Login Problem
-
Hi,
Notice: your username, IP or email is currently banned into our forum. Please contact an administrator.
I’ve been getting this error message for a long time now. For some reason, sometimes the WP login page comes, and when I try to log in, I’m not allowed to.
It used to redirect to the WP login page after logging into phpBB, but I haven’t experienced that in a long time, so I think it’s resolved.
-
Hello Halil! The problem with phpBB bans is about that it can be issued by
username, email, IP.
The plugin code use just a simple function done years ago to check, when an user login into WordPress, if one of the above is on the ban list
On file class.wp.w3all-phpbb.php
The function about it is
public static function w3_phpbb_ban($phpbb_uid = '', $uname = '', $uemail = ''){and it do the check about all the possibilities only when an user login in WP or the WP login flow fire.
It normally DO NOT run when an user is already logged in, because in this case, the ban check is done in
private static function verify_phpbb_credentials(){within the query that check for user’s session. In this case the check is done each time the WP load but the ban check, is done only in this way as explained
// Banned Deactivated trick // +- the same is done into w3_check_phpbb_profile_wpnu()
// Check for ban_id: if not empty $phpbb_user_session[0]->ban_id then almost a ban by IP or EMAIL or USERNAME exists
// Do not know if there is some other ban row that can exists into 'banlist', because only the first found retrieved into the query above
// The complete ban check is done when user login in wordpress, because on the above main query this has been removed
// REMOVED
//OR ". $w3all_config["table_prefix"] ."banlist.ban_email = ". $w3all_config["table_prefix"] ."users.user_email AND ban_exclude = 0
//OR ". $w3all_config["table_prefix"] ."banlist.ban_ip = ". $w3all_config["table_prefix"] ."sessions.session_ip AND ban_exclude = 0
// THESE ARE ONLY EXECUTED, WHEN USER LOGIN (ON WP)
// LIKE PHPBB DO: to cause an immediate user logout, the user in phpBB NEED to be banned by username! (so it is stored as ban_userid value)
if( !empty($phpbb_user_session[0]->ban_id) && !defined("W3BANCKEXEC") ){
if( $current_user->ID > 1 )
{
if( $phpbb_user_session[0]->ban_end == 0 OR $phpbb_user_session[0]->ban_end > time() ){ // no further check necessary, the only one ban value retrieved here, is a ban that never expire or that is still active
setcookie ("w3all_set_cmsg", "phpbb_ban", 0, "/", $w3cookie_domain, false);
//$wpdb->query("UPDATE $wpu_db_utab SET meta_value = 'a:0:{}' WHERE user_id = '$wp_user_data->ID' AND meta_key = 'wp_capabilities'");
self::w3all_wp_logout('wp_login_url');
}
# NOTE TODO: could be set the bruteforce record for this user (also) here, so at next time, the code flow will stop more above without wasting resources until here
# If a ban exist, even if expired, check by the way this user for bans
# w3_phpbb_ban() function will remove expired bans: so the next time we'll be here up and running, in case
if( self::w3_phpbb_ban($phpbb_u, $phpbb_user_session[0]->username, $phpbb_user_session[0]->user_email) === true && $phpbb_user_session[0]->group_name != 'ADMINISTRATORS' OR $phpbb_user_session[0]->ban_userid > 2 && $phpbb_user_session[0]->group_name != 'ADMINISTRATORS' )
{
setcookie ("w3all_set_cmsg", "phpbb_ban", 0, "/", $w3cookie_domain, false);
self::w3all_wp_logout('wp_login_url');
}
}
} // end banSaid that i have in mind many improvements so if you note some problem just report please!
On October i will be (though) ready to publish some code about how to make phpBB so to looks like Discourse.
The Posts Reply code, to me require to be changed in favor of something that display all posts within the topic, also into the normal flow, and not removing them until not added as replies into the post due to a click into Show replies button. I am not sure but seem that DIscourse works like this.
To do this, i should change the code so to assign a different post ID to those that appears as posts replies when Show Replies button is clicked.
This because, the idea is to let it work all together:
Vertical Views, Posts Slider, Posts Replies.
To make it work Posts Replies with the other two, the code require to be changed and it can be changed in several way so to accomplish with any result. Let see what i can do with the time i have or finally i will GIthub all so to check if some smart guy can help on improve!
I received complaints from a few people, they weren’t banned, but they did say they received a warning. As a temporary solution, I edited the language files as follows:
I think I can edit the code too.
Thank you.
