WordPress.org

Ready to get started?Download WordPress

Forums

Login Security Solution
[resolved] "Authenticate filter not called" (but able to login from other computer?) (27 posts)

  1. Emily Barney
    Member
    Posted 1 year ago #

    Here's the error message I get when I try to access any login page for multisite installation from my computer:

    Login Security Solution: authenticate filter not called

    I'm the network admin for the site, it's running WordPress 3.5.1 on WIMP servers and has Login Security Solution - the latest version - enabled for the whole network.

    When I go to a different computer, I'm able to log in. I don't have e-mail enabled on this server, so I haven't received any messages.

    Is this a problem with the settings for the plugin, or something I can change from phpMyAdmin? I can access the sites from a laptop just fine, but I'd like to know how to clear this message sooner rather than later.

    http://wordpress.org/extend/plugins/login-security-solution/

  2. Daniel Convissor
    Member
    Plugin Author

    Posted 1 year ago #

    Hi:

    That error message comes from my wp_login_failed() function. That gets fired when someone uses a bad user name or password. The computer you're logging in from should not impact this situation.

    The reason that error comes up is WordPress' authenticate filter was not called for some reason. Chances are that's happening because some plugin or theme you have overrides the wp_authenticate() function but that overriding function does not call the authenticate filter.

    Please SSH into your site, cd into the base directory of your WordPress installation, then issue the following command:


    grep -r 'function wp_authenticate(' wp-includes/ wp-content/

    Please paste the results of that output here.

    Thanks,

    --Dan

  3. Emily Barney
    Member
    Posted 1 year ago #

    I'm running the site on a WIMP server, as I mentioned above, so I don't normally SSH into anything. I logged into my server and opened command prompt to run the command on the root directory for the WordPress Multisite Installation, but all I got was

    'grep' is not recognized as an internal or external command,
    operable program or batch file.

    I just got the same error message again, now on the laptop that let me log in before, after I saw a message saying my login had timed out. I never got the chance to go back to the login page - when I try to type in anything that would normally take me there, I see the error message.

    The login page still appears fine when I go to a fresh computer and try to log in using the same user account, so that's why I was assuming it was tied to the computer - an IP address, a browser caching issue, something.

    I'm a librarian at a graduate school. I have a lot of laptops available to me. But I'd prefer not to burn through another computer every time I forget to log out, I'd prefer to fix this once and for all. Because if this happens to any of the users I support, I'm going to get blamed for it and have to remove your plugin, which I'd really rather not do since other than this issue it solves my problems very helpfully.

  4. Daniel Convissor
    Member
    Plugin Author

    Posted 1 year ago #

    My sympathies for running on a Windows server. :) Joking aside, the following should act similarly: find 'function wp_authenticate(' wp-includes wp-content

    I don't have a windows box handy to test on, so you may need to tweak that a little.

  5. Daniel Convissor
    Member
    Plugin Author

    Posted 1 year ago #

    Oh, on the computers that you're having problems on, here are some questions:

    * Does it happen only when you go to the login page, type in your user name and password then click "Log In?"
    * Or is it that it happens just by viewing the login page?
    * Does it happen when you access pages other than the login page?
    * If either of those last two questions are true, what happens if you go into your web browser's settings and delete the cookies for the site in question?

    Thanks,

    --Dan

  6. Emily Barney
    Member
    Posted 1 year ago #

    That command doesn't work either and I'm not familiar enough with command line or debugging/troubleshooting this sort of thing to know what you're asking me to do and tweak it. Here's what I get:

    FIND: Parameter format not correct

    I never get to the login page at all, as I've tried to describe. Sorry that wasn't clear already. I can get to the front-end, but I can't get to the back-end because I can't get to the website at all. No admin pages because I've been logged out, no login page because I get the error.

    I was able to clear all my cookies in Safari and get in, so that does seem promising. I'll play with other browsers when I'm done posting something that's due like 2 days ago now. (For any difference it makes in troubleshooting this, at the moment I'm on a Mac, remoting into a Windows server, yeah, this is a silly setup).

  7. Daniel Convissor
    Member
    Plugin Author

    Posted 1 year ago #

    Hi:

    I am trying to get you to search through your code base to find all declarations of the wp_authenticate function. One ways is to read up on the web about how the find command works. Another is to download the site's files to your local mac and then use grep there.

    --Dan

  8. gplasky
    Member
    Posted 1 year ago #

    FWIW I also ran into this issue on a very bare-bones WPMU site with no wp_authenticate overrides as described above. Clearing my site cookies fixed the issue for the time being but doesn't explain the root cause.

  9. Emily Barney
    Member
    Posted 1 year ago #

    Ah, here's what I found by doing a search for wp_authenticate across the contents of my wp-content folder:

    4 occurrences in 3 of 2886 files:
    The bits in italics are added by me

    1. plugins/jetpack/class.jetpack-xmlrpc-server.php line 106: comment line
    2. plugins/jetpack/class.jetpack-xmlrpc-server.php line 111: part of login() function
    3. plugins/jetpack/jetpack.php line 1471: part of upload_handler() function
    4. plugins/login-security-solution/login-security-solution.php line 427: comment line

    I used Komodo edit to search though the contents of the files in my wp-content directory. Is that good enough, or do I still need to do something on the command line?

  10. Daniel Convissor
    Member
    Plugin Author

    Posted 1 year ago #

    Hi E:

    Thanks for the info! I installed jetpack. Doesn't seem to be the problem. I added some extra log calls to possibly help sort out what's going on. Can you please do the following:

    * Download the main plugin file from GitHub (https://raw.github.com/convissor/login-security-solution/master/login-security-solution.php)
    * Open login-security-solution.php in your favorite text editor
    * Go to the log() function and change /var/log/ to a path where your web server has the ability to write files.
    * Remove the comments in front of the log() calls (by doing a search and replace of ### with nothing).
    * Upload the file to my plugin's directory in your plugins directory
    * Use your site until it you replicate the behavior
    * Send the output of file to me at danielc@analysisandsolutions.com

    Thanks.

  11. Daniel Convissor
    Member
    Plugin Author

    Posted 1 year ago #

    The log calls mentioned in my earlier post are now in the latest releases, so you just upgrade and then uncomment the log lines.

  12. pixelyzed
    Member
    Posted 1 year ago #

    Hi there!

    Just FYI, I am also experiencing this issue on various multisite installs, including one with 80 sites and 75 active users managing their own site. So far I have not heard of any of them experiencing the issue but I have. Here's a few observations and tests I have made.

    1- The issue seems to be relatively recent but I couldn't say when it started.

    2- My main computer is running Windows and the problem seems to happen only with Chrome for me. I do not believe I have seen it on Firefox or Opera so far and I use all 3 browsers regularly. I never use IE other than for testing front end layouts so could not say if the issue appears there.

    3- Deleting the specific site's cookies in my browser always fixes the issue for me too. I tested changing the salts variables in wp-config (in case it would work on a larger network where it's not possible to ask non-techie users to delete cookies) and that did not work. The error remained.

    4- All my sites run on Linux/cPanel hosts, some run Apache, others run LiteSpeed. I've seen the issue on both so this is not limited to Windows servers or a specific Web server tech. Some run PHP 5.3.x, others run PHP 5.4.x

    5- No PHP error log file is created at the root of the site or the cPanel error log.

    I searched for the string you mention within the files of the site I had the issue with this morning and the only instance was in the MemberPress plugin. That's the only site I use that plugin on so it does not explain other instances of the error. JetPack is not installed on this network.

    I will uncomment the log calls you mention on my largest network and see if anything shows up.

    Hope this helps a little!

  13. gforeman
    Member
    Posted 1 year ago #

    Mate, I've got massive problems.

    I'm getting the exact same error message:
    Login Security Solution: authenticate filter not called

    And the exact same problem; I can't even see a login box. Whenever I attempt to go to the usual wp-admin page, it gives me that error.

    My major problem is that no amount of cache-cleaning is working! I can't get in. Well, I can't even see the login page to attempt to get in.

    I would de-activate the plugin ... BUT I CAN'T GET IN.

    Please help asap.

    Glen

  14. Daniel Convissor
    Member
    Plugin Author

    Posted 1 year ago #

    Hi Glen:

    As mentioned in some earlier threads, clear your cookies.

    I'm trying to sort out the source of the problem: Do you use multiple browsers when accessing your site?

    Thanks,

    --Dan

  15. gforeman
    Member
    Posted 1 year ago #

    Hi Dan,
    As mentioned, I tried that. It didn't work.

    I solved the problem though. I FTP'd into the server, jibberised the plugin folder name so that WordPress shut it down, then was able to log back in and deactivate and remove the plugin.

    Obviously not the solution you would be chasing, but appreciate your speedy reply nonetheless. So thanks.

    Cheers
    Glen

  16. Daniel Convissor
    Member
    Plugin Author

    Posted 1 year ago #

    Hi Gforeman:

    You mentioned having tried "cache-cleaning." So I assumed you were talking about clearing the browser's cache. Cookies are separate from the cache, so that's why I suggested deleting your cookies. Did you actually delete your cookies too, or did you just clear the cache?

