search

jacobwb / hashover-next

This branch will be HashOver 2.0
GNU Affero General Public License v3.0
420 stars 87 forks source link

Can't Login Anymore #273

Closed magicmastermindmurks closed 4 years ago

magicmastermindmurks commented 4 years ago

First of all, thanks for that great piece of work. Pretty happy I found it and it seems to work quite smoothly, probably it is overpowered for what I am doing but fair enough.

Here is the issue I am currently facing and can't get my head around: I adjusted the secrets, uploaded all files, adjusted access rights. All goode and able to login using the given credentials. Now about 10min later, I can't login anymore. Clicking on the login button will only give me an awkwardly long loading sequence and then opens the login page again.

And since I am asking questions here already, where do I find html outputs in this version?

jacobwb commented 4 years ago

Here is the issue I am currently facing and can't get my head around: I adjusted the secrets, uploaded all files, adjusted access rights. All goode and able to login using the given credentials. Now about 10min later, I can't login anymore. Clicking on the login button will only give me an awkwardly long loading sequence and then opens the login page again.

It sounds like you're having trouble logging into the Admin page, is that right? The awkwardly long loading is caused by the encryption algorithm, which is intentionally computationally intensive, and an added 5 second pause when the username or password doesn't match.

My first guess would be that you are simply typing the username or password wrong or an old or incorrect version of the username or password is being autofilled by your browser. An important note is that the admin username and password are both case sensitive and must be used together, no other username and password combination will work.

Is it possible that you disabled cookies in your browser?

And since I am asking questions here already, where do I find html outputs in this version?

HTML is handled in a few places (I'm working on getting it all in one place). These places are the comments.html file in each of the theme directories, there are also a few other HTML files there for the APIs and the HTML notification emails; the classes commentsui.php and formui.php in the /backend/classes directory generate various dynamic HTML.

Most often I see people edit these files to remove the end links. If this is what you are looking to do, you might be better served by using CSS instead, as it lets you update to a new version of HashOver without having to make the same changes again.

CSS like this will hide the end links:

.hashover .hashover-end-links {
    display: none;
}

Most elements have IDs or classes that make it easy to style them or hide them, so you should be able to make a lot of changes you want just using CSS.

I hope this helps.

magicmastermindmurks commented 4 years ago

It sounds like you're having trouble logging into the Admin page, is that right? The awkwardly long loading is caused by the encryption algorithm, which is intentionally computationally intensive, and an added 5 second pause when the username or password doesn't match.

Yep you are right, sorry I didn't mention it was the admin page. Good to know that this is the encryption algorithm, I thought it was some chain of faulty redirection.

My first guess would be that you are simply typing the username or password wrong or an old or incorrect version of the username or password is being autofilled by your browser. An important note is that the admin username and password are both case sensitive and must be used together, no other username and password combination will work.

I manually copied username:password from settings.php and entered it into the form, without any success. Everything that happens is a briefly shown red border around the login form.

Is it possible that you disabled cookies in your browser?

Did try 3 different browsers with different cookie handling now, all of them showing the same result.

HTML is handled in a few places (I'm working on getting it all in one place). These places are the comments.html file in each of the theme directories, there are also a few other HTML files there for the APIs and the HTML notification emails; the classes commentsui.php and formui.php in the /backend/classes directory generate various dynamic HTML.

Most often I see people edit these files to remove the end links. If this is what you are looking to do, you might be better served by using CSS instead, as it lets you update to a new version of HashOver without having to make the same changes again.

CSS like this will hide the end links:

.hashover .hashover-end-links {
    display: none;
}

Most elements have IDs or classes that make it easy to style them or hide them, so you should be able to make a lot of changes you want just using CSS.

I hope this helps.

Thank you for the clarifications on the HTML/CSS. I will move some of the links in the footer to somewhere else yes, but I am planning to restructure the display of comments and that will be easier while controlling the output. I am integrating this into LimeSurvey to create a live "discussion" place on different items/pages within the questionnaire.

Thanks for your help!

EDIT: I reinstalled your script and ran into the same issue. Was able to login for a short period of time and now I can't anymore. /EDIT

jacobwb commented 4 years ago

I manually copied username:password from settings.php and entered it into the form, without any success. Everything that happens is a briefly shown red border around the login form. ... Did try 3 different browsers with different cookie handling now, all of them showing the same result.

This is very strange. Particularly the fact that it works once, I don't have any idea why it would work and then fail, no data is being created other than the cookies, so the simple fact of logging in shouldn't cause any issues afterwards.

What happens if you delete the HashOver cookies and login again? You can delete the HashOver cookies using the browser console, the "Storage" tab in Firefox or the "Application" tab in Chrome. Delete all cookies with the "hashover-" prefix. You could also load the HashOver Admin page in a Private Browsing / Incognito Mode window to login without preexisting cookies.

If deleting the cookies lets you login at least once more, that will confirm it has something to do with how the cookies are set. If that doesn't help, it will confirm that something else is the cause.

If you don't mind, can you post what you are using for the admin username and password? It's possible that a special character or the length of the username or password is causing the problem. Though, this would not explain why it works once.

EDIT: I reinstalled your script and ran into the same issue. Was able to login for a short period of time and now I can't anymore. /EDIT

Thanks for the update.

This implies to me that you are using a default setup, is that right? If you are making any configuration changes, like storing the comments using SQL instead of XML, or using the Session Login instead of the Cookies Login, please tell me so I can properly investigate the problem.

magicmastermindmurks commented 4 years ago

I tried different browsers with no cookies at all, removed cookies if there were some - same result unfortunately. Even changed the login data to admin:admin to make sure it is not a special char issue. Changed (and reverted) the encryption key, also no difference.

Yes, I am pretty much on a default setup, only template-wise I did some changes to the frontend. So only XML for comments and cookies for login. Going to re-install again and see if there is any changes.

EDIT: Same as before, was able to login once after reinstall. Clicked Logout and now can't login again. But I can login once I delete the settings.json /EDIT

EDIT2: The login issue appears to be somehow connected to the values I set for "name-field": "on", "password-field": "on", "email-field": "off", "website-field": "off", "allows-login": true, "uses-auto-login": false, I can't figure a pattern though :D /EDIT2

jorgesumle commented 4 years ago

I have the same problem.

jacobwb commented 4 years ago

@magicmastermindmurks Thank you for the info. I have managed to reproduce the issue on my end, and I believe I have now fixed the issue. Please try the latest code and let me know if it's fixed.

FYI: I know it isn't obvious, but some settings affect others. For example, if you disable the password field, the login also gets disabled. I think this or another combination of setting changes caused the login to get disabled for you, which made it impossible to login as Admin as well. I plan to fix this at some point, to make it more obvious that a setting affects other settings.

magicmastermindmurks commented 4 years ago

Thanks for the information and the fix, I will check it as soon as possible. Maybe you can avoid the confusion about the settings with a different wording. I only associated the login settings with "user" login since deactivating administrative login would have not even been a possible intent in my head.

magicmastermindmurks commented 4 years ago

Sorry for taking so long. I finally updated the files your changed and the issue is resolved. Thank you very much!