Como Posted July 29, 2023 Posted July 29, 2023 Error: The CSRF protection key did not match. This may indicate a plugin or theme is out of date. Please contact technical support for more information. I can login using Firefox, but when I attempt to login with Edge, I receive the error above. I can continue to login and out (and back in again) using Firefox. I attempted to login using a private window with Edge, and I receive the following error message: Oops! Something went wrong. Please try again. So, took the site offline, I cleared system caches, and disabled all addons. I then tried logging using the same admin account, with a new private window (Edge), and received the same 'Oops' error message. Any suggestions or idea of what's happening? Thanks.
Miss_B Posted July 29, 2023 Posted July 29, 2023 What apps/plugins do you have installed? Can you disable them all and see if the error will go away? What was the latest change done to the forum before this happened?
Como Posted July 29, 2023 Author Posted July 29, 2023 (edited) Follow-up I have managed to login (with Edge), but when I logout again, it is hit or miss signing in again. I can receive either of the two messages. Sometimes, attempting to sign in again (from the 'Oops' error page) is successful. Or if I receive the CSRF message, I notice that I am apparently signed in (but I can view is the error message), I 'logout' and can then successfully sign in using the other login page: https://xxxxx.xx/login/?_fromLogout=1 This somewhat mirrors the recent experiences of the developer who handled our migration to IPS.* And a technically-minded member who informs me that he always has to login twice. None of use have been able to work the cause of these login problems. * He could login using only the www subdomain (he could not login using the root). Edit: 1 minute ago, Miss_B said: What apps/plugins do you have installed? Can you disable them all and see if the error will go away? What was the latest change done to the forum before this happened? You must have missed my comment: I did disable all plugins - it made no difference. I should add, Chrome and Firefox work fine for me (but not Edge). The member who experienced problems logging in (having to 'login twice'), only experiences problems with Firefox. Edited July 29, 2023 by Como
Como Posted July 29, 2023 Author Posted July 29, 2023 9 minutes ago, Miss_B said: What was the latest change done to the forum before this happened? We migrated to IPS a little over a week ago. The member having to login twice goes back to when we first migrated. The problem for the developer, on Monday, when he first tried to login to look at something for us. My login problems today are new, but so is my use of Edge for the website. There were no changes immediately before this problem with Edge. But as I say, since I was not using Edge before, I cannot pinpoint to a change.
Miss_B Posted July 29, 2023 Posted July 29, 2023 What theme are you using? Can you switch temporarily to an unmodified theme and see if it would help?
Como Posted July 29, 2023 Author Posted July 29, 2023 Apart from a little CSS to change some colours, it is the default theme.
Miss_B Posted July 29, 2023 Posted July 29, 2023 From what I have seen, this type of error, CSRF failure, is mostly related to changes of session id. Anything changed at your forumin relation to session?
Como Posted July 29, 2023 Author Posted July 29, 2023 @Miss_B Not as far as I know. And when I've tried to login with a new private window, that's necessarily a new session. I can login sometimes (as detailed above). It is all just a bit strange.
Como Posted July 29, 2023 Author Posted July 29, 2023 It gets stranger. I switched from the PC to a laptop, and I now keep being kicked off the website and I have login in again.
Como Posted July 29, 2023 Author Posted July 29, 2023 Oh. I meant to add that and these latest problems is using Firefox on the laptop. And I've been kicked off several more times, but this last time I received the CSRF error message when I tried to login.
Como Posted July 29, 2023 Author Posted July 29, 2023 Don't mind me. I'm just logging this stuff. I disabled a couple of addons and this was displayed at the home page: [[Template core/front/global/globalTemplate is throwing an error. This theme may be out of date. Run the support tool in the AdminCP to restore the default theme.]] There is some extra templating with some additional migrated content, but not for IPS core. I had also notice that I being logged out at the home page, but still logged in on other pages (other tabs, same browser).
Como Posted July 29, 2023 Author Posted July 29, 2023 The problem seems to involve Chat+. I had updated that earlier today (it seemed OK at the the time). When I tried to disable Chat+, it would break the site and the error I reported a while ago would appear on ALL pages: Quote [[Template core/front/global/globalTemplate is throwing an error. This theme may be out of date. Run the support tool in the AdminCP to restore the default theme.]] By playing around disabling Chat sub-modules and the the chat module as a whole, I was able to eventually have chat enabled and the site run properly. I have not tried disabling Chat again (I will try again when Support are open on Monday). Prior to me 'fixing' chat, it caused a very large number of errors to be logged. They seem to have now ceased. And the strange session problems seem to have gone away too. I am tired - it has been a long day. But I am 90% sure the weird session stuff started before I upgraded chat. So I am at a loss to explain why the session stuff now seems resolved. (I will look at it properly tomorrow).
