WordPress.org

Ready to get started?Download WordPress

Forums

WP User Frontend
[resolved] Cheating message even when posting as Admin (20 posts)

  1. jonga1306
    Member
    Posted 1 year ago #

    I'm using Prof99's fork 4.2 (latest) version with WP 3.5.1 including some additional code updates as discussed in the following thread:

    Thread Here

    However, I am trying to submit a post with a featured image and get the 'Cheating' message come up after Submitting.

    I would guess this is to do with permissions but I am logged in as admin trying to submit.

    I've been having problems with the plugin since WordPress 3.5 (and the new media manager). I've had error messages trying to upload new attachments or inline content images using the Visual editor (An error occurred in the upload. Please try again later.)

    Also, the featured image uploader won't successfully upload - the upload ticks to 100% but no thumbnail appears.

    I wonder if this is all to do with roles/capabilities but as an admin, I would assume this shouldn't happen.

    Any help would be gratefully received.

    http://wordpress.org/extend/plugins/wp-user-frontend/

  2. professor99
    Member
    Posted 1 year ago #

    Hi Jonga,

    Haven't had this problem myself. I'm about to release the 4.3 version of the development release within a day once I've finished a few more tests. I will get you to try it just in case it solves your problems.

  3. professor99
    Member
    Posted 1 year ago #

    Hi Jonga,

    My new development version 4.3 passed my remaining tests in no time and is now released. Give it a try to see if it solves your problems.

  4. jonga1306
    Member
    Posted 1 year ago #

    Hi prof,

    Have updated your dev version 4.3 although support page in admin is still showing version as 4.2 - which I suppose could indicate I haven't updated correctly. Although remote files show correct 4.3 version.

    Anyway, I am getting the same issue as described above. I seem to think all my issues in this thread and the one before where we've been discussing are to do with permissions. The behaviour is as if I don't have permissions to upload images or post. I am using plugin s2member but have tried disabling all plugins and still getting this CHEATING? message and no images will upload or select via the Add Media or the Upload button.

    J.

  5. professor99
    Member
    Posted 1 year ago #

    Hi Jonga1306,

    You probably have updated fine as I just checked my support page and found my version number is still 4.2. So congratulations for finding the first bug. I have two cans of insecticide in front of me as I type and are in a dilemma as to which one to use :).

    As to your dilemma in order to further define the problem try doing the following.

    1. Disable all plugins including s2member

    2. Clean out the cache of your browser just in case an old javascript file is causing the problem

    Try uploading as admin using the following three methods (you did mention some of this above but just making sure).

    3. Featured image upload.
    4. Editor 'Insert Media' upload
    5. Attachment upload (using the Frontend attachment field)

    6. Can you use insert an image already in the media library without problems for methods 1 and 2?

    7. Just in case it's a WordPress problem try doing an upload from the backend admin Media Library page.

  6. jonga1306
    Member
    Posted 1 year ago #

    Hi prof,

    OK, have worked through the list above.

    I did 1 and 2 as instructed then tested in Firefox and Chrome (latest versions).

    When trying to upload a featured image or attachment, I get the issues as previously reported - it uploads to 100% but then no thumbnail appears or attachment. Then, when submitting the form, both browsers now have 'Please Wait' just hanging and the Firefox Firebug console flags up an error which reads:

    Load denied by X-Frame-Options: https://mysite/wp-admin/admin-ajax.php does not permit cross-origin framing.
    and
    Error: Permission denied to access property 'document'

    The second error then points to line 11 in file jquery.form.min.js as the code error.

    The Chrome browser throws up (on submit):

    Refused to display 'https://mysite/wp-admin/admin-ajax.php' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'.

    As for the other bits, the inline editor won't upload images and throws an error but you can select existing ones. The attachment and upload featured image as we have said don't work properly either.

    You can upload images in the wordpress media manager in the admin area however so it doesn't seem to be a WP issue.

    I have screen grabs of all the code errors but I wasn't sure how to save log files from the console.

    So, any thoughts?!

  7. jonga1306
    Member
    Posted 1 year ago #

    Oh, and despite the errors, it did seem that the posts were actually being created as they appeared on the site and in the admin section however with no images or attachments.

    Having re-enabled the plugins, I go back to the error 'cheating'. coming up on submit and no errors showing in the console (presumably because the form is never getting to 'submit').

  8. professor99
    Member
    Posted 1 year ago #

    Hi Jonga,

    I have never seen this 'X-Frame-Options' error before. It may be related to using https so try it again with just http.

    As to getting logs off Firebug the following two tools are what I use.

    To enable the ability to save a 'Net' log install the following Firebug extension NetExport and restart Firefox

    Using the 'Export' option on the 'Net' option in the Firebug bar save the log as a 'HAR' file.

    To save the console log along in a similar manner use ConsoleExport.

    Send both to me at abruinATihugDOTcomDOTau

  9. professor99
    Member
    Posted 1 year ago #

    I looked at little bit more into the X-Frame problem and found here it is a web server setting. This is what I think is causing your problems. One potential fix is here

  10. jonga1306
    Member
    Posted 1 year ago #

    Right,

    I have had a break through.