Thank you.
if ( empty( $_REQUEST['redirect_to'] ) OR empty($redirect_to) ) {
wp_redirect( admin_url() ); exit();
}This was the guilty. I removed this code. I think this is what should happen. Personally, I did the following. I created a WP role called Member. It has no permissions. This is because phpBB’s profile and login system is more robust. Users have no use in the WP-Admin page. If they need to access it, I’ll already show them the necessary links. I think you should remove this code.
I use the following href for WP as login url:
.../forums/ucp.php?mode=login&redirect=<?php echo esc_url( home_url( $_SERVER['REQUEST_URI'] ?? '/' ) ); ?>It does what I want and it’s great.
___
edit: I also removed the “function w3_phpbb_ban” code for now.if( isset($_SERVER['REQUEST_URI']) && strpos($_SERVER['REQUEST_URI'], 'wp-login.php') OR isset($_SERVER['SCRIPT_NAME']) && strpos($_SERVER['SCRIPT_NAME'], 'wp-login.php') OR isset($_SERVER['PHP_SELF']) && strpos($_SERVER['PHP_SELF'], 'wp-login.php') OR isset($_SERVER['SCRIPT_FILENAME']) && strpos($_SERVER['SCRIPT_FILENAME'], 'wp-login.php') )
{ wp_redirect( admin_url() ); exit();
}
# if all the above failed on redirect
if ( empty( $_REQUEST['redirect_to'] ) OR empty($redirect_to) ) {
# WILL BE REMOVED
# wp_redirect( admin_url() ); exit();
}This remove the problem and redirect the user to the profile just in case the page the user is on after the session have been set and the user logged in (based on the presented session phpBB cookie) is wp-login.php (because WP default do not redirect if a logged in user visit the wp-login.php page).
But ok it is just a plus. On next version will be so fixed/removed. Just remove it in the while.
w3_phpbb_ban() only run when strictly necessary and do not impact the site performance so why you removed the function w3_phpbb_ban ?
And how? Just placing a
return false;in it, or removing the call to it?Helo Halil! Forgive me you then this time. I will be in hospital tomorrow for a surgery of my inguinal hernia that i take with me since 2016. These days i was not ok due to an episode that will constrain me to the tomorrow step. I return just now online, and in the while i did a thing offline on my time.
Let see if something has been added so to be used with easy and achieve what you want.
I will have probably the time to do it on next week since my situation and if all will be ok!
In the while i have think to…
A never seen way to be secure that our messages are not read by anyone. And that we can be sure it is.
Are you sure that your privacy is complete and a secret is a secret online? With this the answer is yes
…i did an HTML/JS code implementing this: https://developer.mozilla.org/en-US/docs/Web/API/Web_Crypto_API that bring an unparalleled security in the way it is done. Substantially, will be no way for anyone without keys to read an encrypted message that we can exchange after it has been encrypted. I am surprised that no one have never think to something like. Or i never seen around. So i like to present to the world π the unique way be secure that a message can be seen only by the people that own private and public keys. It is done in pure HTML and JS and run without any server involvement, all works within the browser ( i hope the most will use firefox π ) so even offline, into any device.
It is super secure using RSA 4096 bit encryption. Even with a properly sized quantum computer, the big O for Shor’s is O(N3) and would take 45 years to crack one key.
There is no way to break into this concept.
https://github.com/axew3/deApps
see online working example here that can be used by anyone. As can be seen when used on browser, it DO NOT send anything to the server. Imagine to use it as Private mode, and much more.
It is a single html js file.
Unparalleled security for anyone π
/**
- Submit Post
- @todo Split up and create lightweight, simple API for this.
*/
function submit_post($mode, $subject, $username, $topic_type, &$poll_ary, &$data_ary, $update_message = true, $update_search_index = true)
{
Hello Halil, as i can see it has not been adapted to be a simple API, nor into phpBB 4 at this moment (do not know at the moment of his release if it will be).
Anyway, it is very easy to trick the phpBB to act like an API so to use/fire this function on request using cURL within WP and few lines of code into an extension in phpBB.
These kind of things can be easily accomplished like i did for users deletion in phpBB when users are deleted in WP. It is also easy to protect the task from unwanted uses.
The problem is the fact that is quite impossible to translate the formatted html that can be done into WP editor, and the (at max) bb code of a forum post. If you mean to post just a post that’s pure text this is very easy. Well it could be used my HTML on posts extension maybe to be used together so to have the html entirely parsed on posts. Mhhh…
So instead, since you asked it by long time, why not…. i think to… why not to have instead the possibility to load an iframe that display the WP post, inside a phpBB post/topic?
I mean, not all the WP page, but just the body content as iframe, fully visible, inside a post.
It look crazy or awesome?
You must be logged in to reply to this topic.
