Member booted out upon signup

Topic: Member booted out upon signup (Read 3562 times) previous topic - next topic

0 Members and 1 Guest are viewing this topic.

Member booted out upon signup

January 13, 2017, 10:10:59 am

Testing my forum, I signed up as a new member, but upon finishing the signup, (expecting to be taken to the forum to view the boards) I am immediately kicked out to have to sign in again, which after signing in again, I'm taken to the forum. Is this just my forum? Maybe a setting that needs changed? I don't remember having to do this on a few other forums I've made with Elk.

Re: Member booted out upon signup

Reply #1 – January 13, 2017, 04:50:48 pm

My forums have that behavior as well. Not sure if it's intentional.

Re: Member booted out upon signup

Reply #2 – January 13, 2017, 06:02:31 pm

Good thinking. Immediate registration here. I always wondered if new members just didn't login because they thought an email should arrive. It's beginning to add up. Lol

Re: Member booted out upon signup

Reply #3 – January 14, 2017, 02:19:40 pm

I seem to remember it has always been the case (but I never used the immediate registration, so I'm not sure).
It's not an unusual approach, many services (at least I've seen many behave that way, not that I remember one, of course xD) opt for the "register and then login" approach.

Maybe @Spuds remembers if something was changed along the way and why.

Re: Member booted out upon signup

Reply #4 – January 14, 2017, 07:26:22 pm

I'll give this my official Hummm with a head scratch.

The function (immediate registration) is set up to create the login cookie, which would lead one to think you should be logged in when the function is complete and you get redirected.

If we want to keep the behavior (and I'm not sure we can change it anyway), it should redirect to a Hey you have been activated, please login screen instead of the frontage, leaving the user to wonder WTF just happened.

Then again I woke up this AM and I thought to myself, WTF just happened, but that is another story

Re: Member booted out upon signup

Reply #5 – January 14, 2017, 07:51:05 pm

I think this is the only forum software that does this. All others I have used once you signup, your immediately taken to the forum, which I would think would be the course. I'm not talking about being email verified, just signing up.

If I am a new member and especially not Internet savvy, I would think, (member saying the following).... "WTF? I guess my signup failed! Crap with it, I'm not trying to signup again. I'm leaving the bloody forum, I'll get my coat."

Is there a way to be taken directly to the forum after signup? Maybe a plugin at least?

Re: Member booted out upon signup

Reply #6 – January 15, 2017, 12:25:26 am

Quote from: Spuds – January 14, 2017, 07:26:22 pm
Then again I woke up this AM and I thought to myself, WTF just happened, but that is another story

Tequila karaoke? Lol. It's more fun than one would first imagine.

The splash screen sounds like a really good idea. It could be an opportunity to welcome people, explain a few rules, invite them to an introduction thread, or any number of other possibilities. But most importantly just what you said, let them know what's going on at that point.

Re: Member booted out upon signup

Reply #7 – January 15, 2017, 06:22:48 am

When you setup an admin account on install you're auto logged in.

Re: Member booted out upon signup

Reply #8 – January 15, 2017, 08:12:40 am

After a lot of digging...

emanuele smells a bug

In Register_Controller::action_register2 the login cookie is set using the member name (strtolower), the plain text password and the salt.
In any other place the login cookie is set and checked using the hashed password and the salt.
So, checks fail and user is kicked.

The bug could be a consequence of 1.0.7 patch, and requires a couple of changes.
In Register.controller.php:

Code: [Select]

setLoginCookie(60 * $modSettings['cookieTime'], $memberID, hash('sha256', Util:
:strtolower($regOptions['username']) . $regOptions['password'] . $regOptions['register_vars']['password
_salt']));

becomes:

Code: [Select]

setLoginCookie(60 * $modSettings['cookieTime'], $memberID, hash('sha256', $regOptions['password_hash'] . $regOptions['register_vars']['password_salt']));

and in Members.subs.php:

Code: [Select]

        $password = $regOptions['password'];
 
        // Some of these might be overwritten. (the lower ones that are in the arrays below.)
        $regOptions['register_vars'] = array(
                'member_name' => $regOptions['username'],
                'email_address' => $regOptions['email'],
               'passwd' => validateLoginPassword($password, '', $regOptions['username'], true),

becomes:

Code: [Select]

        $password = $regOptions['password'];
       $regOptions['password_hash'] = validateLoginPassword($regOptions['password_hash'], '', $regOptions['username'], true);
 
        // Some of these might be overwritten. (the lower ones that are in the arrays below.)
        $regOptions['register_vars'] = array(
                'member_name' => $regOptions['username'],
                'email_address' => $regOptions['email'],
               'passwd' => $regOptions['password_hash'],

TBH I have not tested these very deeply, so it may break something, but the "immediate registration" makes the user immediately logged in.

Re: Member booted out upon signup

Reply #9 – January 15, 2017, 08:13:46 am

Quote from: Trekkie101 – January 15, 2017, 06:22:48 amWhen you setup an admin account on install you're auto logged in.

Kind of a different situation, to me.
I honestly don't dislike the idea of "login after you have registered", even only because people have the opportunity to let their browser remember the password properly.

Re: Member booted out upon signup

Reply #10 – January 15, 2017, 11:42:35 am

Ah .. bad cookies !

I don't think you have to make any changes in Members.subs.php, all we should need to do is set the cookie properly.

Code: (find) [Select]

			setLoginCookie(60 * $modSettings['cookieTime'], $memberID, hash('sha256', Util::strtolower($regOptions['username']) . $regOptions['password'] . $regOptions['register_vars']['password_salt']));

Code: (replace) [Select]

			setLoginCookie(60 * $modSettings['cookieTime'], $memberID, hash('sha256', $regOptions['register_vars']['passwd'] . $regOptions['register_vars']['password_salt']));

I think what you posted may be setting things up with a blank password + salt as $regOptions['password_hash'] is passed to the validator but its not set?

Re: Member booted out upon signup

Reply #11 – January 15, 2017, 12:18:19 pm

Thanks Spuds and Emanuele for addressing this. (I do see your point too Emanuelle about the browser remembering the password). I really do think however, I would be losing members due to this kicked out action. There's plenty other forums they can go to in my forums subject matter and I want to keep them.

Can this be corrected in the next release, maybe even a "tick box" to be able to choose to "auto login member on signup" box.? I hate messing with core files, as the next release will wipe my changes. I am going to make these changes for now though. Thanks again

Re: Member booted out upon signup

Reply #12 – January 15, 2017, 12:21:52 pm

Quote from: Trekkie101 – January 15, 2017, 06:22:48 amWhen you setup an admin account on install you're auto logged in.

Would really like new members to be able to do this too.

Re: Member booted out upon signup

Reply #13 – January 15, 2017, 12:58:39 pm

Quote from: Spuds – January 15, 2017, 11:42:35 amI don't think you have to make any changes in Members.subs.php, all we should need to do is set the cookie properly.

Guess you are right. xD

Re: Member booted out upon signup

Reply #14 – January 15, 2017, 01:23:11 pm

Is it Register.controller.php that I am looking for to use Spuds changes? If so can you give me a location on the file?