Login problem after changing URL and https

jambo
User ww
User ww
Posts: 21
Joined: Fri May 15, 2020 7:23 pm

Re: Login problem after changing URL and https

Post by jambo »

GREAT!! I am back on track, your comments led me down the path to see what I might have done to make things bad.

The problem was created by me!!!!

I set the "Allow "Remember Me" logins:" in phpBB 3.3 to "off" because I am going to force all logins through wordpress and I figured I would control the cookie timeout there. The minute I set that back to "on" my problem went away!!!!!

My other question, is since I am putting everything through wordpress, and I want to FORCE registration there, should I set the "Account activation:" field to "Disable registration". I already have pushed all the login links to wordpress with my phpBB style, but that would remove all the register links for me.

Thank you very much for your help and for the plugin, you rock!!!!

James
User avatar
axew3
w3all User
w3all User
Posts: 2689
Joined: Fri Jan 22, 2016 5:15 pm
Location: Italy
Contact:

Re: Login problem after changing URL and https

Post by axew3 »

Thank you for appreciation!
"Account activation:" field to "Disable registration"
Yes, you can of course disable registration in phpBB!

Following to check for the issue above mentioned, i see now that this code is the probòem, that run just on top of the verify credentials function of the plugin:

Code: Select all

 // The presented cookie uid, is in the black list and the user not logged in?
 if( $w3all_anti_brute_force_yn == 1 && ! is_user_logged_in() && isset($w3all_bruteblock_phpbbulist[$phpbb_u]) ){
      setcookie ("w3all_bruteblock", "1", 0, "/", $w3cookie_domain, false); // expire session, removed on phpBB_user_session_set()
       self::w3all_wp_logout('wp_login_url');
      return;
 }
This code used to stop any bruteforce: if the username is in the list, is not logged, the logout fire, the function logout and return, so stop any subsequent action (calls to db to check for the session).

If no other smart solution will come out in mind, the way to resolve can't be like into this example (where i can manage problems in another way, may managing records into db when in trouble like this morning that this is obviously not useful for nobody)

The solution is: do not activate the option Swap login/registration/reset pass links with bruteforce active,
if/and you want users do these actions only in phpBB
, may just remove then in wp side all links that points to registration/login lost pass and that points to wp, and manually add links to related phpBB pages. Then in case of problems, so when an user need to reset/unlock his account, it will be normally processed. Let test things more deeply in these days, hope to come out with a solution for this problem, but without adding code into phpBB side, it seem at me at moment +- impossible.
Post Reply