News:

Want to get involved in developing SMF, then why not lend a hand on our github!

Main Menu

cannot log in, simple log in error box.

Started by Nodaz, December 29, 2024, 07:45:42 PM

Previous topic - Next topic

Nodaz

I just navigated to on of my SMF sites to log in and when i click the login button i get a vert simple log in error box.  ( it was working weeks ago, and my others site works fine.
     
I cannot figure out why.     
It happens on mobile ( i grabbed the screenshot form there) and on my PC.
Any idea what could be happening and how to resolve it?


Arantor

Holder of controversial views, all of which my own.


sudoku

We had a similar issue just over a year ago.
Apparently some members were using our old URL. (Http://www.xxxxxxx etc)
Our forum had swithed to "https://xxxxxxxx etc." with no www.

Maybe a similar issue here?

Arantor

It's almost certainly a mismatch between http and https, or non-www vs www, or both. But need to see a link to diagnose further.
Holder of controversial views, all of which my own.


Sir Osis of Liver

.htaccess -


# 301 REDIRECT HTTP TO HTTPS AND WWW TO NON-WWW
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www\. [NC]
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [L,NE,R=301]
</IfModule>

When in Emor, do as the Snamors.
                              - D. Lister

Nodaz

Quote from: Arantor on December 30, 2024, 03:25:46 AMIt's almost certainly a mismatch between http and https, or non-www vs www, or both. But need to see a link to diagnose further.

https://www.greenfieldlakeshoa.com/index.php is what i have bookmarked and used previously but have tried >

greenfieldlakeshoa.com/  It loads
https://greenfieldlakeshoa.com and i AM able to log in.

I also have a redirect setup form www.gflhoa.com /gflhoa.com and it loads https://www.greenfieldlakeshoa.com/ and i am unable to log in an get the same error.


I am unversed in what is happening and why.



Kindred

Because you can not properly log in from a domain that does not match your settings.

If you use www then use htaccess to force users to the www address.

If you have any alternative domain,  then use htaccess to force users to the correct domain
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Doug Heffernan

Additionally have a look at the following topic to make sure that you are using https correctly/properly.

https://www.simplemachines.org/community/index.php?topic=555034.0

Sesquipedalian

To be clear, since you are able to log in from the URL that uses https and no www subdomain, that means your forum is configured to use that URL as its canonical form. You need to redirect all alternative URLs to that canonical URL via your .htaccess file, as described by others above.
I promise you nothing.

Sesqu... Sesqui... what?
Sesquipedalian, the best word in the English language.

Nodaz

Quote from: Sesquipedalian on December 30, 2024, 12:49:54 PMTo be clear, since you are able to log in from the URL that uses https and no www subdomain, that means your forum is configured to use that URL as its canonical form. You need to redirect all alternative URLs to that canonical URL via your .htaccess file, as described by others above.
Ok thank you , i am pretty new to all this, what does "your forum is configured to use that URL as its canonical form"
 configuired where?

Nodaz

Quote from: Kindred on December 30, 2024, 12:06:08 PMBecause you can not properly log in from a domain that does not match your settings.

If you use www then use htaccess to force users to the www address.

If you have any alternative domain,  then use htaccess to force users to the correct domain
Where are those settings and how do i correct them so that access is available form any form of the URL ( i hope that makes sense)

Sesquipedalian

#11
Quote from: Nodaz on December 30, 2024, 03:32:57 PM
Quote from: Sesquipedalian on December 30, 2024, 12:49:54 PMTo be clear, since you are able to log in from the URL that uses https and no www subdomain, that means your forum is configured to use that URL as its canonical form. You need to redirect all alternative URLs to that canonical URL via your .htaccess file, as described by others above.
Ok thank you , i am pretty new to all this, what does "your forum is configured to use that URL as its canonical form"
 configuired where?


The canonical URL for your forum is the value of $boardurl in your Settings.php file. You should configure your .htaccess file to redirect all alternative URLs to that one.

In your case, Settings.php will contain this line (among a bunch of others):

$boardurl = 'https://greenfieldlakeshoa.com';

The .htaccess file (notice the leading '.' character) is a plain text file that typically lives in your website's "document root" (i.e. the base folder that holds the files for your website's home page). If you don't see one in that folder, make sure you have turned on the option to show hidden files. If you still don't see it, you can create it.

