WordPress.org

Ready to get started?Download WordPress

Forums

TDO Mini Forms Error Log (6 posts)

  1. ClickyB
    Member
    Posted 6 years ago #

    It seems that most users have to make numerous attempts to create a post before it gets "accepted".
    My error log shows multiple lines (which I don't understand)! Examples:
    User with the incorrect privilages attempted to submit a post! (This from a registered user).
    tdomf_register_form_widget: Widget text-1 already exists. Overwriting...
    tdomf_register_form_widget_control: Widget text-1 already exists. Overwriting...

    (Shows identical lines with "text-2" to "text-5")
    tdomf_register_form_widget: Widget 1qcaptcha already exists. Overwriting...
    ...etc etc
    The final line reads:
    "array (
    'tdomf_key_1' => false,
    )"

    I have no idea what all this means but it happens repeatedly and is seriously deterring my users from contributing :(

    I've kept the log intact for this latest batch of problems so I can supply the full thing if necessary.

    Can you help me please?

  2. the_dead_one
    Member
    Posted 6 years ago #

    The only important error in that log is this one:

    `"array (
    'tdomf_key_1' => false,
    )"`

    This will stop posts from being submitted. There is a long thread on my support forums for the plugin about it here.

    I believe this problem comes down to your host's configuration. Make sure register_globals is turned off and session.auto_start is turned on (and possibly session.bug_compat_42 is turned off). If this works for you, please tell me. Thanks.

  3. ClickyB
    Member
    Posted 6 years ago #

    Hi the_dead_one,

    Thanks heaps for the quick response :)

    I have register_globals turned off.

    I looked into the session.auto_start issue and was slightly concerned by the security vulnerabilities (mentioned in the page linked from the last post of your forum thread).

    However, I do like the TDOMF facility and would like to use it (rather than making all my members "contributors"), so I may try it, but - before I do so - the thing that most confuses me (which I should have mentioned before) is that I have had 2 members use the form successfully and - although they both had problems the first few times they tried - they are both adding posts without any problems at all (which makes me think it should be possible for all users) so I'm wondering how that could happen...
    Could it be associated with the login?
    Could it be the "preview" function which either helps or hinders their ability to use it?
    Is it associated with cookies (on/off)?

    If I can find out then - presumably - I can take the necessary action without worrying about site security.

    If you have any further thoughts I'd be glad to hear them, otherwise I will contact these 2 users and see if they remember anything which might shed some light on the situation (in which case I will - of course - let you know).

    Thanks again for your help,

    ClickyB

  4. the_dead_one
    Member
    Posted 6 years ago #

    Hi ClickyB, all that really depends on how you've configured your form and with what widgets.

    BTW What security vunerablity? Enabling register_globals is bad and prevents TDOMF from working. There is a "caution" message about not having session.auto-start turned on.

    The error about session key should not be affected by the users being logged in or not or the use of cookies... by any chance, are you using some sort of caching plugin like wp-cache or wp-super-cache?

  5. ClickyB
    Member
    Posted 6 years ago #

    Hi TDO,

    No I don't use any cache plugins.

    On that linked doc' under "Sessions and security" it says:
    There are several ways to leak an existing session id to third parties. A leaked session id enables the third party to access all resources which are associated with a specific id. First, URLs carrying session ids. If you link to an external site, the URL including the session id might be stored in the external site's referrer logs. Second, a more active attacker might listen to your network traffic. If it is not encrypted, session ids will flow in plain text over the network. The solution here is to implement SSL on your server and make it mandatory for users.

    That was the part that worried me!

  6. the_dead_one
    Member
    Posted 6 years ago #

    ClickyB, try the latest version v0.10.4 (which I just uploaded). In v0.10.3 (the previous version) I implemented an alternative to using sessions which you can enable via the options. v0.10.4 is a bug fix release for v0.10.3.

Topic Closed

This topic has been closed to new replies.

About this Topic