News:

Bored?  Looking to kill some time?  Want to chat with other SMF users?  Join us in IRC chat or Discord

Main Menu

SMF 2.0.15 - Unable to verify referring url at login

Started by RobN, January 02, 2018, 04:52:56 PM

Previous topic - Next topic

RobN

The site is hosted by GoDaddy and I just moved the Forum to their newer cPanel hosted server today. Running 2.0.15 Code patch and default theme is Curve with no mods.

Here is the behavior and I can replicate it. The first time you attempt to login, you get the error message Unable to verify referring url at login and it wants you to click on a link to go back and try again. If you click on the link to go back and try again, you get the same error message (basically stuck in a loop).

However, if instead of going back, if you type your user id and password in the little box in the upper left corner of the go back screen, it logs you in to the forum just fine. The thing is once you have logged in that way once, if you logout or just close the browser down and go back later, then it will let you login from the main login dialog just fine, you no longer get that error message. So once you do get logged in one time from the little dialog, then any subsequent logins from the main dialog using the same browser/PC gets you in ok.

I tried this on 2 different PC's using 3 different browsers, and got the exact same behavior. First time attempting to login from any browser you get the Unable to Verify referring url and the link wanting to go back and try again. Instead of going back, just type your id and password in the upper left dialog and it logs you in just fine, then on subsequent logins using that browser, the main login dialog works. Try a different browser on the same PC, and get the same error until you log in once from the little dialog.

I also added an SSL Certificate on new server, and went in to Admin and changed all of the http:// references to https:// in settings and themes and database locations that I could find. Once logged in everything seems to be working fine.

Is there something different about the little login dialog in the upper left (code that it calls) vs the main dialog login? or possibly something cached on the local PC from the old server (domain name and path has stayed the same)

Thank you for any ideas. I did search the forum first and found 2 issues related to this topic, one with a timeout and another that seemed a little different from what I am experiencing here.

RobN

One other note, the server domain name was changed from the old server to the new server this morning, about 6 hours ago, then the SSL certificate was added this afternoon about 3 hours ago.

Is this behavior possibly being caused by DNS propagation? I am having no issues reaching the site from my location by its domain address from either PC, so it is not like I am going to the Forum by IP Address. I guess if it goes away tomorrow I will know if that is/was the culprit. Just thought I would add this bit of information

Sir Osis of Liver

If you uninstall 2.0.15 patch and revert to .14, does problem clear?
Ashes and diamonds, foe and friend,
 we were all equal in the end.

                                     - R. Waters

RobN

I can try .14 later tonight and see if that helps or not. Thanks and will let you know

Kindred

Did you correctly reset all of the forum paths when your server was changed?
Are you using the default theme?
If not, did you make the login changes necesarry in your custom theme?
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

RobN

Went back through it and found two spots where it still had the old server http address, one was in avatars and the other in smiley faces. I changed both of those. I have seen this occur in the error log yesterday twice but nothing today and users are logging in and using the forum. Will continue to monitor it. Hopefully changing those two items and giving it more time for the DNS to propagate for the new server fixed it. Thanks for the replies.

Aleksi "Lex" Kilpinen

If you have used http earlier, and are now using https you may see those errors for a while if you don't redirect people to https.
That error will likely happen anytime someone comes straight to a login form, or logout immediately from index using an old bookmark.
Slava
Ukraini!


"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum. Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

How you can help SMF

drewactual

i highly rec you introduce a htaccess script to permanently redirect to https://www from however your users approach.. google won't hold it against you, and it's clean as a whistle. 

i too have seen this error quite a bit.  i just figured it was someone trying to bust in, as every instance has been an unknown or previously unrecorded IP.  if so- no foul, i know to watch out based on time periods and IP ranges...

also, and i feel it's related- i adjusted my server (serverstack owned by me only i have access to, so it's no godaddy's fault per say) to limit php scripts to no longer than 60 seconds before abandoning them.  after doing so, i noticed a huge drop off in these errors... makes me think they were trying to run a script to bust in, or- it may not be related at all... i've noticed THIS very site has had issues lately- i wonder if it's related to the same folks...

shawnb61

Address the process rather than the outcome.  Then, the outcome becomes more likely.   - Fripp

Advertisement: