We updated the CMSMS core to 2.2.10 and now FEUsers can't log in anymore to FEU pages..
CGExtensions 1.62.3
FrontEndUsers 2.9
CGSimpleSmarty 2.1.8
Thx 4 help.
MAP
No more FEU login after upgrading cmsms core to 2.2.10
Re: No more FEU login after upgrading cmsms core to 2.2.10
Can you be more specific about "can't log in" please? Does it not show the login form? Does it reject the password? Is any sort of notice given?
I'm betting it's giving the "missing security information" (or similar) message, in which case make sure to read the release notes for FEU 2.9. You can find them here: http://dev.cmsmadesimple.org/project/files/14#package-9
I'm betting it's giving the "missing security information" (or similar) message, in which case make sure to read the release notes for FEU 2.9. You can find them here: http://dev.cmsmadesimple.org/project/files/14#package-9
Not getting the answer you need? CMSMS support options
Re: No more FEU login after upgrading cmsms core to 2.2.10
Thx Digi.
When i type in user and Pw in login form and hit the button nothing happens. I stay at the login form.
Thx
MAP
When i type in user and Pw in login form and hit the button nothing happens. I stay at the login form.
Thx
MAP
Re: No more FEU login after upgrading cmsms core to 2.2.10
Do you have the csrf tag in your forms, as per the release notes for FEU 2.9?
Not getting the answer you need? CMSMS support options
Re: No more FEU login after upgrading cmsms core to 2.2.10
Thank you for your answers.
The php eror log did not delivery any solution on this matter. It was not possible to send data by any form to the server. What i finaly did was downgrading as long until a core version makes th site worlking again. This currently is version cmsms 2.2.9.1. All later core versions of cmcms obviously demand for mod_security to be off on the server.
I host since the first days of cmsms in 2006 on 1&1 provider using a shared hosting package. This worked pretty good for 13 years. If cmsms policy now is to demand mod_security to be off this is a feature that my provieder doesn't offer on a pakage like this.
So oit's is possible that a long friendship between us and cmsms will end on core version 2.2.9.1 if cmsms does not change its policy.
Best regards
MAP
The php eror log did not delivery any solution on this matter. It was not possible to send data by any form to the server. What i finaly did was downgrading as long until a core version makes th site worlking again. This currently is version cmsms 2.2.9.1. All later core versions of cmcms obviously demand for mod_security to be off on the server.
I host since the first days of cmsms in 2006 on 1&1 provider using a shared hosting package. This worked pretty good for 13 years. If cmsms policy now is to demand mod_security to be off this is a feature that my provieder doesn't offer on a pakage like this.
So oit's is possible that a long friendship between us and cmsms will end on core version 2.2.9.1 if cmsms does not change its policy.
Best regards
MAP
Re: No more FEU login after upgrading cmsms core to 2.2.10
I used to use 1&1 a long time ago but left after the site took minutes to render and they told me it was my scripts that needed to be tightened up, just last month I moved my last customer off of there servers as they charged too much for their service and the interface left a lot to be desired.
From what I've heard about mod security it is not that useful and impedes most CMSs, I would move to another host, just my opinion...
From what I've heard about mod security it is not that useful and impedes most CMSs, I would move to another host, just my opinion...
Re: No more FEU login after upgrading cmsms core to 2.2.10
Cmsms has always recommended disabling modsec. We've never hidden that, and you'll see it's often the first question we ask when troubleshooting.
The issue is not that we have changed requirements, it's the following:
Some change we have made now triggers a rule in modsec that wasn't triggered before
You have a host unwilling to adjust their ruleset to compensate for this false-positive
My host, for example, works with me on issues like this and will whitelist rules when asked. They also give me the ability to disable modsec so I can easily diagnose problems. Your decision to stay with a shitty host is entirely on you.
The issue is not that we have changed requirements, it's the following:
Some change we have made now triggers a rule in modsec that wasn't triggered before
You have a host unwilling to adjust their ruleset to compensate for this false-positive
My host, for example, works with me on issues like this and will whitelist rules when asked. They also give me the ability to disable modsec so I can easily diagnose problems. Your decision to stay with a shitty host is entirely on you.
Not getting the answer you need? CMSMS support options
Re: No more FEU login after upgrading cmsms core to 2.2.10
Thank you for your comments. I will try the 2.2.12 install on another isp and report what happens.
Yours
MAP
Yours
MAP