News:

Wondering if this will always be free?  See why free is better.

Main Menu

cannot log in, simple log in error box.

Started by Nodaz, December 29, 2024, 07:45:42 PM

Previous topic - Next topic

Nodaz

I just navigated to on of my SMF sites to log in and when i click the login button i get a vert simple log in error box.  ( it was working weeks ago, and my others site works fine.
     
I cannot figure out why.     
It happens on mobile ( i grabbed the screenshot form there) and on my PC.
Any idea what could be happening and how to resolve it?


Arantor

Holder of controversial views, all of which my own.


sudoku

We had a similar issue just over a year ago.
Apparently some members were using our old URL. (Http://www.xxxxxxx etc)
Our forum had swithed to "https://xxxxxxxx etc." with no www.

Maybe a similar issue here?

Arantor

It's almost certainly a mismatch between http and https, or non-www vs www, or both. But need to see a link to diagnose further.
Holder of controversial views, all of which my own.


Sir Osis of Liver

.htaccess -


# 301 REDIRECT HTTP TO HTTPS AND WWW TO NON-WWW
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www\. [NC]
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [L,NE,R=301]
</IfModule>

When in Emor, do as the Snamors.
                              - D. Lister

Nodaz

Quote from: Arantor on December 30, 2024, 03:25:46 AMIt's almost certainly a mismatch between http and https, or non-www vs www, or both. But need to see a link to diagnose further.

https://www.greenfieldlakeshoa.com/index.php is what i have bookmarked and used previously but have tried >

greenfieldlakeshoa.com/  It loads
https://greenfieldlakeshoa.com and i AM able to log in.

I also have a redirect setup form www.gflhoa.com /gflhoa.com and it loads https://www.greenfieldlakeshoa.com/ and i am unable to log in an get the same error.


I am unversed in what is happening and why.



Kindred

Because you can not properly log in from a domain that does not match your settings.

If you use www then use htaccess to force users to the www address.

If you have any alternative domain,  then use htaccess to force users to the correct domain
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Doug Heffernan

Additionally have a look at the following topic to make sure that you are using https correctly/properly.

https://www.simplemachines.org/community/index.php?topic=555034.0

Sesquipedalian

To be clear, since you are able to log in from the URL that uses https and no www subdomain, that means your forum is configured to use that URL as its canonical form. You need to redirect all alternative URLs to that canonical URL via your .htaccess file, as described by others above.
I promise you nothing.

Sesqu... Sesqui... what?
Sesquipedalian, the best word in the English language.

Nodaz

Quote from: Sesquipedalian on December 30, 2024, 12:49:54 PMTo be clear, since you are able to log in from the URL that uses https and no www subdomain, that means your forum is configured to use that URL as its canonical form. You need to redirect all alternative URLs to that canonical URL via your .htaccess file, as described by others above.
Ok thank you , i am pretty new to all this, what does "your forum is configured to use that URL as its canonical form"
 configuired where?

Nodaz

Quote from: Kindred on December 30, 2024, 12:06:08 PMBecause you can not properly log in from a domain that does not match your settings.

If you use www then use htaccess to force users to the www address.

If you have any alternative domain,  then use htaccess to force users to the correct domain
Where are those settings and how do i correct them so that access is available form any form of the URL ( i hope that makes sense)

Sesquipedalian

#11
Quote from: Nodaz on December 30, 2024, 03:32:57 PM
Quote from: Sesquipedalian on December 30, 2024, 12:49:54 PMTo be clear, since you are able to log in from the URL that uses https and no www subdomain, that means your forum is configured to use that URL as its canonical form. You need to redirect all alternative URLs to that canonical URL via your .htaccess file, as described by others above.
Ok thank you , i am pretty new to all this, what does "your forum is configured to use that URL as its canonical form"
 configuired where?


The canonical URL for your forum is the value of $boardurl in your Settings.php file. You should configure your .htaccess file to redirect all alternative URLs to that one.

In your case, Settings.php will contain this line (among a bunch of others):

$boardurl = 'https://greenfieldlakeshoa.com';

The .htaccess file (notice the leading '.' character) is a plain text file that typically lives in your website's "document root" (i.e. the base folder that holds the files for your website's home page). If you don't see one in that folder, make sure you have turned on the option to show hidden files. If you still don't see it, you can create it.

