Following Up

  • deeveearr

    (@deeveearr)


    4 years ago

    Hi,

    Just something I noticed in the changelog to the latest version:

    I mentioned a few threads ago that when a user registers, and they get an email to activate their account, that the full WordPress login info (including any hidden login information) was then transmitted to the user, which is why I turned this feature off.

    Is this option now repaired, or is it still a WordPress issue?

Viewing 15 replies - 1 through 15 (of 19 total)
1 2
  • Plugin Author gVectors Team

    (@gvectors-team)

    4 years ago

    Yes, it should work fine now.
    Just enable back the “Email Confirmation” option for registration in Forums > Settings > Features admin page. Make sure these options are set correctly in the same admin page:

    • Yes | Enable User Registration email confirmation
    • No | Replace Registration Page URL to Forum Registration Page URL
    • No | Replace Login Page URL to Forum Login Page URL
    • Yes | Replace Reset Password Page URL to Forum Reset Password Page URL

    Then make sure these three options are enabled in Dashboard > Forums > Settings > Email admin page:

    • Yes | Overwrite WordPress New User Registration Email for Admins
    • Yes | Overwrite WordPress New User Registration Email for Users
    • Yes | Overwrite WordPress Reset Password Emails
    Thread Starter deeveearr

    (@deeveearr)

    4 years ago

    It’s still not working I’m afraid, the emails are still showing the hidden login url’s.

    In fact it’s gotten worse:

    On a ‘lost password’ password reset, wheras before the hidden login was NOT specified, it is now specified.

    I’ll try turning off the ‘Replace Reset Password Page URL to Forum Reset Password Page URL’ and see what happens.

    *edit*

    No good I’m afraid – turning off the reset password page url throws up the login page url, complete with the hidden login details.

    • This reply was modified 4 years ago by deeveearr.
    Plugin Author gVectors Team

    (@gvectors-team)

    4 years ago

    Please don’t turn that option off!
    Again, make sure all these options are set correctly, I changed the 3rd to YES:

    In Forums > Settings > Features admin page. Make sure these options are set correctly in the same admin page:

    Yes | Enable User Registration email confirmation
    No | Replace Registration Page URL to Forum Registration Page URL
    Yes | Replace Login Page URL to Forum Login Page URL
    Yes | Replace Reset Password Page URL to Forum Reset Password Page URL

    Then make sure these three options are enabled in Dashboard > Forums > Settings > Email admin page:

    Yes | Overwrite WordPress New User Registration Email for Admins
    Yes | Overwrite WordPress New User Registration Email for Users
    Yes | Overwrite WordPress Reset Password Emails

    Thread Starter deeveearr

    (@deeveearr)

    4 years ago

    I’ve already tried a password reset using the above options, and it sends the hidden login url instead of the /community/?foro=resetpassword etc link.

    Rolled it all back using WP Rollback to version 1.7.2 with the settings of:

    NO | Enable User Registration
    YES | Replace Registration Page URL to Forum Registration Page URL
    YES | Replace Login Page URL to Forum Login Page URL
    YES | Replace Reset Password Page URL to Forum Reset Password Page URL

    …and it all works like it did yesterday with no hidden url’s showing on the reset password links.

    Plugin Author gVectors Team

    (@gvectors-team)

    4 years ago

    Please never roll it back, because your forum will not have a future. Something is wrong on your website, and it should be checked deeply. You can test it on all other wpForo forums and see that there is no such problem. For deeper support please open a new support topic in wpForo community.

    Rolling back is the worst thing you can do for your forum. It’s better uninstall than rolling back and wait for some magic. There will not be any change and fix related to this issue, because this issue doesn’t exist in all other forums. This is a website specific issue and need to be deeper debugged directly on your website. So, to continue this support you should open a new topic in wpForo Community and refer to this topic.

    Thread Starter deeveearr

    (@deeveearr)

    4 years ago

    I can’t really see how it’s site specific actually, as I initially enquired whether any hidden login url’s would show, or be properly hidden.

    The only thing that changed following the update was that the ‘reset password’ link is now also showing the hidden login credentials, wheras before, it was not.

    Are there any wpforo forums, that are running the latest version where I can test out the email reset password sending, and the forum reset password sending, please?

    Thread Starter deeveearr

    (@deeveearr)

    4 years ago

    Testing it out on the WPForo support forum:

    Just registered and it showed this in my email:

    https://wpforo.com/wp-login.php?action=rp&key=lyGEzb1f24ExqTkecuPk&login=DeeVeeArr

    Note the /wp-login.php in the link – this would translate to my hidden login credentials instead of wp-login on my own website.

