Login button / myaccount page login doesn't work

Themes Forums Academy WordPress Theme Login button / myaccount page login doesn't work

  • Author
    Posts
  • #41794

    fazomtelen
    Member

    Hi,

    If somebody buys something (woocommmerce) and thereby makes an account, s/he cannot log in using the login button in the menu. Nor the myaccount page that is sent in the order confirmation page. The login works properly when using the wp-admin page. How can this be fixed?

    Regards,
    Viki

    #41801
    themex
    themex
    Member

    You must be signed in and verified as a buyer of this theme to view replies by the support staff. Register Now →

    #41826

    fazomtelen
    Member

    My hosting provider told me to start such an ajax request and tell them when I did it so they can check the logs for the problem. So what should I do in the template for the admin-ajax.php file to run? Is it enough if I just try to log in using the login button?

    #41835
    themex
    themex
    Member

    You must be signed in and verified as a buyer of this theme to view replies by the support staff. Register Now →

    #41868

    fazomtelen
    Member

    Okey. They told me that the server denies the ajax request for security reasons. However, it seems that the problem is a phrase that is used in an SQL injection attack (whatever this means). The “user_password” phrase is the reason. I was told that even if this was changed to “user_pass” or “userpass” that would suffice for the request to run. This causes the problem:

    user&nonce=a64b6f0ea6&data=user_login%3DFelhaszn%25C3%25A1l%25C3%25B3n%25C3%25A9v%26user_password%3DJelsz%25C3%25B3%26user_action%3Dlogin_user%26user_redirect%3D%26nonce%3Da64b6f0ea6%26action%3Dthemex_update_user”

    Here, take a look to the logs:

    POST /tanfolyamok/wp-admin/admin-ajax.php HTTP/1.1
    Host: tarskereso-kalauz.hu
    Connection: keep-alive
    Content-Length: 233
    Accept: */*
    Origin: https://tarskereso-kalauz.hu
    X-Requested-With: XMLHttpRequest
    User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.10 Safari/537.36
    Content-Type: application/x-www-form-urlencoded; charset=UTF-8
    Referer: https://tarskereso-kalauz.hu/tanfolyamok/
    Accept-Encoding: gzip, deflate, br
    Accept-Language: hu-HU,hu;q=0.8,en-US;q=0.6,en;q=0.4

    –247ef536-C–
    action=themex_update_user&nonce=a64b6f0ea6&data=user_login%3DFelhaszn%25C3%25A1l%25C3%25B3n%25C3%25A9v%26user_password%3DJelsz%25C3%25B3%26user_action%3Dlogin_user%26user_redirect%3D%26nonce%3Da64b6f0ea6%26action%3Dthemex_update_user
    –247ef536-F–
    HTTP/1.1 406 Not Acceptable
    Content-Length: 373
    Keep-Alive: timeout=15
    Connection: Keep-Alive
    Content-Type: text/html; charset=iso-8859-1

    –247ef536-E–

    –247ef536-H–
    Message: Access denied with code 406 (phase 2). Pattern match “\\b(?:user_(?:(?:object|table|user)s|password|group)|a(?:tt(?:rel|typ)id|ll_objects)|object_(?:(?:nam|typ)e|id)|pg_(?:attribute|class)|column_(?:name|id)|substr(?:ing)?|table_name|mb_users|rownum)\\b” at ARGS:data. [file "/etc/httpd/modsecurity.d/modsecurity_localrules.conf"] [line "129"] [id "950907"] [msg "SQL Injection Attack. Matched signature <user_password>"] [severity "CRITICAL"]

    So the question is, that apart from switching service provider, can we do something to make the login work?

    #41885
    themex
    themex
    Member

    You must be signed in and verified as a buyer of this theme to view replies by the support staff. Register Now →

    #41887

    fazomtelen
    Member

    They will not disable this. However, I’d prefer if you’d just write me how to change it (in which files and how many instances), because if something doesn’t work, we can try several different field names. Thanks for the help. I hope renaming the field name will solve this issue. :-)

    #41892
    themex
    themex
    Member

    You must be signed in and verified as a buyer of this theme to view replies by the support staff. Register Now →

    #41900

    fazomtelen
    Member

    Are you sure this is all I need to change? I changed all “user_password” and “user_password_repeat” instances in the four mentioned file to “userpass” and “userpass_repeat”. But it doesn’t work.

    Also, I got another error, I’m not sure if this is related or new.

    [Thu Sep 14 14:30:37 2017] [-:warn] [pid 1592:tid 139815135733504] [client 66.249.76.54:47850] mod_fcgid: stderr: PHP Warning: sprintf(): Too few arguments in /chroot/home/kutyatvh/tarskereso-kalauz.hu/html/wp-includes/widgets.php on line 1051

    the line 1051 of widgets.php is

    $args['before_widget'] = sprintf( $args['before_widget'], $widget_obj->widget_options['classname'] );

    I get this error message when I try to log in using the login button, so I assume it is related. Is it?

    #41903
    themex
    themex
    Member

    You must be signed in and verified as a buyer of this theme to view replies by the support staff. Register Now →

Viewing 10 posts - 1 through 10 (of 10 total)

You must be logged in to reply to this topic.