Once you have found your .htaccess file, open it and add the code that Sir Osis of Liver shared in his reply above. That code will redirect the alternative URLs to your canonical one, such that anyone who tries to go to one of those alternative URLs will automatically be sent to the correct one. You should also change the redirect from your short domain (i.e. gflhoa.com and www.gflhoa.com) to your full domain so that it redirects to your canonical URL.

This will solve your login issues, because users will always be attempting their login using the correct URL.
I promise you nothing.

Sesqu... Sesqui... what?
Sesquipedalian, the best word in the English language.

Douglas

I also recommend using subdomain independent cookies and database driven sessions, as well. Subdomain independent cookies would address www vs non-www issues. I would also have Apache (or even better, NginX if used) handle the redirect, rather than .htaccess.

But what do I know. ;)
Doug Hazard
* Full Stack (Web) Developer for The Catholic Diocese of Richmond
(20+ Diocesan sites, 130+ Church sites & 24 School sites)
* HBCUAC.org Web Developer, the NAIA's only HBCU Athletic Conference
* Former Sports Photographer and Media Personality and Former CFB Historian
* Tech Admin for one 2.9M+ post and one 11.6M+ post sites. Used to own a 1M+ post site.
* WordPress Developer (Junkie / Guru / Maven / whatever)

Nodaz

#13
Quote from: Sir Osis of Liver on December 30, 2024, 11:44:50 AM.htaccess -


# 301 REDIRECT HTTP TO HTTPS AND WWW TO NON-WWW
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www\. [NC]
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [L,NE,R=301]
</IfModule>



Thank you ,
 Thank you i found the old htaccess file and this is what it contains.
im not sure how or why and whether i should delete any of this or just add what you have suggested.

"
====
RewriteEngine On
RewriteCond %{HTTP_HOST} greenfieldlakeshoa\.com [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.greenfieldlakeshoa.com/$1 [R,L]

<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>
====

# php -- BEGIN cPanel-generated handler, do not edit
# Set the "ea-php72" package as the default "PHP" programming language.
<IfModule mime_module>
  AddHandler application/x-httpd-ea-php72 .php .php7 .phtml
</IfModule>
# php -- END cPanel-generated handler, do not edit "

Nodaz

Quote from: Douglas on December 30, 2024, 05:10:58 PMI also recommend using subdomain independent cookies and database driven sessions, as well. Subdomain independent cookies would address www vs non-www issues. I would also have Apache (or even better, NginX if used) handle the redirect, rather than .htaccess.

But what do I know. ;)

How would i implement subdomain independent cookies and database driven sessions

Douglas

Go into the admin area and use the search feature. :)
Doug Hazard
* Full Stack (Web) Developer for The Catholic Diocese of Richmond
(20+ Diocesan sites, 130+ Church sites & 24 School sites)
* HBCUAC.org Web Developer, the NAIA's only HBCU Athletic Conference
* Former Sports Photographer and Media Personality and Former CFB Historian
* Tech Admin for one 2.9M+ post and one 11.6M+ post sites. Used to own a 1M+ post site.
* WordPress Developer (Junkie / Guru / Maven / whatever)

Arantor

Do note that subdomain independent cookies won't fix the problem and if you're using htaccess to force everyone to the one true domain, you don't need to change it anyway.

(Why won't it fix the problem? Because the problem isn't a cookie problem. The login form is dynamically loaded, at the time it was implemented we thought there would be more login-with-x options being added where you need to do more work that you don't want to do every page for guests. Anyway: the form is loaded via AJAX, and CORS - Cross-Origin Request Sharing - rules say that unless you do some more hokey stuff, a request crossing http/https, or subdomains, or full domains, is not permitted in the name of security.)
Holder of controversial views, all of which my own.


Kindred

And yes... your htaccess currently tells the system to force www...  but your forum is set to not use it.

So yeah, no wonder you have issues
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Douglas

Doug Hazard
* Full Stack (Web) Developer for The Catholic Diocese of Richmond
(20+ Diocesan sites, 130+ Church sites & 24 School sites)
* HBCUAC.org Web Developer, the NAIA's only HBCU Athletic Conference
* Former Sports Photographer and Media Personality and Former CFB Historian
* Tech Admin for one 2.9M+ post and one 11.6M+ post sites. Used to own a 1M+ post site.
* WordPress Developer (Junkie / Guru / Maven / whatever)

Kindred

Only if they WANT www... but they said that they use non-ww, which means fixing the htaccess...

