Several bugs since update

  • Resolved jens2021

    (@jens2021)


    2 years, 9 months ago

    Hi there,

    since the latest security updates several issues occure:

    1. No password-confirmation field on registration form

    2. Registrations will still be accepted, but the forwarding to a specific site after registration does not work anymore. Instead new registerd users will be redirected to the word-press login-page.

    3. New registers users are unable to login. It shows password is wrong. Reset password function seems working, but after reset the password it still shows that the password is not correct.

    4. I am usung hCaptcha on my site. hCaptcha does not work anymore at all.

    Side note: I am using wprocket, but UM-Sites are excludes and i always cleared the cache between steps while testing.

    For the time beeing I had no other choice as downgrade back to 2.6.2 by using a backup, because the latest updates made my page unusable. Sadly I can not say exactly which of the latest updates did all these above, but I can confirm the issues exist at 2.6.6. and 2.6.7.

    Please do a fix of that as soon as possible, so I can do the neccesary update.
    Thanks.

Viewing 15 replies - 16 through 30 (of 42 total)
1 2 3
  • Plugin Author Mykyta Synelnikov

    (@nsinelnikov)

    2 years, 9 months ago

    Hi @jens2021

    It works properly for my Subscriber user with these settings:
    https://imgur.com/SMthLXB

    Could you share the user role settings for role which is assigned to the user after registration?

    Let me know,
    Best Regards!

    Thread Starter jens2021

    (@jens2021)

    2 years, 9 months ago

    Hi @nsinelnikov

    many thanks for coming back to me again!

    Sadly all your suggestions doesn´t work.

    I have noticed that, similar to the login-button from the confirmation-mail after registration, also the redirect by the logout-button doesn´t work. So i believe there is a basical redirect issue on my page since the security-update and it´s not about the settings within the user-role.

    However, I believe it´s more productive if you can look at my site directly. So to respect the forum-rules i will message you on WP-Slack.

    Regards.

    Edit: I have no access to wp-slack and can not register because i am not a member of “making wordpress”.

    To make it simple, here is the url to my website and my mail-adress:

    [link removed by moderator]


    This picture will be atomatically deleted in one week.

    Regards
    Jens

    Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    2 years, 9 months ago

    @jens2021  Please don’t offer to send or post logon credentials on these forums: https://ww.wp.xz.cn/support/guidelines#the-bad-stuff

    Please change your password immediately, as the image you posted was visible publicly.

    It is not OK to offer, enter, or send site credentials on these forums. Thanks for your cooperation.

    Thread Starter jens2021

    (@jens2021)

    2 years, 9 months ago

    Hi @sterndata

    many thanks for keeping this forum safe.
    However, the picture did not include any login credentials.
    It showed just the website-url and my public e-mail address.

    You can check again: https://ibb.co/bNj4Lh5

    Please let this visible, so @nsinelnikov can check my website regarding the issue i have with the UM_plugin and get in touch with me by e-mail to get access to my site if neccessary.

    I just don´t want to write the url and mail-address here in plain because it will stay here forever. So i do it with this image which will be deleted automatically within one week.

    Many thanks & kin regards
    Jens

    Plugin Author Mykyta Synelnikov

    (@nsinelnikov)

    2 years, 9 months ago

    Hi @jens2021

    Please see my Loom and share the necessary screenshots with the Ultimate Member settings screens. You may blur all private data if it’s needed.

    Let me know,
    Best Regards!

    Thread Starter jens2021

    (@jens2021)

    2 years, 9 months ago

    Hi @nsinelnikov

    Thank you for the Loom!
    I have re-checked all settings and everything looks good to me – but the redirect-issue is still there.
    Just to confirm: I have not changed any settings since the security-update and before the update everything worked fine.

    Here are all the screenshots you asked for:

    General Setttings: https://ibb.co/QN6K2LY
    Reg-Form Settings: https://ibb.co/gyDkGtV
    Reg-Form Edit: https://ibb.co/XjvKg8P
    User-Role Part 1: https://ibb.co/jZ0wtBr
    User-Role Part 2: https://ibb.co/vYx0667
    Access-Settings: https://ibb.co/b7rWWHc

    Can I contact you by your official support on ultimatemember.com to give you access to my website? Maybe that makes it easier to discover the issue?

