.14.  ;D

I remember testing everything up until 2.0.13, everything was going well. Then I saw the upgrade to "2.0.14" button. It was like moth to a flame tbh. After that I began experiencing login problems. Luckily members could login via /index.php?action=login.

Thanks people. Phew, man I felt the stress levels rise like no tommarh....


paybacks1

#27
I have just upgraded to 2.0.14, and the fix posted to include the line of code does not seem to have worked for me. Can anyone provide any further assistance?

I am currently getting 'Your session timed out while posting. Please go back and try again.' This happens when attempting to login, not when posting.

Here is what I have in 'index.template.php':

<form action="', $scripturl, '?action=search2" method="post" accept-charset="', $context['character_set'], '" name="searchform2" id="searchform2">
        <div id="search_term_input2">

        <input placeholder="Search..." type="text" id="search" name="search"', !empty($context['search_params']['search']) ? ' value="' . $context['search_params']['search'] . '"' : '', ' maxlength="', $context['search_string_limit'], '" class="input_text" />
        </div>
        <input type="hidden" name="', $context['session_var'], '" value="', $context['session_id'], '" /></form>';


Does this seem to be the correct place?

I am also unable to log into the forum at all to access the admin panel (unsure if there is a way to access it otherwise).

vbgamer45

Not that area. It would be in either the following files index.template.php boardindex.template.php or login.template.php Attach them if you need help.
It would be any form that has login password box.
Community Suite for SMF - Take your forum to the next level built for SMF, Gallery,Store,Classifieds,Downloads,more!

SMFHacks.com -  Paid Modifications for SMF

Mods:
EzPortal - Portal System for SMF
SMF Gallery Pro
SMF Store SMF Classifieds Ad Seller Pro

paybacks1

I have attached the files if you could point me in the right direction - thanks again

vbgamer45

boardindex and index.template.php are ok

Attach your SSI.php i see your theme uses some SSI functions..


Attached updated login.template.php file
Community Suite for SMF - Take your forum to the next level built for SMF, Gallery,Store,Classifieds,Downloads,more!

SMFHacks.com -  Paid Modifications for SMF

Mods:
EzPortal - Portal System for SMF
SMF Gallery Pro
SMF Store SMF Classifieds Ad Seller Pro

paybacks1

Thanks so much for the prompt replies! I seem to have 2 SSI files, they are attached.

paybacks1

Quote from: paybacks1 on June 15, 2017, 07:30:50 PM
Thanks so much for the prompt replies! I seem to have 2 SSI files, they are attached.

I actually managed to sort the issue out in the SSI2 file. I now have one other issue where the body of any post is not loading past the initial banner with the thread title, so I will have to see about that!

Thanks again for the assistance.

nax

I have a similar problem, I found that in my custom theme the <input type="hidden" name="hash_passwrd" value="" /> did not exist so I manually added it, the upgrade went ok.  Now after several days I'm getting the

An Error Has Occurred!
Your session timed out while posting. Please go back and try again.

I know nothing about SSI files can someone help me here.

nax

This also have another forum with bespoke themes where this happening. Users can still get in using

Myforum/index.php?action=login

I have added the suugested line of code within the form /form section as you can see from the sample below.  Would any files other than index.template be affected?

nax

Despite the upgrade having gone through successfully after I added the missing code in the form section that it  was looking for, the upgrade DID NOT change and replace that code.  I've now gone into both forums affected and can see that this is the case for both of them.  I have replaced the original missing line

<input type="hidden" name="hash_passwrd" value="" />

with

<input type="hidden" name="', $context['session_var'], '" value="', $context['session_id'], '" />

I'll see if that cures the problem.

nax

I've recently had an issue upgrading from 2.0.13 to 2.0.14 I think it is resolved BUT I have a few questions to help my understanding and clarification of how the SMF system works.

I have two sites let's call then A and B. Both sites use bespoke templates and the upgrade failed on both sites when it came to the following find and replace action :

Operation #2
Find: [Select]
<input type="hidden" name="hash_passwrd" value="" />
Replace With: [Select]
<input type="hidden" name="hash_passwrd" value="" /><input type="hidden" name="', $context['session_var'], '" value="', $context['session_id'], '" />

After double checking the current theme file location in Admin, I duly added the
<input type="hidden" name="hash_passwrd" value="" />
in the appropriate place in the login form area of the index.template.php file – I did this for both sites.

I ran the upgrade again and it went through no problem on both sites.
 
Then I started to get emails from users on both sites saying they couldn't login.

I checked the index.template.php file on sites A and B in the current theme directory and found that the line I had added had not been replaced, so I did the replacement manually and all seems to be well.

My question/concern is this: Why didn't the replacement happen? Should it have updated the index.template.php file in the core and babylon theme directories as well as I can see no changes to them.

Am I getting confused because some altered files are copied to the "Default" theme directory as the index.template.php has the correct updated code in it?

I'm just trying to sort out in my own mind how it works.

b4pjoe

I seem to be having this same problem. When I try to login I get:

Session verification failed. Please try logging out and back in again, and then try again.

The thing is I am NOT using a custom theme. I am using the SMF default curve theme. It did just happen after upgrading the forum to 2.0.14.

If it matters I do use the PortaMx portal but I am trying to login via the standard SMF login. Any ideas?

Sir Osis of Liver

That's a 2.0.14 bug, it's only affected a few forums.  Only way I found to fix it is disable sression check in LogInOut.php -



// Are you guessing with a script?
// checkSession('post');
spamProtection('login');



"The best laid schemes o' mice an' men / Gang aft a-gley." - Robert Burns

b4pjoe

Quote from: Sir Osis of Liver on November 06, 2017, 11:56:49 AM
That's a 2.0.14 bug, it's only affected a few forums.  Only way I found to fix it is disable sression check in LogInOut.php -



// Are you guessing with a script?
// checkSession('post');
spamProtection('login');



Well disabling that allowed me to login to the forum but when I try to go to admin it still wants my password and I get the same error after I enter it. And now it won't let me logout. Even after re-enabling checkSession. Same error. So now I still can't get into admin and now I can't logout.

Sir Osis of Liver

"The best laid schemes o' mice an' men / Gang aft a-gley." - Robert Burns

b4pjoe

I can't get into admin to uninstall the 2.0.14 patch.

Sir Osis of Liver

Look in /Packages/backups, download the zip from before 2.0.14 install, unzip, upload to forum root.
"The best laid schemes o' mice an' men / Gang aft a-gley." - Robert Burns

b4pjoe

The zip before 2.0.14 was smf_patch_2.0.13.zip and the only files in it are:

package-info.xml
readme.txt
smf_2-0-13_patch.xml

Arantor


b4pjoe

Oh. There are not any zip files in there but there are a lot tar.gz files. The most recent is 2017-11-05_before_smf_patch_2_4.tar.gz and the last thing I did was to install the 2.0.14 patch so I assume this file would contain the 2.0.13 files?

Arantor

Yup, it contains a backup of the files (not attachments) for 2.0.13.

b4pjoe

OK I am back to 2.0.13 now and I can get to admin and everything seems to be working fine. The downside is I had to change my php version back from 7.1 to 5.6. :(

Sir Osis of Liver

You can try this, don't know if it works.  Also go to Admin -> Security and Moderation and check 'Disable administration security' until you get this resolved.
"The best laid schemes o' mice an' men / Gang aft a-gley." - Robert Burns

Advertisement: