MyBB Community Forums - Authorization code mismatch Shade Solution could not fix it

Pages: 1 2

(2020-06-19, 04:52 AM)noyle Wrote: [ -> ]There could be many things causing the Authorization code mismatch error and a URL to your forum would be helpful for investigation.

(2020-06-19, 09:39 AM)ForumDeveloper Wrote: [ -> ]https://africanspirituality.net/

I just signed up with a test account TestUser as I noticed you've reinstalled your forum. Registration and login worked for me (logged out and back in) - are you still facing issues?

(2020-03-28, 01:32 PM)Devilshakerz Wrote: [ -> ]
(2020-03-28, 08:51 AM)ILUXA Wrote: [ -> ]but it doesn't work at all when using torbrowser, I used latest clean torbrowser version for Linux without any additional addons. And this issue even exist on this forum (!)

In the Storage Inspector, can you see a cookie with Name sid? Does its Value change with page reload?

What did you find out when you tried this? From what you have said so far it seems to be more likely to be an issue with identifying the session rather than the post code. Is there another forum running on the same domain? Is the website behind a proxy service for example Cloudflare?

If you are using a proxy have you enabled this setting?
Admin CP -> Configuration -> Settings -> Server and Optimization Options -> Scrutinize User's IP address?

(2020-03-28, 03:31 PM)Devilshakerz Wrote: [ -> ]It's likely related to Tor using different exit relays (and different IP addresses) for consecutive visits. MyBB currently uses sid and addresses for session continuity, so any changes may break anti-CSRF tokens that depend on the session for guests (tokens for logged in users are not dependent on such sessions).

You can try replacing line inc/class_session.php:57:
$query = $db->simple_select("sessions", "*", "sid='{$sid}' AND ip=".$db->escape_binary($this->packedip));
to:
$query = $db->simple_select("sessions", "*", "sid='{$sid}'");

Please also try this modification.

(2020-06-19, 10:30 AM)JordanMussi Wrote: [ -> ]
(2020-06-19, 09:39 AM)ForumDeveloper Wrote: [ -> ]https://africanspirituality.net/

I just signed up with a test account TestUser as I noticed you've reinstalled your forum. Registration and login worked for me (logged out and back in) - are you still facing issues?

(2020-03-28, 01:32 PM)Devilshakerz Wrote: [ -> ]
(2020-03-28, 08:51 AM)ILUXA Wrote: [ -> ]but it doesn't work at all when using torbrowser, I used latest clean torbrowser version for Linux without any additional addons. And this issue even exist on this forum (!)

In the Storage Inspector, can you see a cookie with Name sid? Does its Value change with page reload?

What did you find out when you tried this? From what you have said so far it seems to be more likely to be an issue with identifying the session rather than the post code. Is there another forum running on the same domain? Is the website behind a proxy service for example Cloudflare?

If you are using a proxy have you enabled this setting?
Admin CP -> Configuration -> Settings -> Server and Optimization Options -> Scrutinize User's IP address?
(2020-03-28, 03:31 PM)Devilshakerz Wrote: [ -> ]It's likely related to Tor using different exit relays (and different IP addresses) for consecutive visits. MyBB currently uses sid and addresses for session continuity, so any changes may break anti-CSRF tokens that depend on the session for guests (tokens for logged in users are not dependent on such sessions).

You can try replacing line inc/class_session.php:57:
$query = $db->simple_select("sessions", "*", "sid='{$sid}' AND ip=".$db->escape_binary($this->packedip));
to:
$query = $db->simple_select("sessions", "*", "sid='{$sid}'");
Please also try this modification.

Thanks for taking a look at the site and registering on it to test it.

I uninstall the previous MyBB 1.8 as a result of the Authorization code mismatch Error bug and I reinstall fresh MyBB 1.8 adding

<input name="my_post_key" type="hidden" value="{$mybb->post_code}" /> infront of <form action="member.php">

error_nopermission
header_welcomeblock_guest
member_login
portal_welcome_guesttext

On windows pc google chrome, opera mini, internet explorer and mozila new users can not register on the forum site, It keeps on "You need to enter a valid email address" on email address box even though the email address is a valid gmail address.

But when I ran File verification, I got "Congratulations! No corrupt files have been found on your installation."

Site is runing on cloudflare and I am not using proxy or vpn to access the site.

As soon as I replacied line inc/class_session.php:57:

$query = $db->simple_select("sessions", "*", "sid='{$sid}' AND ip=".$db->escape_binary($this->packedip));

to:

$query = $db->simple_select("sessions", "*", "sid='{$sid}'");

I immediately got this error message when I visited the site:

This page isn’t sitename.net is currently unable to handle this request.
HTTP ERROR 500

So I have left the old code without tampering it: $query = $db->simple_select("sessions", "*", "sid='{$sid}' AND ip=".$db->escape_binary($this->packedip));

Any suggestion on fixing this site error will be highly appreciated.

Thank you so much in advance for your support

Have you tried clearing your cookies? misc.php?action=help&hid=3

Those template alterations are not required for the latest version of MyBB as the templates will be correct already.

I can now confirm the issue I am given a new sid cookie every time I reload a page. It does seem to be an issue with matching session IDs with the stored sessions.

(2020-06-19, 10:30 AM)JordanMussi Wrote: [ -> ]If you are using a proxy have you enabled this setting?
Admin CP -> Configuration -> Settings -> Server and Optimization Options -> Scrutinize User's IP address?

Did you try this? ^

(2020-06-19, 11:20 AM)ForumDeveloper Wrote: [ -> ]This page isn’t sitename.net is currently unable to handle this request.
HTTP ERROR 500

The code looks fine and I've tested on a copy of 1.8.22 and it doesn't produce an error. Are you sure that was the exact modification to the file you made?

(2020-06-19, 01:26 PM)JordanMussi Wrote: [ -> ]Have you tried clearing your cookies? misc.php?action=help&hid=3

Those template alterations are not required for the latest version of MyBB as the templates will be correct already.

I can now confirm the issue I am given a new sid cookie every time I reload a page. It does seem to be an issue with matching session IDs with the stored sessions.

(2020-06-19, 10:30 AM)JordanMussi Wrote: [ -> ]If you are using a proxy have you enabled this setting?
Admin CP -> Configuration -> Settings -> Server and Optimization Options -> Scrutinize User's IP address?

Did you try this? ^

(2020-06-19, 11:20 AM)ForumDeveloper Wrote: [ -> ]This page isn’t sitename.net is currently unable to handle this request.
HTTP ERROR 500

The code looks fine and I've tested on a copy of 1.8.22 and it doesn't produce an error. Are you sure that was the exact modification to the file you made?

I ticked No in Scrutinize User's IP address and Yes that was the exact modification to the file I made that produced error

(2020-06-19, 01:45 PM)ForumDeveloper Wrote: [ -> ]I ticked No in Scrutinize User's IP address and Yes that was the exact modification to the file I made that produced error

Please could you try enabling it?

(2020-06-19, 02:25 PM)JordanMussi Wrote: [ -> ]
(2020-06-19, 01:45 PM)ForumDeveloper Wrote: [ -> ]I ticked No in Scrutinize User's IP address and Yes that was the exact modification to the file I made that produced error

Please could you try enabling it?

I have enabled it now. Problem solved. Thanks a billion times

Awesome! Glad to hear it :-)

A further note, removed/changed powered by MyBB's notice would result in support denial, please review https://mybb.com/support/eligibility-policy/ .

(2020-06-19, 04:32 PM)noyle Wrote: [ -> ]A further note, removed/changed powered by MyBB's notice would result in support denial, please review https://mybb.com/support/eligibility-policy/ .

I was still editing site when I posted this topic. Just added Mybb to the footer section on the site.

Pages: 1 2