    Many thanks again & kind regards
    Jens

    missveronica

    (@missveronicatv)

    2 years, 9 months ago

    @jens2021

    You can try this code snippet which will log your redirects to debug.log with short stacktraces.

    add_action( 'wp_error_added', 'wp_redirect_custom_log', 10, 3 );
add_filter( 'x_redirect_by', 'wp_redirect_custom_log', 10, 3 );

function wp_redirect_custom_log( $x_redirect_by, $location, $status ) {

    global $current_user;

    $traces = debug_backtrace( DEBUG_BACKTRACE_PROVIDE_OBJECT );
    $plugin_trace = array();

    foreach ( $traces as $trace ) {
        if( isset( $trace['file'] )) {

            if ( strpos( $trace['file'], '/plugins/' ) > 0 ) {
                $file = explode( '/plugins/', $trace['file'] );
                if( substr( $file[1], 0, 22 ) != 'wp_redirect_custom_log' ) {
                    $plugin_trace[] = $file[1] . ':' . $trace['line'];
                }
            } 

            if ( strpos( $trace['file'], '/themes/' ) > 0 ) {
                $file = explode( '/themes/', $trace['file'] );
                $plugin_trace[] = 'T: ' . $file[1] . ':' . $trace['line'];
            }

            if ( strpos( $trace['file'], '/wp-includes/' ) > 0 ) {
                $file = explode( '/wp-includes/', $trace['file'] );
                $plugin_trace[] = 'WP: ' . $file[1] . ':' . $trace['line'];
            }
        }
    }

    $trace = date_i18n( 'Y-m-d H:i:s ', current_time( 'timestamp' )) . 'user_id ' . $current_user->ID;

    if ( is_numeric( $location )) {
        $trace .= ' redirect by ' . $x_redirect_by . ', ' . $location . ', ' .  $status;
    } else {
        $trace .= ' WP error code ' . $x_redirect_by . ', message ' . $location . ', data ';
        if ( ! is_array( $status )) {
            $trace .= $status;
        }
        
    }

    $trace .= ' stack trace: ' . implode( ', ', $plugin_trace );

    file_put_contents( WP_CONTENT_DIR . '/debug.log', $trace . chr(13), FILE_APPEND  );

    return $x_redirect_by;
}
    Thread Starter jens2021

    (@jens2021)

    2 years, 9 months ago

    Hi @missveronicatv

    this is the log i get if i do a registration of a new user on my site and when the redirect doesn´t work after sending the registration-form: 