Jim M Posted July 30, 2023 Posted July 30, 2023 That Chat plugin may be causing the CSRF error as well. Is it currently disabled and you're not having any issues with the template or CSRF?
Como Posted July 30, 2023 Author Posted July 30, 2023 Hi @Jim M I could not disable Chat+ without totally breaking the front end. But Chat was not displaying, and was causing a very large number of errors. So, I was kinda stuck. However, when I disabled Chat+'s sub-modules, and then the master module, and then re-enabling them, I was eventually able to get everything working. Chat is working, and I have no more errors generated from it. I have not tried disabling Chat again, as I wished to wait for when Support is open. But the session problems resolved too when I got Chat running correctly. I do have a some other errors from time to time. And I note that the plugin Antispam by Cleantalk creates entries in the error log in some circumstances.
Marc Posted July 31, 2023 Posted July 31, 2023 You would need to speak to the author of those plugins, this being the case
Como Posted July 31, 2023 Author Posted July 31, 2023 Hi Marc, More errors over night and this morning. And I am appearing as logged on the home page (Edge). Most errors are of this type over night: Could not write to Store-Redis (settings) #0 /var/www/html/107704/system/Data/AbstractData.php(108): IPS\_Log::log('Could not write...', 'datastore') #1 /var/www/html/107704/system/Data/Store.php(245): IPS\Data\_AbstractData->__set('settings', Array) #2 /var/www/html/107704/system/Settings/Settings.php(177): IPS\Data\_Store->__set('settings', Array) #3 /var/www/html/107704/system/Settings/Settings.php(152): IPS\_Settings->loadFromDb() #4 /var/www/html/107704/system/Dispatcher/Front.php(39): IPS\_Settings->__isset('setup_in_progre...') #5 /var/www/html/107704/system/Dispatcher/Dispatcher.php(110): IPS\Dispatcher\_Front->init() #6 /var/www/html/107704/index.php(13): IPS\_Dispatcher::i() #7 {main} And a lot of this type alter this morning: Unknown Error #0 /var/www/html/107704/system/Task/Task.php(274): IPS\core\tasks\cloud_hook_coreTasksViewupdates->execute() #1 /var/www/html/107704/system/Task/Task.php(237): IPS\_Task->run() #2 /var/www/html/107704/system/Dispatcher/Standard.php(334): IPS\_Task->runAndLog() #3 [internal function]: IPS\Dispatcher\_Standard->__destruct() #4 {main} I just find it odd the errors stop and then start again. I'll probably disable addons again and see what I can find out.
Como Posted July 31, 2023 Author Posted July 31, 2023 @onlyME, the Chatbox developer has checked it out - Chatbox does not appear to be the cause of the wider problems. I've disabled all apps and plugins, but still receive the following error in the logs when I click on a listed 'spammer' in Members => Members => members. (I assume 'Spammer' is a standard tab, and not something created by the Antispam-CleanTalk app. TypeError: method_exists(): Argument #1 ($object_or_class) must be of type object|string, null given in /var/www/html/107704/system/Member/History.php:155 Stack trace: #0 /var/www/html/107704/system/Member/History.php(155): method_exists(NULL, 'parseLogData') #1 /var/www/html/107704/system/Helpers/Table/Db.php(444): IPS\Member\_History->IPS\Member\{closure}('{"spammer":"1"}', Array) #2 /var/www/html/107704/system/Helpers/Table/Table.php(504): IPS\Helpers\Table\_Db->getRows(Array) #3 /var/www/html/107704/system/Theme/Theme.php(885) : eval()'d code(2545): IPS\Helpers\Table\_Table->__toString() #4 /var/www/html/107704/system/Theme/SandboxedTemplate.php(61): IPS\Theme\class_core_admin_memberprofile->history(Object(IPS\Member), Object(IPS\Member\History), Array) #5 /var/www/html/107704/applications/core/modules/admin/members/members.php(1257): IPS\Theme\_SandboxedTemplate->__call('history', Array) #6 /var/www/html/107704/init.php(932) : eval()'d code(56): IPS\core\modules\admin\members\_members->view() #7 /var/www/html/107704/system/Dispatcher/Controller.php(107): IPS\core\modules\admin\members\cloud_hook_coreModulesAdminMembersMembers->view() #8 /var/www/html/107704/system/Dispatcher/Dispatcher.php(153): IPS\Dispatcher\_Controller->execute() #9 /var/www/html/107704/admin/index.php(13): IPS\_Dispatcher->run() #10 {main} #0 /var/www/html/107704/system/Member/History.php(162): IPS\_Log::log(Object(TypeError), 'member_history') #1 /var/www/html/107704/system/Helpers/Table/Db.php(444): IPS\Member\_History->IPS\Member\{closure}('{"spammer":"1"}', Array) #2 /var/www/html/107704/system/Helpers/Table/Table.php(504): IPS\Helpers\Table\_Db->getRows(Array) #3 /var/www/html/107704/system/Theme/Theme.php(885) : eval()'d code(2545): IPS\Helpers\Table\_Table->__toString() #4 /var/www/html/107704/system/Theme/SandboxedTemplate.php(61): IPS\Theme\class_core_admin_memberprofile->history(Object(IPS\Member), Object(IPS\Member\History), Array) #5 /var/www/html/107704/applications/core/modules/admin/members/members.php(1257): IPS\Theme\_SandboxedTemplate->__call('history', Array) #6 /var/www/html/107704/init.php(932) : eval()'d code(56): IPS\core\modules\admin\members\_members->view() #7 /var/www/html/107704/system/Dispatcher/Controller.php(107): IPS\core\modules\admin\members\cloud_hook_coreModulesAdminMembersMembers->view() #8 /var/www/html/107704/system/Dispatcher/Dispatcher.php(153): IPS\Dispatcher\_Controller->execute() #9 /var/www/html/107704/admin/index.php(13): IPS\_Dispatcher->run() #10 {main} Hopefully, the above helps. I have not yet investigated what else triggers errors. And I do not yet know if the session problems are resolved. I'll perform some testing tomorrow. Thanks.
Jim M Posted July 31, 2023 Posted July 31, 2023 8 minutes ago, Como said: I've disabled all apps and plugins, but still receive the following error in the logs when I click on a listed 'spammer' in Members => Members => members. (I assume 'Spammer' is a standard tab, and not something created by the Antispam-CleanTalk app. TypeError: method_exists(): Argument #1 ($object_or_class) must be of type object|string, null given in /var/www/html/107704/system/Member/History.php:155 Stack trace: #0 /var/www/html/107704/system/Member/History.php(155): method_exists(NULL, 'parseLogData') #1 /var/www/html/107704/system/Helpers/Table/Db.php(444): IPS\Member\_History->IPS\Member\{closure}('{"spammer":"1"}', Array) #2 /var/www/html/107704/system/Helpers/Table/Table.php(504): IPS\Helpers\Table\_Db->getRows(Array) #3 /var/www/html/107704/system/Theme/Theme.php(885) : eval()'d code(2545): IPS\Helpers\Table\_Table->__toString() #4 /var/www/html/107704/system/Theme/SandboxedTemplate.php(61): IPS\Theme\class_core_admin_memberprofile->history(Object(IPS\Member), Object(IPS\Member\History), Array) #5 /var/www/html/107704/applications/core/modules/admin/members/members.php(1257): IPS\Theme\_SandboxedTemplate->__call('history', Array) #6 /var/www/html/107704/init.php(932) : eval()'d code(56): IPS\core\modules\admin\members\_members->view() #7 /var/www/html/107704/system/Dispatcher/Controller.php(107): IPS\core\modules\admin\members\cloud_hook_coreModulesAdminMembersMembers->view() #8 /var/www/html/107704/system/Dispatcher/Dispatcher.php(153): IPS\Dispatcher\_Controller->execute() #9 /var/www/html/107704/admin/index.php(13): IPS\_Dispatcher->run() #10 {main} #0 /var/www/html/107704/system/Member/History.php(162): IPS\_Log::log(Object(TypeError), 'member_history') #1 /var/www/html/107704/system/Helpers/Table/Db.php(444): IPS\Member\_History->IPS\Member\{closure}('{"spammer":"1"}', Array) #2 /var/www/html/107704/system/Helpers/Table/Table.php(504): IPS\Helpers\Table\_Db->getRows(Array) #3 /var/www/html/107704/system/Theme/Theme.php(885) : eval()'d code(2545): IPS\Helpers\Table\_Table->__toString() #4 /var/www/html/107704/system/Theme/SandboxedTemplate.php(61): IPS\Theme\class_core_admin_memberprofile->history(Object(IPS\Member), Object(IPS\Member\History), Array) #5 /var/www/html/107704/applications/core/modules/admin/members/members.php(1257): IPS\Theme\_SandboxedTemplate->__call('history', Array) #6 /var/www/html/107704/init.php(932) : eval()'d code(56): IPS\core\modules\admin\members\_members->view() #7 /var/www/html/107704/system/Dispatcher/Controller.php(107): IPS\core\modules\admin\members\cloud_hook_coreModulesAdminMembersMembers->view() #8 /var/www/html/107704/system/Dispatcher/Dispatcher.php(153): IPS\Dispatcher\_Controller->execute() #9 /var/www/html/107704/admin/index.php(13): IPS\_Dispatcher->run() #10 {main} Hopefully, the above helps. I have not yet investigated what else triggers errors. And I do not yet know if the session problems are resolved. I'll perform some testing tomorrow. Thanks. This seems unrelated to your original issues with CSRF key warnings. Are you still encountering this? However, looking at the data there, the error is from CleanTalk itself as it is passing a {"spammer":"1"} JSON data there which is not our own in the member history. You will need to reach out to them for assistance. Como 1
