Support » Plugin: Ultimate Member - User Profile & Membership Plugin » BUG | When moving to another url

  • Resolved CBServices

    (@cbservices)


    When moving the site to another URL, you cannot login anymore.
    He keeps redirecting to /login and keeps asking for credentials (/wp-admin doesn’t work).

    When disabling ultimate members I can login again (trough wp-admin).

    Saving permalinks did not help.

Viewing 13 replies - 1 through 13 (of 13 total)
  • P.S. I already did the plugin/theme conflict test

    It is happening after move to another URL (even tried it with wp all in one migration)

    And the panik key redirects also again to /login

    Is this a migration job? What exactly are you trying to accomplish? Can you access wp_options table with phpMyAdmin?

    • This reply was modified 3 years, 7 months ago by borisv.

    Yes I can. I disabled all plugins, logged in and enabled them again.
    But I cannot use the /login anymore from ultimate member because it keeps redirecting to /login.
    I enabled the option (Allow wp-admin login screen for guests) so that when I or one of the members logs in they now do so trough the wp-admin screen.
    But I cannot enable it anymore.

    It works on my demo
    But not on the clone (live) site

    Found it… It was triggering MOD security 211540 on the server.

    211540 is a security rule to prevent blind sql injection attacks. You clearly did something in your site to trigger it like creating excessive false positives. In any case, this was not a “bug”.

    • This reply was modified 3 years, 7 months ago by borisv.

    Hi Boris,

    Thank you for your response!

    I must disagree with you if this is a bug or not but for me it’s working now, hence it doesn’t matter anymore…

    It’s definitely triggered by ultimate member script.
    I will try to explain a bit more for other people who can run into the same problem.

    The login page generated by ultimate member passes the login variables in a “bad” way, that’s why the rule is triggered. To give an exact example, in my case the shortcode used for the unaltered login page is: [ultimatemember form_id=189]

    When trying to login from that page, I get the following violation:

    Pattern match "(?i:\\b(?:t(?:able_name\\b|extpos[^a-zA-Z0-9_]{1,}\\()|(?:a(?:ll_objects|tt(?:rel|typ)id)|column_(?:id|name)|mb_users|object_(?:id|(?:nam|typ)e)|pg_(?:attribute|class)|rownum|s(?:ubstr(?:ing){0,1}|ys(?:c(?:at|o(?:lumn|nstraint)s)|dba|ibm|(?:filegroup|o ..." at ARGS_NAMES:user_password-189.

    I should have seen it sooner but I wasn’t paying attention (long work day), there were no PHP errors generated. I disabled the rule for this particular site now, keep in mind that not all providers use these strikt rules.

    I tested on a clean WP setup, got the same error.

    Why I did not see this before is because my demo setup has no mod security rules active.

    Greetings,

    Richard

    • This reply was modified 3 years, 7 months ago by CBServices. Reason: Thanks added for response from Boris
    • This reply was modified 3 years, 7 months ago by CBServices. Reason: Thanks added for response from Boris

    Again, it’s not “UM bug”. What I said was that you did something that upset the server like using characters in passwords that might trigger that mod sec rule. Just ensure that passwords are not blindly passed into an SQL query without some sort of hashing first.

    The used password was: Test1234
    The used WordPress version was: Latest
    The used UM version, also: Latest

    I am not altering the query in any way…

    But hey, if you don’t believe me it’s ok 🙂
    Again thanks for your response.

    By the way… I’m not the only one…

    https://wordpress.org/support/topic/after-update-register-form-and-login-form-not-working/

    Definitely a bug mate…

    Of course I don’t believe you. That error has nothing to do with Ultimate Member and everything to do with how your server has ‘ ModSecurity rules’ set up. Look it up and you’ll find that that rule and your problem is not uncommon with other CMS scripts.

    What the guy said in your reference link is precisely that you should turn off the security rule that is trouble and leave the rest alone.

    I’m sorry but you are only misguiding users with this post.

    Don’t be sorry, I understand what you are coming from.
    I don’t think I am misguiding, as this post could possibly help someone out with the same problem.

    Have a good weekend 🙂

    Well, you posted it in your OP title and argued that it is a “bug”.
    Have a good weekend yourself.

Viewing 13 replies - 1 through 13 (of 13 total)
  • The topic ‘BUG | When moving to another url’ is closed to new replies.