    Anyway, please don't be distracted by that comment. Please answer the question in my prior post:

    I'm trying to sort out the source of the problem: Do you use multiple browsers when accessing your site?

    Thanks!

  17. gforeman
    Member
    Posted 1 year ago #

    Hey mate,
    Sh-t, yeah, sorry, I forgot to reply to that one.

    Yeah, I tried IE10 and Chrome.

    And yeah, apologies, when I said caching, I meant I had cleared it all. It was about 2am here when I wrote that. Was very tired. Still am.

    Cheers
    Glen

  18. Daniel Convissor
    Member
    Plugin Author

    Posted 1 year ago #

    Glen:

    Did the problem _arise_ when you switched between browsers?

    Can you please try to uncomment the log() calls and reproduce the problem?

    Thanks,

    --Dan

  19. gplasky
    Member
    Posted 1 year ago #

    Daniel,

    Thanks for helping us look into this. I've now had multiple users report this on two separate WPMU instances, neither of which are running any other plugins which call the authenticate() function. I've updated your plugin to the latest version and uncommented out all of the logging calls. I'll wait for this error to reproduce itself and then share the sanitized log data so we can figure out what's going on.

  20. lponce
    Member
    Posted 1 year ago #

    Same problem here. Multisite and unable to login with network admin.

  21. Daniel Convissor
    Member
    Plugin Author

    Posted 1 year ago #

    Hi Lponce:

    Can you please provide valuable assistance by doing the debugging / testing I've mentioned in various posts? Another "me too" post doesn't move the ball forward.

    Thanks,

    --Dan

  22. lponce
    Member
    Posted 1 year ago #

    Sorry but I don't have time for test and debug. I found another plugin which doesn't break my sites. Wish you the best for your plugin.

  23. Jeff Rose
    Member
    Posted 1 year ago #

    I had the same problem when I updated from .39 to .40 - every page seemed to be redirecting to login.php and immediately show that error.

    I renamed the plugin folder to deactivate it, then implemented your logging, but when i reactivated the plugin I did not get the errors again.

    Nothing else changed during that time.

  24. davesyntax
    Member
    Posted 1 year ago #

    I've got the same issue. I've recently upgraded from 0.39 to 0.40.

    Disabling the plugin gets me back into the wordpress site.
    Reinstalling immediately gives the error "Authenticate filter not called".
    I've tried with Safari and Chrome.

    I can't find the log() function to enable it :) Is this function still there?

    Thanks!

  25. gplasky
    Member
    Posted 1 year ago #

    Ok so I was able to grab some log data after replicating the issue (actual paths and usernames redacted):

    2013-06-24 23:10:07 auth_cookie_expired: some_user
    2013-06-24 23:10:07 auth_cookie_expired: some_user
    2013-06-24 23:10:07 auth_cookie_expired: some_user
    2013-06-24 23:10:07 authenticate: empty user_name
    2013-06-24 23:10:07 wp_login_failed: authenticate filter not called
    2013-06-24 23:10:07 wp_login_failed: authenticate filters
    2013-06-24 23:10:07 wp_login_failed: backtrace: [{"function":"wp_login_failed","class":"login_security_solution","object":{"dir_dictionaries":"\/home\/vhosts\/webroot\/wp-content\/plugins\/login-security-solution\/pw_dictionaries\/"},"type":"->","args":[""]},{"file":"\/home\/vhosts\/webroot\/wp-includes\/plugin.php","line":406,"function":"call_user_func_array","args":[[{"dir_dictionaries":"\/home\/vhosts\/webroot\/wp-content\/plugins\/login-security-solution\/pw_dictionaries\/"},"wp_login_failed"],[""]]},{"file":"\/home\/vhosts\/webroot\/wp-includes\/pluggable.php","line":485,"function":"do_action","args":["wp_login_failed",""]},{"file":"\/home\/vhosts\/webroot\/wp-includes\/user.php","line":53,"function":"wp_authenticate","args":[null,null]},{"file":"\/home\/vhosts\/webroot\/wp-login.php","line":608,"function":"wp_signon","args":["",""]}]

    The exact error as shown on the page:

    Login Security Solution: authenticate filter not called

    So clearly the plugin is expiring the auth cookie as it should, and then WordPress seems to be trying to reauth with an empty username field?

  26. Daniel Convissor
    Member
    Plugin Author

    Posted 1 year ago #

    Gplasky:

    Thank you, thank you, thank you! That debugging information led me to the solution fairly quickly.

    This issue has been fixed in the 0.41.0 release.

    --Dan

  27. davesyntax
    Member
    Posted 1 year ago #

    Thanks - update solved the issue. Could there be a button to enable debug/logging in the settings? That way you would get feedback quicker :)

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.