Breaks /wp-admin login

ungern
(@ungern)

5 years, 11 months ago

Hi Marcus,

I’m using this easy plugin on my site, and I now have two problems:

1) On Opera, there’s no way to access wp-admin. On login it just redirects to wp-login.php, and won’t let anyone log in.
2) On Vivaldi, login is possible, but there’s no refresh of the page, so user needs to press F5 to get the new page.

Tested with all other plugins turned off, still it’s broken. If I just turn this off, things work. Quite sad for this, as this did just what I needed, when other front-end login plugins broke Event Calendar Pro, this worked.

The page I need help with: [log in to see the link]

Viewing 13 replies - 1 through 13 (of 13 total)

Plugin Author Marcus (aka @msykes)
(@netweblogic)

5 years, 11 months ago

Hi, what are your redirect settings? I just tested it out on Opera (mac) and it works fine with a redirect.

Also, what exact steps do you take, e.g. you visit wp-admin, log in and then?

Thread Starter ungern
(@ungern)

5 years, 11 months ago

Hi,

Thanks for answering.
Only redirects “should” be http to https.

I enter the URL/wp-admin and when pressing enter, it goes to URL/wp-login.php?redirect_to=https%3A%2F%2Fsustainablegastro.com%2Fwp-admin%2F&reauth=1 immediately, if this plugin is active. I enter user and pass, and it just reloads, doesn’t log in.

If the plugin is deactivated, after user and pass, I get to admin page as I should.

Plugin Author Marcus (aka @msykes)
(@netweblogic)

5 years, 11 months ago

how come you have a redirect_to in that URL? That’s the problem I think. You shouldn’t be getting that under normal circumstances.

Have you tried doing the same with all other plugins deactivated and a default WP theme? Try my WP Safe Mode plugin to test it just for you and not the whole site.

Thread Starter ungern
(@ungern)

5 years, 11 months ago

Redirect is only as https is enforced for all content on the page. This is set via “Let’s Encrypt Certificates”. BUT, why there’s a redirect in that URL, I just can’t understand, as it has nothing to do with https at all. Not being much smarter than this, I can’t find a reason.

I’ve run the site through WP Safe Mode, also with everything disabled except “Login With Ajax”, fails. All other plugins active, “Login With Ajax” disabled, wp-admin works.

Ran redirect checker for http://…. and quite naturally got this:
>>> http://sustainablegastro.com
> ——————————————–
> 301 Moved Permanently
> ——————————————–
Status: 301 Moved Permanently
Code: 301
Server: nginx
Date: Sun, 12 Jan 2020 10:56:47 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 238
Connection: close
Location: https://sustainablegastro.com/
Host-Header: b7440e60b07ee7b8044761568fab26e8
X-Proxy-Cache: MISS

>>> https://sustainablegastro.com/
> ——————————————–
> 200 OK
> ——————————————–
Status: 200 OK

But trying to log in is through http://…, and there all is 200, so no explanation. Don’t think this has to do with getting the &reauth=1 loop.
Thread Starter ungern
(@ungern)

5 years, 11 months ago
Just super, thank you for all effort.
Not to waste your time, and to help out, I’ll contact you as soon as I’ve also tried theme 2020., that’s the one thing I haven’t gotten to!

Host did check today, nothing on their end. I already ruled that out. 🙂
- This reply was modified 5 years, 11 months ago by ungern.
Thread Starter ungern
(@ungern)

5 years, 11 months ago
OK, did as you asked. Twenty-Twenty theme set, all plugins deactivated except Login With Ajax. /wp-admin won’t work.

Sent info via contact form!
- This reply was modified 5 years, 11 months ago by ungern.
Moderator Jan Dembowski
(@jdembowski)

Forum Moderator and Brute Squad

5 years, 11 months ago

@netweblogic I’ve deleted your offer to login to your user’s site. I’m am 100% sure you mean well but please never ask for credentials. I have flagged your account temporarily. That just means that your post will need to be approved and @ notifications from you will not work.

https://wordpress.org/support/guidelines/#the-bad-stuff

Now for the why: The internet is a wonderful place full of very nice people and a few very bad ones. I’m sure everyone here is very nice however, by giving some ones keys to your house you are trusting they wont steal anything. Likewise the person who takes the keys is now responsible for the house FOREVER.

If something was to go wrong, then you the author may well legally become liable for damages, which they would not normally have been as their software is provided without warranty.

Please be aware that repeatedly asking for credentials will result in us asking you to repeatedly stop before escalating up to the plugins team.
Moderator Jan Dembowski
(@jdembowski)

Forum Moderator and Brute Squad

5 years, 11 months ago
*Drinks coffee*

@netweblogic There are many ways to get information you need and accessing the user’s site is not one of them. That’s going too far.
- Ask for a link to the http://pastebin.com/ log of the user’s web server error log.
- Ask the user to create and post a link to their phpinfo(); output.
- Ask the user to install the Health Check plugin and get the data that way.
- Walk the user through enabling WP_DEBUG and how to log that output to a file and how to share that file.
- Walk the user through basic troubleshooting steps such and disabling all other plugins, clear their cache and cookies and try again.
- Ask the user for the step-by-step on how they can reproduce the problem.
You get the idea.

Volunteer support is not easy. But these forums need to a safe place for all users, experienced or new. Accessing their system that way is a short cut that will get you into real trouble in these forums.
Thread Starter ungern
(@ungern)

5 years, 11 months ago

Hi Jan,

Really didn’t want to get Marcus into trouble here, and I’m sure he just has great intentions to solve things, not only for me, but also for others using his plugin.

Having said this, I understand that there are rules for the forum for a good reason, but kindly allow him back to good standing at some point. We can all make mistakes (as I have done once asking for support for a paid plugin in the forums).

Kind regards
ungern

Moderator Jan Dembowski
(@jdembowski)

Forum Moderator and Brute Squad

5 years, 11 months ago

Nah, we’re all good. Marcus and I have a quick chat in the WordPress Slack #forums channel. Access like that has gone shrieking and horrifically bad in the pasts. It’s not just an issue for users, plugin authors are opening a whole can liability issues.

But as Marcus provides fantastic support and we’ve come to an understanding via the WordPress Slack #forums channel, his account is now un-flaged.

Plugin Author Marcus (aka @msykes)
(@netweblogic)

5 years, 11 months ago

Yup, all good no worries. My bad, won’t do it again!

Plugin Author Marcus (aka @msykes)
(@netweblogic)

5 years, 10 months ago

Hey @ungern

If you’re using %LASTURL% in your redirection that’s probably the reason you’ve got issues here.

Try 3.1.10, managed to reproduce this with another user, no login required 😉

Thread Starter ungern
(@ungern)

5 years, 10 months ago

Hey,

Thanks a bunch, this got me out of the wp-login.php loop. 🙂

Have a great weekend!

Viewing 13 replies - 1 through 13 (of 13 total)

The topic ‘Breaks /wp-admin login’ is closed to new replies.