And that didn't even address using a secondary domain to access the forum
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Diego Andrés

Quote from: Douglas on December 30, 2024, 08:07:28 PMWouldn't the repair_settings script help fix the issues?

No because if there isn't a forced redirect, they can load the forum with www or without www and depending on the URL, the wrong address will show this error.
It even happens with http vs https.

Also this issue is posted every week or so...  :-X

SMF Tricks - Free & Premium Responsive Themes for SMF.

Arantor

At this point I'd gut the AJAX login entirely. It's not helping anyone. It was made in a different time with assumptions and expectations about what the future would bring that simply never materialised.
Holder of controversial views, all of which my own.


Nodaz

Ive changed the htaccess to add What Sir Liver of Onions suggested and tried orignaly by deleting the second section, pages would load bu i could not access the drop down menu for the account.( it would just say "loading")
I added it back and access reappeared.


"
====

# 301 REDIRECT HTTP TO HTTPS AND WWW TO NON-WWW
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www\. [NC]
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [L,NE,R=301]
</IfModule>


====

# php -- BEGIN cPanel-generated handler, do not edit
# Set the "ea-php72" package as the default "PHP" programming language.
<IfModule mime_module>
  AddHandler application/x-httpd-ea-php72 .php .php7 .phtml
</IfModule>
# php -- END cPanel-generated handler, do not edit "

I appreciate everyones patience and guidance

Nodaz

Quote from: Douglas on December 30, 2024, 05:10:58 PMI also recommend using subdomain independent cookies and database driven sessions, as well. Subdomain independent cookies would address www vs non-www issues. I would also have Apache (or even better, NginX if used) handle the redirect, rather than .htaccess.

But what do I know. ;)
I have enabled subdomain independent cookies and database driven sessions.  do you have a suggestion as to time of expiration for enable local storage of cookies?  (set to 1 hour currently)

Nodaz

Quote from: Sesquipedalian on December 30, 2024, 03:55:46 PM
Quote from: Nodaz on December 30, 2024, 03:32:57 PM
Quote from: Sesquipedalian on December 30, 2024, 12:49:54 PMTo be clear, since you are able to log in from the URL that uses https and no www subdomain, that means your forum is configured to use that URL as its canonical form. You need to redirect all alternative URLs to that canonical URL via your .htaccess file, as described by others above.
Ok thank you , i am pretty new to all this, what does "your forum is configured to use that URL as its canonical form"
 configuired where?


The canonical URL for your forum is the value of $boardurl in your Settings.php file. You should configure your .htaccess file to redirect all alternative URLs to that one.

In your case, Settings.php will contain this line (among a bunch of others):

$boardurl = 'https://greenfieldlakeshoa.com';

The .htaccess file (notice the leading '.' character) is a plain text file that typically lives in your website's "document root" (i.e. the base folder that holds the files for your website's home page). If you don't see one in that folder, make sure you have turned on the option to show hidden files. If you still don't see it, you can create it.

Once you have found your .htaccess file, open it and add the code that Sir Osis of Liver shared in his reply above. That code will redirect the alternative URLs to your canonical one, such that anyone who tries to go to one of those alternative URLs will automatically be sent to the correct one. You should also change the redirect from your short domain (i.e. gflhoa.com and www.gflhoa.com) to your full domain so that it redirects to your canonical URL.

This will solve your login issues, because users will always be attempting their login using the correct URL.

 I have added that Code to htaccess as recommened and changed the forwarding to https://greenfieldlakeshoa.com and so far it seems everything is working.

Sir Osis of Liver

If you delete the cPanel-generated handler from .htaccess bad things will happen.  That's part of the server setup.
When in Emor, do as the Snamors.
                              - D. Lister

Nodaz

Quote from: Sir Osis of Liver on December 31, 2024, 04:31:13 PMIf you delete the cPanel-generated handler from .htaccess bad things will happen.  That's part of the server setup.

Figured that out quick.  that one is old should i update it in cpanel?

Sir Osis of Liver

I would ask host support before I messed with that,
When in Emor, do as the Snamors.
                              - D. Lister

Nodaz


Advertisement: