XF 2.0 Can not save User Registration options

[clawbennett]

Hello,

Just reinstalled XF2 and I can save pretty much everything in my board setup with the exception of the User Registration options. Each time I go to save these options, I get the dredded "Oops! We ran into some problems. This action could not be completed because you are no longer logged in. Please reload the page."

I've logged out/in, cleared cache, etc. But please remember, this is the ONLY area so far that I can not save. I am able to go to other admin settings and make changes.

Any help would be appreciated. This is one of the most critical options for me, as I am needing participants to be 18+

 

[clawbennett]

UPDATE: Seems like anything dealing with users can not be saved. Permission changes gives me the same error message about being logged in.

 

[Paul B]

If it only happens in those specific sections of the ACP then that suggest something server side is being triggered - possibly a security mechanism of some sort.

Ask your host to check the server error log to confirm if that's the case.

 

[clawbennett]

If it only happens in those specific sections of the ACP then that suggest something server side is being triggered - possibly a security mechanism of some sort.

Ask your host to check the server error log to confirm if that's the case.

I have access to error logs and access logs, but I do not see anything relating to the forums in there. But I don't know for sure if these are the "server" error logs.

 

[clawbennett]

Seems like this is an issue that's spreading. Any saving of templates, etc. is now giving the same error. No errors in the logs showing at all for today.

UPDATE: It is some sort of .htaccess issue. I temporarily renamed the .htaccess file and it's allowing me to save the problem areas. Can someone tell me what might need to be changed in the file to have it functional again? Thanks!

 

[Paul B]

This is the default .htaccess file: https://xenforo.com/community/htaccess.txt

Does yours contain anything different to that?

If so, remove the additional lines until you identify the cause.

 

[clawbennett]

I downloaded the htaccess file you put up and replaced mine, and it seems to be working for the moment. However, the ONLY difference was the comment line below. Very strange. Thanks for the file. Hopefully this resolves it all!

#    This line may be needed to workaround HTTP Basic auth issues when using PHP as a CGI.
    #RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

 

[clawbennett]

Brogan,

Something is a miss. Now I am unable to change or save any settings for templates/styles. I removed the .htaccess file and it is again working. So there is definitely something going on somewhere. I checked the .htaccess file and there are no differences, no changes made to it.

Any ideas?

 

[Mike]

Things happening when you change the htaccess file seem like a red herring. It might be enough time to avoid the issue, for example.

These are relatively consistent with mod_security type issues or some other situation where a request is re-processed and sent through without cookies (seen very rarely).

You may need to leave the htaccess file renamed temporarily until you can reproduce the issue again. It may be that the htaccess is actually just covering up the real error (as otherwise, there really shouldn't be anything in it that's related).

 

[clawbennett]

So playing around, it allowed me to make the changes in the styling section of the admin. When I went to refresh my site, it would not allow me to do anything. It started giving me an error saying something went wrong and there may be errors in the browser log.

At that point, I could not sign out or make changes until I restored the .htaccess file. Then I could log out.

At this point, the forum is brand new and just being setup. I may attempt to reinstall the software. Debating on a 2.1 upgrade, not that that would fix the issues, but it would be the latest supported version.

I have never had these issues using my host with XF in the past. I’m wondering if my internet here is the problem. I’m rural and use satellite to connect. The IP address probably changes very frequently.

 

[Mike]

The IP address probably changes very frequently.

This is very likely. For security, sessions are attached to a particular IP (or rather, a small IP range), so if there are major IP changes randomly, then that could cause issues. Saying that, I'm surprised it's changing that frequently -- that's generally something that even mobile networks often attempt to avoid/reduce.

 

[clawbennett]

So, as it stands, that may be the issue. I have not had any problems on a more stable cable internet line. It's still dynamic, but doesn't change. Previously (At home) my satellite service (hughesnet) changes frequently it seems. My location in google will say I am in California somewhere one minute, and another area closer to hoe the next search.

Is there a way to disable that security issue somehow?

 

[Mike]

Is there a way to disable that security issue somehow?

Not directly -- while we have heard of things like this, it's almost always been from misconfigured reverse proxies rather than something on the true client end.

If it continues to be problematic regularly, let us know and I can look into what you can do to change it (though it may not be something we officially support).

 

[clawbennett]

Mike,
I thought all was well after installing XF2.1 (although done at a more stable connection). I am currently back at home and can not save anything in the admin CP again without it saying I am logged out.

This is very problematic. I would definitely appreciate the help if there is a way around it.

This time I was trying to import a style.xml file and it gave the error. I renamed the .htaccess file and I am able to upload the style.xml file. Again, I have run XF on this host in the past (Dreamhost) and all the server requirements were met before installation.

 

[Chris D]

I really just echo Mike's comments here, and that I'm not convinced the .htaccess is related at all Especially if it's only the indicated line which is different.

Of course uploading any style XML is potentially a significant operation that is likely to take multiple seconds, especially if it is a large style. As well as the initial upload, the actual importing of the potentially many hundreds of items is a significant chunk of time.

If you're back to using an internet connection where the IP address changes frequently (how frequently, btw?) then this still seems like the likely cause.

The answer to this may be to simply disable the aforementioned session security mechanism. We do not recommend this, but it should solve your problem. Edit src/config.php and add the following:

$c->extend('session', function(\XF\Session\Session $session)
{
   $session->setConfig([
      'ipv4CidrMatch' => 0,
      'ipv6CidrMatch' => 0
   ]);
   return $session;
});

In an ideal world, you would only have this code active while you are working from your less reliable connection. Though this would mean commenting it out when it's not in use, and uncommenting it when it is:

/*$c->extend('session', function(\XF\Session\Session $session)
{
   $session->setConfig([
      'ipv4CidrMatch' => 0,
      'ipv6CidrMatch' => 0
   ]);
   return $session;
});*/

 

[clawbennett]

I really just echo Mike's comments here, and that I'm not convinced the .htaccess is related at all Especially if it's only the indicated line which is different.

Of course uploading any style XML is potentially a significant operation that is likely to take multiple seconds, especially if it is a large style. As well as the initial upload, the actual importing of the potentially many hundreds of items is a significant chunk of time.

If you're back to using an internet connection where the IP address changes frequently (how frequently, btw?) then this still seems like the likely cause.

 

[clawbennett]

So, when I disabled the .htaccess file, I was unable to do anything on the public side of the site without getting an OOPS, ...check browser console for errors. I was getting all sorts of errors, and 404s for JSON.

Re-enabled .htaccess and public site worked for me, but admin CP wasn't functioning properly.

Again, had no issues outside of this satellite connection. Mobile connection via LTE worked, and a more reliable connection also worked without issue.

I installed the code you (Chris) suggested and so far everything is working again both admin and public sides. I will try this for a while and see how it works out. I will use the suggestion to comment out when not requiring admin access to make changes.

Keep you posted!