Other > Website Support

Password recovery from hell

<< < (2/3) > >>

keith.lamothe:
The wrong-IP thing is probably cloudflare-related.

x4000:

--- Quote from: eRe4s3r on May 31, 2017, 10:02:01 AM ---So a case of odd timing then? Changing password while logged in at least worked fine.. let's hope it continues working ;p

--- End quote ---

I think that is accurate.


--- Quote from: keith.lamothe on May 31, 2017, 10:19:31 AM ---The wrong-IP thing is probably cloudflare-related.

--- End quote ---

That's almost certainly the case.  Although I thought we had a workaround for that, but such is life.

Draco18s:
My stored password worked just fine.
* Draco18s shrugs

Dominus Arbitrationis:
Okay, so here's what has been going on.

SMF released a core update which included some security changes. As a result of the changes, our theme had to be updated. However, the changelogs didn't say you needed to make a theme change, so the change was not made at first. Only when people got errors did I notice, and I found the issue and corrected it.

Since the need for a theme change wasn't documented, I went through the normal troubleshooting steps. I disabled my local cache, nothing. I cleared the server page cache, nothing. I eventually got around to the sessions, and purged the sessions. Still nothing. After spending quite a lot of time trying to sort it out, I finally stumbled upon the theme issue, and corrected it there. Now, everything seems to work.

What happened when you logged out was the data pertaining to your login was purged entirely (As intended). This normally works perfectly, but due to the changes made in the update, if the form wasn't updated, it would lie about what was happening and say something about the session or password being wrong.


--- Quote from: BadgerBadger on May 31, 2017, 08:47:44 AM ---Oddly, while my password is still accepted, I find myself needing to log in every time I visit (seemingly) after months of being just auto logged-in.

--- End quote ---
This is probably because of the session purge. It should be stable now, so you should auto login now. If not, let me know.


--- Quote from: eRe4s3r on May 31, 2017, 08:57:54 AM ---Either way, something odd is going on on top of the "bugs" with the PW reset as a whole. Did the domain or structure change?

--- End quote ---
The cookie changed, but other than that, everything remained the same.




--- Quote from: eRe4s3r on May 31, 2017, 08:57:54 AM ---Yeah something odd is going on that's for sure, Lastpass informed me that the site has 3 known passwords, and it listed Mantis as one of them (one of the BIG problems of running Mantis on your forum domain by the way)

--- End quote ---
I'm assuming you are referring to the fact that Mantis and the Forums share a base domain? They both use different subdomains, and you can't access the old Mantis URL without being redirected. You could use the old forums URL, but I do need to get around to changing that.


--- Quote from: x4000 on May 31, 2017, 10:35:06 AM ---
--- Quote from: eRe4s3r on May 31, 2017, 10:02:01 AM ---So a case of odd timing then? Changing password while logged in at least worked fine.. let's hope it continues working ;p

--- End quote ---

I think that is accurate.


--- Quote from: keith.lamothe on May 31, 2017, 10:19:31 AM ---The wrong-IP thing is probably cloudflare-related.

--- End quote ---

That's almost certainly the case.  Although I thought we had a workaround for that, but such is life.

--- End quote ---

Yep to both. As for the Cloudflare workaround, can you email me with what you originally had set up to correct the issue? I have a few ideas on what I can do to fix it, but if you have a known good solution (That hasn't been invalidated by updates to SMF or Cloudflare), I'd prefer to use that.

x4000:
Honestly I have no recollection as to what the old solution WAS.  I think maybe you had figured it out, I'm not sure.  Thanks for the writeup!

Navigation

[0] Message Index

[#] Next page

[*] Previous page

Go to full version