Como Posted July 31, 2023 Author Posted July 31, 2023 7 minutes ago, Jim M said: This seems unrelated to your original issues with CSRF key warnings. Are you still encountering this? However, looking at the data there, the error is from CleanTalk itself as it is passing a {"spammer":"1"} JSON data there which is not our own in the member history. You will need to reach out to them for assistance. Earlier today, I still experienced session problems using Edge. But I have received no CSRF warnings. I have another problem - an ordinary member has moderator powers. She was attempting to delete a quote from a post she was composing, saw 'moderation actions' clicked that and selected delete. She contacted me to let me know that she had deleted the whole thread. Sure enough, it was deleted and I restored it. She is in our standard, established member post-count group, and no secondary groups. I used a test account, in the same post-count group, but could not replicate this. I've had no reports of similar issues from other members. I am fortunate that this member does not behave nefariously. There are a lot of strange things happening. I need someone from IPS to check it out.
Jim M Posted July 31, 2023 Posted July 31, 2023 28 minutes ago, Como said: Earlier today, I still experienced session problems using Edge. Are you able to elaborate on that? What is the session problem that you're having? I was able to login to your community without issues. If you have visited on the browser before, I would recommend clearing cookies/cache just to start fresh to ensure nothing was corrupted. 29 minutes ago, Como said: I have another problem - an ordinary member has moderator powers. She was attempting to delete a quote from a post she was composing, saw 'moderation actions' clicked that and selected delete. She contacted me to let me know that she had deleted the whole thread. Sure enough, it was deleted and I restored it. She is in our standard, established member post-count group, and no secondary groups. I used a test account, in the same post-count group, but could not replicate this. I've had no reports of similar issues from other members. I am fortunate that this member does not behave nefariously. There are a lot of strange things happening. I need someone from IPS to check it out. Do you allow members to delete their own content? If so, users would have the ability to delete their own topics. That is completely normal and what you have instructed the software to allow. If you can provide a topic URL and member name/id, we can certainly verify that. Como 1
Como Posted July 31, 2023 Author Posted July 31, 2023 Oh, I see. I'll have to check through permissions for that. Thanks.
Como Posted July 31, 2023 Author Posted July 31, 2023 Yep. That's it. But, you know, it is not at all clear that "Can delete own content?" means that the topic starter can delete the whole thread, along with posts from other members. I think the permission has its uses, but it is surely edge case stuff and probably deserves a better description. But I do appreciate the heads-up and am glad that it was a simple fix. 🙂
Jim M Posted July 31, 2023 Posted July 31, 2023 2 minutes ago, Como said: Yep. That's it. But, you know, it is not at all clear that "Can delete own content?" means that the topic starter can delete the whole thread, along with posts from other members. I think the permission has its uses, but it is surely edge case stuff and probably deserves a better description. But I do appreciate the heads-up and am glad that it was a simple fix. 🙂 Glad to hear that was it. Please feel free to leave any suggestion in our Feedback forum 😉 Como 1
Como Posted August 1, 2023 Author Posted August 1, 2023 10 hours ago, Jim M said: Are you able to elaborate on that? What is the session problem that you're having? I was able to login to your community without issues. If you have visited on the browser before, I would recommend clearing cookies/cache just to start fresh to ensure nothing was corrupted. As I stated further up the thread, I use a fresh private window - I assume this avoids all issues around cached pages and cookies. The problem is intermittent, and only occurs with Edge. I'll monitor what happens today and will report back here.
Como Posted August 1, 2023 Author Posted August 1, 2023 I should add - the problem with sessions might be related to Chatbox+.* I have Chatbox disabled at the moment. And I understand that Chatbox is being updated today. * Perhaps @onlyME will comment here, because I am not fully clear on that.
Recommended Posts