TP-Docs
HTML5 Icon HTML5 Icon HTML5 Icon
TP on Social Media

Recent

Welcome to TinyPortal. Please login or sign up.

March 29, 2024, 06:27:39 AM

Login with username, password and session length
Members
Stats
  • Total Posts: 195,106
  • Total Topics: 21,213
  • Online today: 358
  • Online ever: 3,540 (September 03, 2022, 01:38:54 AM)
Users Online
  • Users: 0
  • Guests: 248
  • Total: 248

Unable to verify referring url. Please go back and try again.

Started by brynn, November 08, 2018, 06:06:27 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

lurkalot

Brynn the portal is already fixed in the version you are using, so the error is coming from somewhere else.  Anything that has a login form will need the fix applied if its not already there.  That means themes other mods anything that has a login form.

That basically means any theme built before SMF 2.0.14 was released.  Not sure if you have a copy of Arantors mod to try, if you have then give it a go.  If you haven't, then I think you're out of luck because he removed all his mods I think. So you'd have to check and do them manually. https://wiki.simplemachines.org/smf/Login_error_2.0.14

lurkalot


brynn

Ok yep, I've had 2 hits on that error since disabling the block.

I use the mod which interfaces with SFS (I always forget exactly which one it is - StopSpammer or Bad Behavior), so if anyone - any of these IPs which are hitting the error are in the SFS DBs, and tried to register, they couldn't.  And they theoretically could be trying repeatedly to log in.

But to me, that begs the question.  If someone is not a member, i.e. a Guest, why would it create an error (for me) and error message (for them). They're essentially just any random person on the internet.  Why should that produce an SMF error?

I mean, wouldn't it be more logical for them to see a message saying 'you must register before you can log in' rather than produce an error about the referring url?  Shouldn't SMF check to see if they are a member before it spits an error?

And especially if it were bots.  There must be bazillions of bots surfing around the internet.  Why should they trip an error for SMF if they try and fail to log in?

There must be something I don't understand about the message you referenced.

QuoteThat means themes other mods anything that has a login form.

How can I find out if a theme has a login form?  I thought the themes use the same login form as the default, but it just looks different, to match the theme?

Thanks  :)

brynn

Oh, do you mean exactly like that one in the top-right corner of my default theme?

lurkalot

Quote from: brynn on November 13, 2018, 05:16:43 PM
Ok yep, I've had 2 hits on that error since disabling the block.

I use the mod which interfaces with SFS (I always forget exactly which one it is - StopSpammer or Bad Behavior), so if anyone - any of these IPs which are hitting the error are in the SFS DBs, and tried to register, they couldn't.  And they theoretically could be trying repeatedly to log in.

But to me, that begs the question.  If someone is not a member, i.e. a Guest, why would it create an error (for me) and error message (for them). They're essentially just any random person on the internet.  Why should that produce an SMF error?

I mean, wouldn't it be more logical for them to see a message saying 'you must register before you can log in' rather than produce an error about the referring url?  Shouldn't SMF check to see if they are a member before it spits an error?

And especially if it were bots.  There must be bazillions of bots surfing around the internet.  Why should they trip an error for SMF if they try and fail to log in?

There must be something I don't understand about the message you referenced.

QuoteThat means themes other mods anything that has a login form.

How can I find out if a theme has a login form?  I thought the themes use the same login form as the default, but it just looks different, to match the theme?

Thanks  :)

Brynn, any theme that was made before SMF 2.0.14 was released will suffer from this problem (if it hasn't been updated, and marked as compatible with 2.0.14 - 15) if it has a login box, other than the one in your SMF main menu.  If it has one top right, or left of the page for example then it comes from the theme.

lurkalot

Quote from: brynn on November 13, 2018, 05:31:40 PM
Oh, do you mean exactly like that block in the top-right corner of my default theme?

Yes exactly. Sorry was just answering that as you posted.  ;)

brynn

Ok, from the instructions:

QuoteIf your custom theme has a login form, such as in index.template.php, boardindex.template.php or login.template.php, you will need to modify the theme to allow the login function to work correctly. In order to modify the theme, add the following code along with the other "hidden" input types, or anywhere before the closing </form> tag in the login form.

For each theme, will I need to make changes in all 3 of those files?  Or will it only be in one of them?

Let's see if I can find one....

Oh wait.  I'd better take a backup first.  It's been awhile, and I'm messing around with my computer more than usual (looking to eventually switch to Linux, but for now, looking at different distros, which means constantly changing the boot sequence, and omg).  But I'd better take a fresh backup before I start this.

It will probably be tomorrow or maybe this weekend before I get back to this.  My backup usually takes 4 to 6 hours.  Then I'll back up my computer, which only takes about an hour.  And I'm typically not online much on Thurs/Fri.  So if I can't squeeze it in Wed, it'll be the weekend.

I'll see you back before too long.  I'd rather have a good backup, just in case  ;)

Thanks again for your help!

brynn

Ok, I managed to get back tonight.  For the Aqua theme, which is the forum default, which has that login block in the top-right corner, I find only
BoardIndex.template.php
index.template.php
It doesn't seem to have any login.template.php file.

index.template.php already has the proper code inside the <form> tags.

BoardIndex.template.php, there is <form> tags, but it does not have

<input type="hidden" name="hash_passwrd" value="" />

inside those tags.  Does that mean that whatever kind of form it provides, it's not a login form (in that file)?  (It has input type = button value)
Should I still paste in the proper code anyway?

Thanks

lurkalot

The Aqua theme on the theme site downloads page is already updated for SMF 2.0.14 so should contain the session check.  You could compare those two files and see if you're missing those bits. Thou it should only be the login form you need to modify. The theme was updated in July 05, 2017 https://custom.simplemachines.org/themes/index.php?lemma=2631

brynn

I don't think I've updated any themes since I started my forum in 2013.

Whoa!  Ok, new info.  It looks like I've applied the login fix to all my themes already.  I found the instructions I wrote for myself, from that older topic.  But maybe I did it wrong?

This is what I did for all my themes:

Find this in each themes' index.template.php file:

<input type="hidden" name="hash_passwrd" value="" />

And replace with this:

<input type="hidden" name="hash_passwrd" value="" />
        <input type="hidden" name="', $context['session_var'], '" value="', $context['session_id'], '" />


And I've checked all my themes, and they all have the same code.

Is what I did correct?  If so, then I have the fix applied everywhere.  But if it's wrong, how do I fix it?

But if it's correct, then where the heck is this error coming from?  Since it doesn't look like it's coming from TP, should I post in the SMF forum?