Once you have found your .htaccess file, open it and add the code that Sir Osis of Liver shared in his reply above. That code will redirect the alternative URLs to your canonical one, such that anyone who tries to go to one of those alternative URLs will automatically be sent to the correct one. You should also change the redirect from your short domain (i.e. gflhoa.com and www.gflhoa.com) to your full domain so that it redirects to your canonical URL.

This will solve your login issues, because users will always be attempting their login using the correct URL.
I promise you nothing.

Sesqu... Sesqui... what?
Sesquipedalian, the best word in the English language.

Douglas

I also recommend using subdomain independent cookies and database driven sessions, as well. Subdomain independent cookies would address www vs non-www issues. I would also have Apache (or even better, NginX if used) handle the redirect, rather than .htaccess.

But what do I know. ;)
Doug Hazard
* Full Stack (Web) Developer for The Catholic Diocese of Richmond
(20+ Diocesan sites, 130+ Church sites & 24 School sites)
* HBCUAC.org Web Developer, the NAIA's only HBCU Athletic Conference
* Former Sports Photographer and Media Personality and Former CFB Historian
* Tech Admin for one 2.9M+ post and one 11.6M+ post sites. Used to own a 1M+ post site.
* WordPress Developer (Junkie / Guru / Maven / whatever)

Nodaz

#13
Quote from: Sir Osis of Liver on December 30, 2024, 11:44:50 AM.htaccess -


# 301 REDIRECT HTTP TO HTTPS AND WWW TO NON-WWW
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www\. [NC]
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [L,NE,R=301]
</IfModule>



Thank you ,
 Thank you i found the old htaccess file and this is what it contains.
im not sure how or why and whether i should delete any of this or just add what you have suggested.

"
====
RewriteEngine On
RewriteCond %{HTTP_HOST} greenfieldlakeshoa\.com [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.greenfieldlakeshoa.com/$1 [R,L]

<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>
====

# php -- BEGIN cPanel-generated handler, do not edit
# Set the "ea-php72" package as the default "PHP" programming language.
<IfModule mime_module>
  AddHandler application/x-httpd-ea-php72 .php .php7 .phtml
</IfModule>
# php -- END cPanel-generated handler, do not edit "

Nodaz

Quote from: Douglas on December 30, 2024, 05:10:58 PMI also recommend using subdomain independent cookies and database driven sessions, as well. Subdomain independent cookies would address www vs non-www issues. I would also have Apache (or even better, NginX if used) handle the redirect, rather than .htaccess.

But what do I know. ;)

How would i implement subdomain independent cookies and database driven sessions

Douglas

Go into the admin area and use the search feature. :)
Doug Hazard
* Full Stack (Web) Developer for The Catholic Diocese of Richmond
(20+ Diocesan sites, 130+ Church sites & 24 School sites)
* HBCUAC.org Web Developer, the NAIA's only HBCU Athletic Conference
* Former Sports Photographer and Media Personality and Former CFB Historian
* Tech Admin for one 2.9M+ post and one 11.6M+ post sites. Used to own a 1M+ post site.
* WordPress Developer (Junkie / Guru / Maven / whatever)

Arantor

Do note that subdomain independent cookies won't fix the problem and if you're using htaccess to force everyone to the one true domain, you don't need to change it anyway.

(Why won't it fix the problem? Because the problem isn't a cookie problem. The login form is dynamically loaded, at the time it was implemented we thought there would be more login-with-x options being added where you need to do more work that you don't want to do every page for guests. Anyway: the form is loaded via AJAX, and CORS - Cross-Origin Request Sharing - rules say that unless you do some more hokey stuff, a request crossing http/https, or subdomains, or full domains, is not permitted in the name of security.)
Holder of controversial views, all of which my own.


Kindred

And yes... your htaccess currently tells the system to force www...  but your forum is set to not use it.

So yeah, no wonder you have issues
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Douglas

Doug Hazard
* Full Stack (Web) Developer for The Catholic Diocese of Richmond
(20+ Diocesan sites, 130+ Church sites & 24 School sites)
* HBCUAC.org Web Developer, the NAIA's only HBCU Athletic Conference
* Former Sports Photographer and Media Personality and Former CFB Historian
* Tech Admin for one 2.9M+ post and one 11.6M+ post sites. Used to own a 1M+ post site.
* WordPress Developer (Junkie / Guru / Maven / whatever)

Kindred

Only if they WANT www... but they said that they use non-ww, which means fixing the htaccess...

And that didn't even address using a secondary domain to access the forum
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Advertisement: