Your session timed out while posting. Please go back and try again.

[AB1Vasek]

Hello, I studied many topics related to this issue, but I haven't found a solution.

When I try to log in, I receive a message "Your session timed out while posting. Please go back and try again."

Since the last update if I remember well.

I added this line to the index.template.php
https://wiki.simplemachines.org/smf/Login_error_2.0.14

Could you help me to resolve the problem?

My forum is located at:

hxxp:www.redbaron3dofficialsite.com/forum [nonactive]

Thank you!

[shawnb61]

A few questions -
Have you cleared your cookies?
Have you tried another theme?
Does it affect all users or just you?

[Illori]

did you install the mod that is listed on that page? if not please try and see if it resolves the issue.

[AB1Vasek]

I didn't clear cookies, but several other people tried to log in and have the same issue. I've been using this theme for years.

I installed the mod manually (edited Subs.php).

EDIT: Cookies cleared but no change.

[GigaWatt]

Quick question (not related to the topic): Why is your forum aligned to the right ?

Back on topic. You have to apply the patch in the theme files too. I can't remember what it was that I patched .

OK, fount it . I'm using the CleanTek theme. You'll have to find the adequate code in your theme and apply it in the quick login, as well as the standard login .

Change the following code in the index.template.php file of the theme.

Original:

Code Select Expand

<input type="hidden" name="hash_passwrd" value="" />

Modded:

Code Select Expand

<input type="hidden" name="hash_passwrd" value="" />
<input type="hidden" name="', $context['session_var'], '" value="', $context['session_id'], '" />

[Sir Osis of Liver]

Do you have the problem in Curve?

You've removed the SMF and theme copyrights, won't make you popular around here.

[AB1Vasek]

The theme is "Reference". Several years ago I modified the copyright in the footer, but the (Copy)SMF X.X has always been there.

There are not many files in Themes/reference/ which I could edit via the instructions in your wiki. The Sources/ folder only includes one javastript file.

Do you suspect the theme from this issue?

I am sending a part of index.template.php which includes the particular code for reference:

Code Select Expand

// Otherwise they're a guest - this time ask them to either register or login - lazy bums...
else
{
echo sprintf($txt['welcome_guest'], $txt['guest_title']);
echo '
  <script language="JavaScript" type="text/javascript" src="', $settings['default_theme_url'], '/scripts/sha1.js"></script>
  <form action="', $scripturl, '?action=login2" method="post" accept-charset="', $context['character_set'], '" style="margin: 4px 0;"', empty($context['disable_login_hashing']) ? ' onsubmit="hashLoginPassword(this, \'' . $context['session_id'] . '\');"' : '', '>
<input type="text" name="user" class="userlog"  size="10" />
<input type="password" name="passwrd" class="userlog"  size="10" />
<input type="submit" value="', $txt['login'], '" class="button_submit" />
<input type="hidden" name="hash_passwrd" value="" />
<input type="hidden" name="', $context['session_var'], '" value="', $context['session_id'], '" />
</form>', $context['current_time'],'<br />';
  }
  echo '
  </div>

[Sir Osis of Liver]

It's a violation of the license to remove or modify the SMF copyright, team members may refuse to assist you.  Removing the theme copyright is discourteous to the author, who in this case is deceased and deserving of credit for the contributions he made to the project. 

Etiquette aside, any file that is not included in your custom theme is pulled from /Themes/default. You've fixed the session check in the header login, it should be working.  Do you have problems with login window ('Login' in menubar)?  Does header login work in Curve?

[AB1Vasek]

I edited login.template.php in Themes/default/ but the problem persists.

I can't login from the front page and from the login page either.

and I will use the original copyright.

[Sir Osis of Liver]

Link to your forum?

[Illori]

It's a violation of the license to remove or modify the SMF copyright, team members may refuse to assist you.

no it does not violate the license to remove or modify the SMF 2.0 copyright, but we can deny support to anyone that does beyond removing the version number in the copyright.

[GigaWatt]

Change the following code in the index.template.php file of the theme.

[AB1Vasek]

My forum is located in the link I posted in the first post. It's hxxp:redbaron3dofficialsite.com/forum [nonactive]

I edited the particular piece of code in both index.template.php in current theme folder and login.template.php in default theme folder, because this one is not included in the current theme's folder.

And I still have the same problem with the login, like many other visitors.

[Illori]

each theme has its own index.template.php file, double check that your theme does not have it. also if you installed that mod that is linked on the wiki page it should resolve this issue without any file edits.

also if you would like further support it would be nice if you restored the SMF copyright on your forum.

[Kindred]

It's a violation of the license to remove or modify the SMF copyright, team members may refuse to assist you.

no it does not violate the license to remove or modify the SMF 2.0 copyright, but we can deny support to anyone that does beyond removing the version number in the copyright.

actually, let's be clear.  REMOVING the copyright statement is acceptable (legally) but may result in denied support.
ALTERING the copyright is actually NOT legally acceptable. The copyright, if present, MUST be as provided. (e.g. SMF © 2017, Simple Machines) NO ONE is allowed to modify that except the copyright holder (Simple Machines)

[AB1Vasek]

I reset the forum theme to "default - curve" which also resolves the problem with copyright.

However, the problem with login still persists.

I figured out that when I disable .htaccess, the login procedure works just right. When I activate (load) the .htaccess, I receive the errors.

1) index.template.php at the default theme already includes the one extra line.

Code Select Expand

<input type="hidden" name="hash_passwrd" value="" />
<input type="hidden" name="', $context['session_var'], '" value="', $context['session_id'], '" />
     
2) Sources/Subs.php include the extra lines of code

Code Select Expand

ob_start('ob_sessrewrite');
ob_start(function ($buffer) {
global $context;
if (!$context['user']['is_guest'])
return $buffer;
return preg_replace_callback('~(<form[^<]+action=login2(.+))</form>~iUs' . (!empty($context['utf8']) ? 'u' : ''), function($m) use ($context) {
$repl = '';
if (strpos($m[0], $context['session_var']) === false)
$repl .= '<input type="hidden" name="' . $context['session_var'] . '" value="' . $context['session_id'] . '"/>';

return $m[1] . $repl . '</form>';
}, $buffer);
});



The .htaccess includes the following:

Code Select Expand

# Options -MultiViews
RewriteEngine On
RewriteBase /

RewriteCond %{ENV:HTTPS} !^.*on
RewriteRule ^(.*)$ https://www.redbaron3dofficialsite.com/$1 [R,L]

# remove .php; use THE_REQUEST to prevent infinite loops
RewriteCond %{HTTP_HOST} ^www\.redbaron3dofficialsite\.com
RewriteCond %{THE_REQUEST} ^GET\ (.*)\.php\ HTTP
RewriteRule (.*)\.php$ $1 [R=301]

# remove index
RewriteRule (.*)index$ $1 [R=301]

# remove slash if not directory
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} /$
RewriteRule (.*)/ $1 [R=301]

# add .php to access file, but don't redirect
RewriteCond %{REQUEST_FILENAME}.php -f
RewriteCond %{REQUEST_URI} !/$
RewriteRule (.*) $1\.php [L]

# one domain address
RewriteCond %{HTTP_HOST} ^redbaron3dofficialsite\.com$ [NC]
RewriteRule ^(.*)$ https://www.redbaron3dofficialsite.com/$1 [R=301,L]
RewriteCond %{THE_REQUEST} ^.*/index.php
RewriteRule ^(.*)index.php$ https://www.redbaron3dofficialsite.com/$1 [R=301,L]
RewriteCond %{HTTP_HOST} ^173\.201\.243\.1
RewriteRule (.*) https://www.redbaron3dofficialsite.com/$1 [R=301,L]

#RewriteCond %{REQUEST_METHOD} POST
#RewriteRule ^ - [L]

# Cache settings
# 1 WEEK 1 DAY

#<filesMatch ".(html|htm|css|php)$">
#Header set Cache-Control "max-age=691200"
#</filesMatch>
#<filesMatch ".(jpg|jpeg|png|gif|swf|ico)$">
#Header set Cache-Control "max-age=691200"
#</filesMatch>



<Files ~ "^.*\.([Hh][Tt][Aa])">
order allow,deny
deny from all
satisfy all
</Files>

I should also mention that recently I moved to HTTPS, but I updated all paths in the forum settings.

[GigaWatt]

Well, you solved the problem by yourself. Your .htaccess file is causing the problem. You should revise your edits to the file.

[Kindred]

I would bet that your problem comes from the www vs non www. Or maybe http vs https

What do you have as your url setting in smf?

[AB1Vasek]

I ran repair_settings and checked all my url are with HTTPS.

I disabled the .htaccess

When I access the forum from HTTPS and click on "home" it redirects me to HTTP. All other buttons "admin", "search", .. stay on HTTPS.

All urls in the admin section and repair_settings are with HTTPS, double checked.

Where else shall I make the change to prevent the home button from redirect to HTTP?

From HTTP I can log in, from HTTPS I can't.

[GigaWatt]

It doesn't seem like you've got https redirects in .htaccess. You can do it directly in .htaccess or in your cPanel.

[Kindred]

yup...   if you can log in from http and not from https - that indicates that the forum is not correctly set up to use https throughout.

Are you using a portal? did you manually check all of the URLs in the admin section?
server settings (should have been handled by repair_settings, but check anyway)
theme settings
smilies
attachments
portal URL?
other mods?