WordPress › Support » Login Lock - Not working on on 3.3.1 w/ Password Aging/Password Reset

evolutionaryit
Member
Posted 4 months ago #

Hello,

I'm running WordPress 3.3.1 with Login Lock 2.2.3 and it has a pretty serious bug. I've got password aging on and when it a password needs to be reset it presents a blank html page instead of an option to reset. Here is an example:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US">
<head>
<title> › Reset Password</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<link rel='stylesheet' href='http://www.domainex.com/wp-admin/login.css?version=3.3.1' type='text/css' />

I've had the same problem in other installs with 3.3. Anyone else seeing this?

TIA

http://wordpress.org/extend/plugins/login-lock/
Toni Viemerö
Member
Posted 4 months ago #

Removing row 630 from loginlock.php fixes the problem.

Here's a diff with backwards compatibility:
https://gist.github.com/1605009
evolutionaryit
Member
Posted 4 months ago #

Toni,

Great thanks! Do you know if there is any plan to release a fix in the form of an update?
gustim
Member
Posted 4 months ago #

My password on my WP installation has expired, and when i log in w/ my user/pass i receive this message

Fatal error: Call to undefined function is_rtl() in /home/ffda/public_html/wp-includes/general-template.php on line 2102

If i disable the "require password changes" field, setting to 0, my user work fine.

Any ideas? :)

Versions: Login Lock == v2.2.3
and WP == 3.3.1
evolutionaryit
Member
Posted 4 months ago #

Looks like we have to disable this feature until a plugin update happens addressing these bugs...
jenifer2012
Member
Posted 4 months ago #

I'm having this problem too.

I researched it and found this post, which is what helped me realize it was being caused by a plugin. Then I noticed that others in the comment thread were saying Login Lock was the problem. Mine worked fine with the upgrade until it was time to change the password today, then I got the error everyone here is talking about.

http://www.famousbloggers.net/getting-ready-for-wordprss-3-3-solve-fatal-error-call-to-undefined-function-is_rtl.html

I'm just now in class for HTML/CSS, so I'm afraid Toni's post and link, though helpful, doesn't make much sense to me.

Does this mean I have to remove this plugin? It was really helping me. It's already shown me over 20 hacker attempts on my site that I'm then able to go into my admin panel and block those IP addresses.

Mostly, though, now that I see all those hacker attempts, I don't want to leave my site vulnerable.

Does anyone know of any similar plugins I can use when I disable this one?

THanks.
evolutionaryit
Member
Posted 4 months ago #

There is a bug in the current version of this plugin. You can disable the Password Policy Settings in Login Lock as below until there is a fix for the plugin:

Set => Enable the password policies shown below to NO

OR

Here are a few others that might do what you need:

http://wordpress.org/extend/plugins/lockdown-wp-admin/
http://wordpress.org/extend/plugins/simple-login-lockdown/
http://wordpress.org/extend/plugins/limit-login-attempts/

I've not used or tested these so I can't comment on them.
jenifer2012
Member
Posted 4 months ago #

Thank you so much Evolutinarit but if I have to disable the plugin through FTP access via my web host (they'll have to do this for me until I learn how to code) how will I be able to do what you're suggesting? Right? I won't be able to get back in to the plugin, will I?? (I'm still new to all this.)

I think I may try this all-inclusive plugin. Do you know anything about it?

http://wordpress.org/extend/plugins/better-wp-security/
Mark
Member
Posted 4 months ago #

If you guys bother to check the FAQ section in README you'd find really really really clear info on how to report bugs - which incidentally doesn't includes using this forum. Just sayin'...

Fortunately a forum reader went to my site and sent me a note via the contact form - the preferred way to deal with issues with my software.

It's probably good practice to check the README for all plugins.

That said, I'll look into fixing this issue.
evolutionaryit
Member
Posted 4 months ago #

Hello Mark,

Thanks so much for your contributions to the WP community! You & your plug-ins rule! =)
Mark
Member
Posted 4 months ago #

As a follow up, it was evolutionaryit who contacted me. Thanks.

Fix is forthcoming.
jenifer2012
Member
Posted 4 months ago #

I've appreciated this plugin. It's helped me ward off many hacker attempts. So thanks. I'm glad you'll fix the bug so that I can re-install it later.

However, this message board is where I was taken after I clicked on the box "Compatibility" with newest WP version button to indicate the plugin wasn't working properly.

So, while I appreciate you're pointing out the "README" just want to let you know that was not where I was directed when I came to the page to try to research the issue.
jenifer2012
Member
Posted 4 months ago #

Mark,

What is your ETA for the fix on this? I'm debating whether to wait, or go in and install something else for security until this is fixed so I can do my admin work.
eminentstyle
Member
Posted 4 months ago #

Eagerly awaiting this fix too!
aphroditekk
Member
Posted 4 months ago #

yes please, a fix!!!
NFWRo
Member
Posted 4 months ago #

Same problem here. I've tried to remove line 630 from loginlock.php as suggested, but although that gives me the reset password page, it won't accept any password as new ones saying that they've been used before (they haven't).

Am I right in saying that I can just remove the loginlock plugin by FTP to uninstall it? That won't affect anything else?

Thanks
NFWRo
Member
Posted 4 months ago #

I've answered my own question and have renamed the folder in the plugins until a fix can be done.
Daniel Convissor
Member
Posted 4 months ago #

I made a bunch of fixes to get login-lock working under WP 3.3.1. They are available at https://github.com/convissor/login-lock. I told the author about the fixes too. We'll see if they get incorporated into the existing package.
Mark
Member
Posted 4 months ago #

Some will some won't. For example, your idea of removing what you term "self promotion" from the login form will stay in the plugin. Reason being, a lot of people actually contact me via that link when they have problems that they think is related to the plugin. In most cases it's not related, and in all cases they get free consulting from me as to what the problem actually is and how to remedy.

That's one instance. I haven't reviewed the other changes yet. I'll try to do that today if time permits - me being a family man will bills to pay.
Mark
Member
Posted 4 months ago #

I just pushed v2.2.4 into the plugins repository. Hopefully I got the fix for the " is_rtl() is not a function " problem resolved. I'm not sure though since I don't have such a system to test with.

Other fixes and changes were implemented, some courtesy of Daniel Convissor.
NFWRo
Member
Posted 4 months ago #

Hi there
Thank you for updating the plugin, however, when I installed it and ran it, I was immediately told to reset my password. I did so and then when I tried to log in, it said it was the wrong password. I tried the old password and that still worked, but I was asked to reset my password straight away again.

After that, I received a message saying that I was trying to use a password that had already been used - which I wasn't for three different attempts. So I renamed the folder again to deactivate the plugin and when I logged in, the last password I had tried to change it to had taken, despite the error message.

Sorry, it looks like there is still a problem.