Problems to login with 1.0.9 version

Find all the help you need on the script Arfooo Directory.
Please refer any bugs found.

Moderator: effi

Problems to login with 1.0.9 version

Postby effi » Tue Jun 09, 2009 8:28 am

Hello,
As in the french forum, it seems to be here the same problem to login
I try to sign as a webmaster cannot come in
i pushed the button lost password, and i get another password, tried again and nothing came

Some of the people of my client have the same problem and there is 25% mail adress registered, but no website, because they couldn' enter to add their own websites, no message whether the identification or password do not match not the same characters.

in the french forum i posted some bug report ansd there is several answers

    some people try to enter with www if they do it is no www in database and it doesnt work (or the inverse) -->so you MUST write a htaccess to transform the url.

    there was trouble with missing messages i gave to you in javascript section of languages files.

    if you choose the option confirm by mail, YOU MUST upgrade the template with arf recommendations for template and language section
and it seems there is another problem . we encounter there !!!


Any idea to fix the problem ?
effi
 
Posts: 195
Joined: Fri May 22, 2009 10:04 am

Re: Problems to login with 1.0.9 version

Postby ping » Tue Jun 09, 2009 1:30 pm

sometimes you cant remember your password and the "recover password" is not working (mail config or something with htaccess), so here's what i did:
1) create a dummy acount with password 1234
2) go to the phpmyadmin, your_table, arfooo_users then just copy the password code (i think its md5) to the user you want to change the password, so it changes to 1234 :lol:
i'm sure there are other ways but this is so simple ;P

more tips (.htaccess)
# domain.com TO www.domain.com
RewriteCond %{http_host} ^YOURDOMAIN.com [NC]
RewriteRule ^(.*)$ http://www.YOURDOMAIN.com/$1 [R=301,L]

# to avoid duplicate content (SEO) if you have multiple domains pointing to just one directory
RewriteCond %{HTTP_HOST} ^www.domain222.net$[OR]
RewriteCond %{HTTP_HOST} ^domain222.net$
RewriteRule ^(.*)$ http://www.domain.com/$1 [R=301,L]
ping
 
Posts: 23
Joined: Sat May 02, 2009 12:41 am

Re: Problems to login with 1.0.9 version

Postby effi » Fri Jun 26, 2009 3:32 am

hello Ping,
The login problem is not mine but webmasters who sign in but couldn't enter : the login page refresh allways
and it is 25% of webmasters with an email adress but no website
, so there is a problem somewhere
perhaps only a problem of matching low or high typing characters, but i am not enough good in programming to add a message !

i think the problem is there inthe javascript/webmaster/loginfunction.js

Code: Select all
   var onRegisterSuccess = function (ajaxObj)
    {
      var response = ajaxObj.parseJSON();
       
      if(response.registered)
      {
         $('webmasterInscriptionBlockHeader').hide();
         $('webmasterInscriptionBlockContent').hide();
         alert(successMessage);
           
         loginForm.email.focus();
         loginForm.email.select();
      }
      else
      {
         if(inscriptionForm.publicCode)
         {
                CaptchaCode.replaceCaptchaImage(inscriptionForm.publicCode.value, inscriptionForm);   
            alert(response.message);
                 alert(notSuccessMessage);
         }
           
         inscriptionForm.privateCode.focus();
         inscriptionForm.privateCode.select();
      }
    }
   
    ajax.set("onSuccess", onRegisterSuccess.handler(this))       
    ajax.post(setting.registerUrl);
   
   return false;
}

or in AjaxFormSubmitter.js
Code: Select all
   switch(response.status)
        {
            case "ok":
               
                alert(response.message);
               
                if(response.refresh)
                {
                    window.location.reload(false);
                }
               
                if(response.redirectUrl)
                {
                    window.location = response.redirectUrl;
                }
                 
                break;
           
effi
 
Posts: 195
Joined: Fri May 22, 2009 10:04 am

Re: Problems to login with 1.0.9 version

Postby saidbakr » Fri Jun 26, 2009 9:42 am

Hello,

Till this time I have not deeply analysed the problem. However, according to your suggestion that relates the problem to JavaScript's files *.js, I may suggest to try login using another web browser.

If really, the problem related to Javascript, this will mean it is a client side dependent problem, so using of another browser may mean a temporary solution.

++++++++++++++++
Again! I have just made an initial analysis for the problem and it may be due to a scurity bug!.
The lost password mechanism follows a wrong behavior. It is just requires the user email supplied to the field and then the password is automatically changed, then it will be sent to your email. In this case, if your email service provider works fine, the email sent with your new password may be got lost! This simply means that, anyone are able to partially hijack the user's account by knowing his registered email and so prevent him to log in his account.

I've done an experminet using two emails addresses one is uses gmail.com and the other uses yalla.com. Ofcourse gmail is the best and powerful than yalla.com, so I have received the email with the new password and everything go well, but the yalla.com, lost the email!.

The lost password mechanism should be changed, to be, there is no any change to the password without user's confirmation code.

At current time I have no enough background about the script or even skills to do such modification, We just need to ask Arf to cover it among the incoming version or releasing a batch for it.
Best Regards,
Said Bakr
Azzazi Anesthesia Web Directory, just another customized Arfooo directory.
دليل معمل الحياة
saidbakr
 
Posts: 66
Joined: Wed Jul 23, 2008 9:09 pm
Location: Egypt


Return to Installation, support and bug reports

 


  • Related topics
    Replies
    Views
    Last post

Who is online

Users browsing this forum: No registered users and 1 guest

 
Copyright © arfooo.net  2007 - 2010  -  All rights reserved.
Arfooo website group: petites annonces gratuites   voyance en direct - tirage tarot   Consultant en référencement
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group | phpBB SEO
cron