    2023-07-13 19:45:49 user_id 0 WP error code incorrect_password, message <strong>Fehler:</strong> Das eingegebene Passwort für den Benutzernamen <strong>jens</strong> ist nicht korrekt. <a href="https://www.langzeitinsassen.de/wp-login.php?action=lostpassword">Passwort vergessen?</a>, data  stack trace: WP: class-wp-hook.php:310, WP: class-wp-hook.php:332, WP: plugin.php:517, WP: class-wp-error.php:209, WP: class-wp-error.php:66, WP: user.php:195, WP: class-wp-hook.php:308, WP: plugin.php:205, WP: pluggable.php:616, WP: class-wp-xmlrpc-server.php:295, WP: class-wp-xmlrpc-server.php:4824, WP: class-wp-xmlrpc-server.php:707, WP: IXR/class-IXR-server.php:109, WP: IXR/class-IXR-server.php:59, WP: IXR/class-IXR-server.php:27, WP: IXR/class-IXR-server.php:35, WP: class-wp-xmlrpc-server.php:244
2023-07-13 19:45:51 user_id 0 WP error code incorrect_password, message <strong>Fehler:</strong> Das eingegebene Passwort für den Benutzernamen <strong>jens</strong> ist nicht korrekt. <a href="https://www.langzeitinsassen.de/wp-login.php?action=lostpassword">Passwort vergessen?</a>, data  stack trace: WP: class-wp-hook.php:310, WP: class-wp-hook.php:332, WP: plugin.php:517, WP: class-wp-error.php:209, WP: class-wp-error.php:66, WP: user.php:195, WP: class-wp-hook.php:308, WP: plugin.php:205, WP: pluggable.php:616, WP: class-wp-xmlrpc-server.php:295, WP: class-wp-xmlrpc-server.php:4824, WP: class-wp-xmlrpc-server.php:707, WP: IXR/class-IXR-server.php:109, WP: IXR/class-IXR-server.php:59, WP: IXR/class-IXR-server.php:27, WP: IXR/class-IXR-server.php:35, WP: class-wp-xmlrpc-server.php:244
2023-07-13 19:45:54 user_id 0 WP error code incorrect_password, message <strong>Fehler:</strong> Das eingegebene Passwort für den Benutzernamen <strong>jens</strong> ist nicht korrekt. <a href="https://www.langzeitinsassen.de/wp-login.php?action=lostpassword">Passwort vergessen?</a>, data  stack trace: WP: class-wp-hook.php:310, WP: class-wp-hook.php:332, WP: plugin.php:517, WP: class-wp-error.php:209, WP: class-wp-error.php:66, WP: user.php:195, WP: class-wp-hook.php:308, WP: plugin.php:205, WP: pluggable.php:616, WP: class-wp-xmlrpc-server.php:295, WP: class-wp-xmlrpc-server.php:4824, WP: class-wp-xmlrpc-server.php:707, WP: IXR/class-IXR-server.php:109, WP: IXR/class-IXR-server.php:59, WP: IXR/class-IXR-server.php:27, WP: IXR/class-IXR-server.php:35, WP: class-wp-xmlrpc-server.php:244
2023-07-13 19:45:57 user_id 0 WP error code incorrect_password, message <strong>Fehler:</strong> Das eingegebene Passwort für den Benutzernamen <strong>jens</strong> ist nicht korrekt. <a href="https://www.langzeitinsassen.de/wp-login.php?action=lostpassword">Passwort vergessen?</a>, data  stack trace: WP: class-wp-hook.php:310, WP: class-wp-hook.php:332, WP: plugin.php:517, WP: class-wp-error.php:209, WP: class-wp-error.php:66, WP: user.php:195, WP: class-wp-hook.php:308, WP: plugin.php:205, WP: pluggable.php:616, WP: class-wp-xmlrpc-server.php:295, WP: class-wp-xmlrpc-server.php:4824, WP: class-wp-xmlrpc-server.php:707, WP: IXR/class-IXR-server.php:109, WP: IXR/class-IXR-server.php:59, WP: IXR/class-IXR-server.php:27, WP: IXR/class-IXR-server.php:35, WP: class-wp-xmlrpc-server.php:244
2023-07-13 19:46:16 user_id 0 redirect by WordPress, 302, https://www.langzeitinsassen.de/user/jens/ stack trace: WP: class-wp-hook.php:308, WP: plugin.php:205, WP: pluggable.php:1425, ultimate-member/includes/core/class-rewrite.php:159, WP: class-wp-hook.php:308, WP: class-wp-hook.php:332, WP: plugin.php:517, WP: template-loader.php:13
2023-07-13 19:46:47 user_id 0 redirect by WordPress, 302, https://www.langzeitinsassen.de/wp-admin/ stack trace: WP: class-wp-hook.php:308, WP: plugin.php:205, WP: pluggable.php:1425, WP: pluggable.php:1537, ultimate-member/includes/core/um-actions-register.php:249, WP: class-wp-hook.php:308, WP: class-wp-hook.php:332, WP: plugin.php:517, ultimate-member/includes/core/um-actions-register.php:114, WP: class-wp-hook.php:308, WP: class-wp-hook.php:332, WP: plugin.php:517, ultimate-member/includes/core/um-actions-register.php:493, WP: class-wp-hook.php:308, WP: class-wp-hook.php:332, WP: plugin.php:517, ultimate-member/includes/core/class-form.php:691, WP: class-wp-hook.php:308, WP: class-wp-hook.php:332, WP: plugin.php:517, WP: template-loader.php:13
2023-07-13 19:46:48 user_id 0 WP error code empty_username, message <strong>Fehler:</strong> Das Feld für den Benutzernamen ist leer., data  stack trace: WP: class-wp-hook.php:310, WP: class-wp-hook.php:332, WP: plugin.php:517, WP: class-wp-error.php:209, WP: user.php:148, WP: class-wp-hook.php:308, WP: plugin.php:205, WP: pluggable.php:616, WP: user.php:106
2023-07-13 19:46:48 user_id 0 WP error code empty_password, message <strong>Fehler:</strong> Das Passwortfeld ist leer., data  stack trace: WP: class-wp-hook.php:310, WP: class-wp-hook.php:332, WP: plugin.php:517, WP: class-wp-error.php:209, WP: user.php:152, WP: class-wp-hook.php:308, WP: plugin.php:205, WP: pluggable.php:616, WP: user.php:106
    missveronica