    The reset password link seems to be working on the WPForo support forum as on trying to get a new password, I’m getting:

    /community/?foro=resetpassword&rp_key=xYfZx5LA6o9H7OPp2LAZ&rp_login=DeeVeeArr

    The main problem here then in in trying to join up, I’m getting the WPForo login credentials in the url.

    You mentioned that in the update, this was now irrelevant but it would still seem to be a problem.

    I’m guessing that WPForo are running the latest version?

    Plugin Author gVectors Team

    (@gvectors-team)

    4 years ago

    @deeveearr, We’re talking about different things. So the only issue you have is just the reset password URL? Am I right? You just need to change it to wpForo URL?

    Thread Starter deeveearr

    (@deeveearr)

    4 years ago

    Seems like it, yes.

    I’m fine using the forum to register without sending an email, as this would definitely expose my hidden login details :mysite.com/hidden-login-details/community/yes-you-can-try-to-hack-this-now/

    The reset password url though, which was fine up until yesterday, has now also started showing my hidden login details instead of as in the WPForo example of /community/?foro=resetpassword&rp_key=xYfZx5LA6o9H7OPp2LAZ&rp_login=DeeVeeArr

    How would I change the reset password link, sent out by email, to the WPForo example?

    Plugin Author gVectors Team

    (@gvectors-team)

    4 years ago

    Ok, then you should find the plugin which affect the user Registration Email.

    We just disabled this “Disable New User Notifications” plugin on wpForo.com and the email looks like this, you can test it again, the problem you’ve seen is fixed:

    2020-04-24_1838

    So, I was correct, wpForo works fine, we just need to find the plugin which affects the Email. Please follow these instructions:

    1. Again, update to the latest 1.7.4 version, we released it a few hours ago.

    2. Set YES all these options in Forums > Settings > Features admin page:

    – Yes | Enable User Registration email confirmation
    – Yes | Replace Registration Page URL to Forum Registration Page URL
    – Yes | Replace Login Page URL to Forum Login Page URL
    – Yes | Replace Reset Password Page URL to Forum Reset Password Page URL

    3. Set YES all these options in Dashboard > Forums > Settings > Email admin page:

    – Yes | Overwrite WordPress New User Registration Email for Admins
    – Yes | Overwrite WordPress New User Registration Email for Users
    – Yes | Overwrite WordPress Reset Password Emails

    4. Lets us know if all is done, leave your forum URL.

    5. Provide a full list of plugins you use and the WordPress theme name.

    Thread Starter deeveearr

    (@deeveearr)

    4 years ago

    Right, I’ve updated to 1.7.4, and the reset password is showing the full email address again.

    Give me 20, I’m just going to disable a few plugins.

    Thread Starter deeveearr

    (@deeveearr)

    4 years ago

    Right then, I found the culprit, and it was the hidden login plugin itself.

    For info, it’s the Webcraftic Hide Login page plugin.

    Now that I know it’s not WPForo, I can probably get some work done at last!

    I’ve still left the registration set at NO though and am going through the forum registration rather than email registration, as I reckon giving people a free run of the website login info is tempting fate a little.

    Thanks for the advice, and I’m off to find a new ‘hide my login’ solution!

    *edit*

    By the way, did you mean that you ACTIVATED the “Disable New User Notifications” plugin?

    Looks useful that does!

    • This reply was modified 4 years ago by deeveearr.
    Plugin Author gVectors Team

    (@gvectors-team)

    4 years ago

    Great!
    Thank you for the information.
    No, we deactivated that plugin, that was installed a few years ago. Now, wpForo has its own option to stop sending new user registration emails to admins. That option is located in Forums > Settings > Features admin page:

    2020-04-24_2019

    Thread Starter deeveearr

    (@deeveearr)

    4 years ago

    Just a quick update on this issue – testing the ‘reset password’ option again and it now looks like ALL types of ‘hide my login’ plugins will give away the credentials, so it wasn’t just Webcraftic’s fault.

    Straight choice now then of either putting up with it, or rolling back to 1.7.2 where the hidden logins all worked properly.

    Thread Starter deeveearr

    (@deeveearr)

    4 years ago

    Hey, I’m not bothered about receiving emails as an admin – nothing could be further from the truth.

    I’m just a little concerned that the url sent out to users will have the hidden login credentials on it.

Viewing 15 replies - 1 through 15 (of 19 total)
1 2
  • The topic ‘Following Up’ is closed to new replies.