Jim M

When going to the upgrade page, I am no longer seeing the issue about the date / time function but rather just a session issue:

We were unable to start a PHP session. You will need to contact your host to adjust your PHP configuration before you can continue. The error reported was: session_start(): Failed to read session data: files (path: /var/cpanel/php/sessions/ea-php71)

If you are indeed running PHP 8.1, likely the path listed in your php.ini is incorrect for sessions as lists PHP 7.1: /var/cpanel/php/sessions/ea-php71

Please contact your hosting provider or server administrator to correct this and ensure that the path listed in the php.ini for sessions exists and is writable.

1 minute ago, David Tingen said:

When I change the name of the database, I get a 500 error.

As instructed by your hosting provider, you would also need to change the username.

2 minutes ago, David Tingen said:

Could you help us repair the database, or is there any other way you can make our forum work correctly? And also tell us what the cost would be.

Sorry, database restoration is a hosting provider task as they have the tools, access, and responsibility to do so for your database. As a software provider, we are limited to assisting in such tasks.

You would need to work with your hosting provider to find a backup where the table has not crashed, if they cannot restore it. 

3 minutes ago, PinPics said:

Not sure what you mean by "save the Administrator permissions". Do you mean just to go into the member group permissions and hit the "save" button?

That is correct. You would go in and edit the Administrator permissions for your account and save. This should, hopefully, tell the system to resave with full permissions.

I'm afraid, we would not be able to provide support for any data inconsistencies which stem from third party add-ons. As the copying via a third-party add-on caused the Mod Queue anomaly, this would be outside our scope of support and up to the third-party author to resolve.

If you delete the forums/topics/posts which you copied via this third-party add-on, it may resolve your issue.

Would apply the patches which are present in ACP -> Support. Then also save the Administrator permissions that you are a part of as that is really odd that those are gone. Unless someone has manually modified your files to remove those buttons, I do not believe we have an option to remove those.

Would ensure you're using PHP 8.1 and then also check to ensure that your server is inline with the requirements checker: 

If all is well, what Randy said will be required

The configuration file can be found in conf_global.php . The database name and user can be set in that file. Please let us know if you need any further assistance.

ACP -> Members -> Members -> Import Member List.

15 minutes ago, Bill Edwards said:

Really?

Neither of the issues has ANYTHING to do with the copy.

Is there a way to force a recount requires a simple yes or no answer - a recount would be a core software function. You can't answer that?

We've had issues in the past - documented with you whereby the Mod Queue gets out of sync (nothing to do with copying) and in the past you've zero'ed it. You can't do that as you have in the past?

@Adriano

Unfortunately, the reality here is that we do not know the way which items were copied or if there is an underlying issue there. Therefore, we would not provide support on something which was not done natively in the software.

To answer the question about recounting posts, you can do this via ACP -> Members -> Members -> view any members -> go to Posts -> Recount All.

1 minute ago, Bill Edwards said:

I used Adriano's excellent add on to copy the topics, replies - everything 🙂

 

That would be who you need to contact then for assistance, I'm afraid. We would not supply support for something of this nature.

9 hours ago, marklcfc said:

Just remember when it happened to me in the 123RF breach in 2020 it was the same email / password combo that was being used in many places

Keep in mind, that is one instance out of many, many, many, many other breaches. 

Kind of like stating, all car accidents are the same 🙂 . Each breach is different than the next depending on the website and data the attacker obtains. More often than not username is stored and obtained, if it is available.

Sorry, could you please clarify what you mean by copied? The copy function would only copy the forums, not the posts so the counts should be 0. Unless I am misunderstanding what you mean or you used a third party action to do so.

10 minutes ago, Seirei said:

Tell me optimal configuration my server fo upgrading. PHP 8.1. Ок. What else? OS, web-service, database?

We would only provide recommendations for PHP 8.1, MySQL 8 and only provide support for Apache. We would not provide any further recommendations to OS, etc..

More information will come up in the release which we remove it but we constantly evaluate features in the software which are seldomly used yet cause us overhead a lot of evaluating/developing/supporting them. This is not to say this will change in the future or that a third party can't add this payment method in for you. Regardless though, at the moment, it sounds like these are getting deprecated so will not be available from Stripe themselves.

20 minutes ago, Patrosaurus said:

No offence but this wasn't even remotely helpful. You've already said Invision doesn't use the Sources API any more, which was fine. I then asked why my installation of Invision is and you say the same thing again with an added "Ask someone else."
- Stripe will have no explanation as to why I'm using an old API, it's my application calling that API, not theirs. Hence me coming here to the people who provided the API in a software bundle to ask what the situation is.

Apologize that you found this not helpful. Sometimes without more information about the API usage involved, we're a little blind on why something may be getting reported that it is in use. In this case we could have reviewed your instance more or Stripe could have reported that you were using the API as outlined (they have this information as they're telling you you're using an outdated API 🙂 ). However, it is good to see that we got the answers we needed and apologize for any inconvenience here.

There would be no means to do this via the core software. It would require a customization.

We would need to review the given issue so whatever it takes for us to review it.

Was the rule deleted? I am not seeing it present or have this user attributed to that rule.

47 minutes ago, Verto said:

CANNOT_MAKE_DIR (6)

You will want to check your permissions in S3 as it cannot write in your given settings. 

I have moved this to a ticket to further investigate this for you. Seems unarchiving has completed but there are still some left over.

12 minutes ago, Philooo said:

Should we test the several tens of thousands of addresses of our members in this way???

It is provided as a means of what may have happened. Not a way to verify all.

12 minutes ago, Philooo said:

This issue is a real problem for our communities

As mentioned several times in the topic, the hole here isn't the software but rather the human. Humans are using the same credentials on multiple sites and one of those other sites (not associated to IPS) gets breached, their credentials are now known. Thus, these spammers are logging in.

The way around this would be implore Two Factor Authentication because this requires another set of actions to log in. This won't help past users but will help in the future.

The other option would be to force password resets to all members but there is no guarantee that your users will insert already breached credentials.

22 minutes ago, ekforum said:

These keeps happening again. Legitimate users keep getting this pop up, and I have been experiencing it too frequently recently also. 

We are working with you on your ticket with this... Please be sure to reply there.

2 minutes ago, marklcfc said:

Looks like the email addresses have been in a data breach, so looks like username is actually a more secure login not that IPS will change their mind on removing it 🙄

Odds are their username is also in that breach.

3 minutes ago, Philooo said:

it is often profiles that are 2-3-4 years old that are used, often profiles with low activity.

As mentioned several times in this topic, you will want to check to see if those email addresses have been compromised from other websites (non-IPS). You can look at https://haveibeenpwned.com/

Then take measures outlined in this topic.

11 minutes ago, amd21 said:

Thanks for reply . I am sorry i didnt understand . Need to install a full set or IPB or can insall just the missing applications? 

You would upload the full file set to the location of your community on your server, overwriting what is there. Then go to ACP -> System -> Applications to install your missing applications.