    (@missveronicatv)

    2 years, 9 months ago

    @jens2021

    The first redirect is an author_redirect by UM “Author page to user profile redirect”
    Second redirect is an um_registration_pending_user_redirect by UM “Check user status and redirect it after registration”

    Thread Starter jens2021

    (@jens2021)

    2 years, 9 months ago

    Hi @missveronicatv

    thank you. How does this help me now with my problem?
    Please have in mind I am not a professional developer.

    To give you a bit more context, the registration-process on my website is the follwing:

    1. A new user navigate to the registration form and put in all information.
    2. After sending the form the user (should) get redirect to another public page of my website where i put some information about the next steps.
    3. Next to Ultimate member I am also using the plug-in “User verification” to send the new registerd user an e-mail where he need to confirm his e-mail adress.
    4. after the new user confirmed his e-mail adress, i do activate his new account manually with ultimate-member.

    – I am using the second-plugin because ultimate member only alows mail verification or manually activation. I need both. With the second plugin it worked with no issues until your security update. –

    5. after the user has confirmed the e-mail and i activated his account, the account is set up and the user can use it.

    That´s the procedure.
    However, since your security update several redirections within user-accounts doesn´t work anymore:
    – the redirection after registration to a specific page on my site
    – the redirection after login to a specific page on my site
    – the redirection after logout
    – the redirection from the login-button on the welcome-mail
    – the redirectiion after login after password-reset
    All these redirections doesn´t work anymore since the update to your new version. And I have not changed any settings.

    And to keep things clear: It doesn´t matter if i deactivate the plugin “user verification” or any other plugin. I did a full conflict test and even with all plugins deactivated the redirections doesn´t work anymore.

    missveronica

    (@missveronicatv)

    2 years, 9 months ago

    @jens2021

    First error codes are incorrect_password issued by wp_check_password

    Second error codes are username and password is empty from wp_signon

    Thread Starter jens2021

    (@jens2021)

    2 years, 9 months ago

    @missveronicatv thank you. But I can´t see how this information help me with my problem.
    Please read my post above: https://ww.wp.xz.cn/support/topic/several-bugs-since-update/page/2/#post-16893556

    missveronica

    (@missveronicatv)

    2 years, 9 months ago

    @jens2021

    I am using the second-plugin because ultimate member only alows mail verification or manually activation.

    I can give you both with this code snippet, first email confirmation and then admin activation.

    add_action( 'um_after_email_confirmation', 'um_after_email_confirmation_admin_approval', 10, 1 );

function um_after_email_confirmation_admin_approval( $user_id ) {

    um_fetch_user( $user_id );
    $emails = um_multi_admin_email();
    if ( ! empty( $emails ) ) {
        foreach ( $emails as $email ) {
            UM()->mail()->send( $email, 'notification_review', array( 'admin' => true ) );
        }
    }
    UM()->user()->pending();
}
    • This reply was modified 2 years, 9 months ago by missveronica.
    Thread Starter jens2021

    (@jens2021)

    2 years, 9 months ago

    @missveronicatv – Awesome! That is really great! I will defintily try this!
    Thank you very much!

    However, my main-problem is still the redirect-issue. I have still hope we can find the resason for this issue and fix it 🙂

    missveronica

    (@missveronicatv)

    2 years, 9 months ago

    @jens2021

    Try the user registration with my code snippet
    and deactivate the other plugin not required any more.

Viewing 15 replies - 16 through 30 (of 42 total)
1 2 3

The topic ‘Several bugs since update’ is closed to new replies.