    I have not been using SSL on all the pages of the site other than for payment or sensitive data. Therefore the site has mainly been using http with https hyperlinks and overides for particular pages only.

    Having set to use https on the WPUF add item page, this seems to have resolved the 'cheating?' issue and the fix in your post above seems to have resolved the X-Frame problem.

    I need to spend a bit more time testing to ensure that the problem is resolved but we seem to have at least made a move in the right direction and hopefully this will be resolved.

    Thanks for your help so far.

  11. jonga1306
    Member
    Posted 1 year ago #

    I will email you my two firebug exports - one with http and one without in case this helps with more specific debugging issues.

    Thanks.

  12. professor99
    Member
    Posted 1 year ago #

    Thanks jonga. Could you post details of your fixes here in order to help other users who might experience the same problem.

  13. jonga1306
    Member
    Posted 1 year ago #

    Hi prof,

    In terms of the X-Frame-Options error:

    Load denied by X-Frame-Options: https://mysite/wp-admin/admin-ajax.php does not permit cross-origin framing.

    which I was seeing in the Firebug console when trying to submit a post using WPUF, the fix was to add the following line to the file admin-ajax.php after the opening PHP tag:

    header('X-Frame-Options: GOFORIT');

    Then, to resolve the error where I was receiving a 'Cheating?' message when submitting (which was the next error after the fix above), I realised that my configuration was throwing an error due to me not using SSL on the submission page. I changed this so that the WPUF Add post and edit post pages now use SSL and this resolved the error.

    The exact route cause of the second part I am unsure but I have sent you the console log for the non-http submission so if anything crops up please do let me know.

  14. professor99
    Member
    Posted 1 year ago #

    Hi Jonga,

    You mention below of having to use SSL to solve the problem is not normal behaviour as Frontend generally works fine for http. This sounds like a server problem too. Could your please send me the logs with the 'Cheating?' message in it as well.

    Then, to resolve the error where I was receiving a 'Cheating?' message when submitting (which was the next error after the fix above), I realised that my configuration was throwing an error due to me not using SSL on the submission page. I changed this so that the WPUF Add post and edit post pages now use SSL and this resolved the error.

  15. jonga1306
    Member
    Posted 1 year ago #

    I thought that was the log with the 'cheating?' message? was it not?

    If not I may have to regenerate it.

  16. professor99
    Member
    Posted 1 year ago #

    I'm yet to look at the log but it seems I misunderstood your previous message.

  17. professor99
    Member
    Posted 1 year ago #

    The 'cheating' message comes from wpuf-add-post.php:submit_post() and is the result of it not recognising the nonce _wpnonce sent as part of the post. Since nonce's are connected to both the user_id and the login session maybe a http session and a https are deemed to be different.

    The initial page get is http.However the last POSTs to admin.ajax.php are using https and I suspect this and added with the XFrame problem may be causing your problem.

    Why is your server generating a mix of http and https calls? Any idea?

    Ahhh. I check of the initial page load reveals this.

    var wpuf = {"ajaxurl":"https:\/\/www.culture.info\/wp-admin\/admin-ajax.php","submit_msg":"Submit Post

    That would do it. Where does this come from? Well it comes from enqueue_scripts() in wpuf.php.

    function enqueue_scripts() {
    ...
            wp_localize_script( 'wpuf', 'wpuf', array(
                'ajaxurl' => admin_url( 'admin-ajax.php' ),
                'submit_msg' => $submit_msg,
                'update_msg' => $update_msg,
                'postingMsg' => $posting_msg,
                'deleteMsg' => $delete_msg,
                'confirmMsg' => __( 'Are you sure?', 'wpuf' ),
    			'delete_confirm_msg' => __('Are you sure to delete this post?', 'wpuf' ),
                'nonce' => wp_create_nonce( 'wpuf_nonce' ),
            ) );
    ....
    }

    So the WordPress function admin_url() is the den of our culprit. And who lives behind these doors....Your Site Address as provided by the option 'Site Address (URL)' in the WordPress General Settings page.

    This wont work properly especially with the media library. However Ve haf vays of making you tock https

  18. jonga1306
    Member
    Posted 1 year ago #

    This probably has to do with the fact I don't use https on every page. I HAD enabled https on transactional / submission pages but not on every page. Therefore I had used admin_url() for forcing admin pages to use SSL. I can make the whole site SSL (is that the solution you are suggesting?) but I have found that by making the page with the add-post shortcode https, this resolves the issue.

    What do you advise?

  19. professor99
    Member
    Posted 1 year ago #

    Is it works for you that is fine but be wary of problems you haven't encountered yet, updates to come, and other plugins that may throw spanners into your works. admin_url() and related functions are used everywhere.

    Given this I think you have three options.

    1. Stay with your present scheme and workarounds but be aware of problems to come.

    2. Make everything https by either of the two options given in the link I gave you in the last post. This is the easist, most problem free, secure, and future proof method

    3. Use a partial implementation of the rewrite scheme given in the previous link for the parts you want secure.

  20. jonga1306
    Member
    Posted 1 year ago #

    I am happy to take your advice and revert to making the whole site SSL. I will use the htaccess option.

    Thanks again.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic