2020-06-19, 09:39 AM
(2020-06-19, 04:52 AM)noyle Wrote: [ -> ]There could be many things causing the Authorization code mismatch error and a URL to your forum would be helpful for investigation.
(2020-06-19, 04:52 AM)noyle Wrote: [ -> ]There could be many things causing the Authorization code mismatch error and a URL to your forum would be helpful for investigation.
(2020-06-19, 09:39 AM)ForumDeveloper Wrote: [ -> ]https://africanspirituality.net/
(2020-03-28, 01:32 PM)Devilshakerz Wrote: [ -> ](2020-03-28, 08:51 AM)ILUXA Wrote: [ -> ]but it doesn't work at all when using torbrowser, I used latest clean torbrowser version for Linux without any additional addons. And this issue even exist on this forum (!)
In the Storage Inspector, can you see a cookie with Namesid
? Does its Value change with page reload?
(2020-03-28, 03:31 PM)Devilshakerz Wrote: [ -> ]It's likely related to Tor using different exit relays (and different IP addresses) for consecutive visits. MyBB currently usessid
and addresses for session continuity, so any changes may break anti-CSRF tokens that depend on the session for guests (tokens for logged in users are not dependent on such sessions).
You can try replacing lineinc/class_session.php:57
:
to:$query = $db->simple_select("sessions", "*", "sid='{$sid}' AND ip=".$db->escape_binary($this->packedip));
$query = $db->simple_select("sessions", "*", "sid='{$sid}'");
(2020-06-19, 10:30 AM)JordanMussi Wrote: [ -> ](2020-06-19, 09:39 AM)ForumDeveloper Wrote: [ -> ]https://africanspirituality.net/
I just signed up with a test account TestUser as I noticed you've reinstalled your forum. Registration and login worked for me (logged out and back in) - are you still facing issues?
(2020-03-28, 01:32 PM)Devilshakerz Wrote: [ -> ](2020-03-28, 08:51 AM)ILUXA Wrote: [ -> ]but it doesn't work at all when using torbrowser, I used latest clean torbrowser version for Linux without any additional addons. And this issue even exist on this forum (!)
In the Storage Inspector, can you see a cookie with Namesid
? Does its Value change with page reload?
What did you find out when you tried this? From what you have said so far it seems to be more likely to be an issue with identifying the session rather than the post code. Is there another forum running on the same domain? Is the website behind a proxy service for example Cloudflare?
If you are using a proxy have you enabled this setting?
Admin CP -> Configuration -> Settings -> Server and Optimization Options -> Scrutinize User's IP address?
(2020-03-28, 03:31 PM)Devilshakerz Wrote: [ -> ]It's likely related to Tor using different exit relays (and different IP addresses) for consecutive visits. MyBB currently usessid
and addresses for session continuity, so any changes may break anti-CSRF tokens that depend on the session for guests (tokens for logged in users are not dependent on such sessions).
You can try replacing lineinc/class_session.php:57
:
to:$query = $db->simple_select("sessions", "*", "sid='{$sid}' AND ip=".$db->escape_binary($this->packedip));
$query = $db->simple_select("sessions", "*", "sid='{$sid}'");
Please also try this modification.
<input name="my_post_key" type="hidden" value="{$mybb->post_code}" /> infront of <form action="member.php">
error_nopermission
header_welcomeblock_guest
member_login
portal_welcome_guesttext
$query = $db->simple_select("sessions", "*", "sid='{$sid}' AND ip=".$db->escape_binary($this->packedip));
to:
$query = $db->simple_select("sessions", "*", "sid='{$sid}'");
(2020-06-19, 10:30 AM)JordanMussi Wrote: [ -> ]If you are using a proxy have you enabled this setting?
Admin CP -> Configuration -> Settings -> Server and Optimization Options -> Scrutinize User's IP address?
(2020-06-19, 11:20 AM)ForumDeveloper Wrote: [ -> ]This page isn’t sitename.net is currently unable to handle this request.
HTTP ERROR 500
(2020-06-19, 01:26 PM)JordanMussi Wrote: [ -> ]Have you tried clearing your cookies? misc.php?action=help&hid=3
Those template alterations are not required for the latest version of MyBB as the templates will be correct already.
I can now confirm the issue I am given a new sid cookie every time I reload a page. It does seem to be an issue with matching session IDs with the stored sessions.
(2020-06-19, 10:30 AM)JordanMussi Wrote: [ -> ]If you are using a proxy have you enabled this setting?
Admin CP -> Configuration -> Settings -> Server and Optimization Options -> Scrutinize User's IP address?
Did you try this? ^
(2020-06-19, 11:20 AM)ForumDeveloper Wrote: [ -> ]This page isn’t sitename.net is currently unable to handle this request.
HTTP ERROR 500
The code looks fine and I've tested on a copy of 1.8.22 and it doesn't produce an error. Are you sure that was the exact modification to the file you made?
(2020-06-19, 01:45 PM)ForumDeveloper Wrote: [ -> ]I ticked No in Scrutinize User's IP address and Yes that was the exact modification to the file I made that produced error
(2020-06-19, 02:25 PM)JordanMussi Wrote: [ -> ](2020-06-19, 01:45 PM)ForumDeveloper Wrote: [ -> ]I ticked No in Scrutinize User's IP address and Yes that was the exact modification to the file I made that produced error
Please could you try enabling it?
(2020-06-19, 04:32 PM)noyle Wrote: [ -> ]A further note, removed/changed powered by MyBB's notice would result in support denial, please review https://mybb.com/support/eligibility-policy/ .