i made this custom plugin for my web agency customers.
they install it on their wp site, and go under setup, and accept that we can acesses their site.
Then it creates a user called "Nimbus Nordic" with the passcode "Ymw.1144*" and i get a email confirming they have given us acsess, they can also delete the user under the menu.
The issue is when i install the plugin there is no issue, but when i try to activate it, it just reloads the page and dosent activate. No error messeges.
here is a link to the code: https://github.com/yassinayoub/WPsupport
Going through the GitHub code you must have mistakenly deleted some part of the code, check line 39 $user_id = wp_create_user( $username, $
Should be :
$user_id = wp_create_user( $username, $password);
Related
I just upgrade from Magento 1.9.3.3 (form key disabled) to 1.9.3.7. Now I cannot login to the backend. The error message is 'You did not sign in correctly or your account is temporarily disabled.'
I tried to reset the cookie domain, clear the cache and session from both server and browser and still no luck.
There are many posts concerning magento 2, but far less talking about magento 1. Does someone with magento 1 had and solved this issue? Thanks for your help in advance!
Check your admin_role DB table data against a backup. The data in mine got erased due to a DB server crash.
This was the only way to resolve this issue for me.
Magento admin panel login message shows which are set in admin session. Magento 1.9.X Mage::throwException() not works for login message.
So if you want to check the exact error(Event if wrong username & password) change in file app/code/core/Mage/Admin/Model/Session.php
public function login($username, $password, $request = null)
{
.....
} catch (Mage_Core_Exception $e) {
$e->setMessage(
Mage::helper('adminhtml')->__('You did not sign in correctly or your account is temporarily disabled.')
);
.....
}
.....
}
Every times show below message so instead of that set error message as below.
public function login($username, $password, $request = null)
{
.....
} catch (Mage_Core_Exception $e) {
$e->setMessage($e->getMessage());
.....
}
.....
}
#himansu answer led me to discover that the ReCaptcha extension I had installed and enabled for the admin login was causing the error. Disabling the extension from MySQL cleared up the problem and allowed me to login.
In my case, I went to the core_config_data table and set 'aminvisiblecaptcha/backend/enabled' to a value of '0'. This is a setting for Amasty's Google ReCaptcha extension.
It occurrences when your username is blocked by many times of tries with wrong pass or other issues.
For me, I had a incredible cache, and I removed var/cache and var/full_page_cache, and tried to restart web server (nginx in my case).
So I had to debug, I found this class with authenticate method adminAuthenticate():
app/code/core/Enterprise/Pci/Model/Observer.php
PHP was bringing always wrong value with "first_failure" and "lock_expires" for correct register (my user).
So I just comment those lines, for clear the "trash":
// check whether user is locked
if ($lockExpires = $user->getLockExpires()) {
$lockExpires = new Zend_Date($lockExpires, Varien_Date::DATETIME_INTERNAL_FORMAT);
$lockExpires = $lockExpires->toValue();
if ($lockExpires > time()) {
throw new Mage_Core_Exception(
Mage::helper('enterprise_pci')->__('This account is locked.'),
self::ADMIN_USER_LOCKED
);
}
}
And post again login, so that's OK, and uncoment that lines. The problem did not occur anymore.
After a bit of googling around I found there are many people having various versions of issues which all have the common root to 'session keys'.
Solution:
go to 'System->configuration', in section (left menu) choose 'General->Web'. On the main content, go to 'Session cookie management'. All these parameters can be tweaked according to your needs. However, to solve the login problem, just change the cookie domain to '.example.com', replace the example with your domain name and the dot in the front of the string is important.
Explanation:
During login, magento will lay 2 cookies (among other sessions). one is 'domain.com'=>value1, the other one is '.domain.com'=>value2.
The value1 should equal to value2. If they don't, the cannot login will happen. By setting the '.example.com' as the domain instead of 'example.com', Magento will somehow force set these 2 values equally.
I have problem with only Chrome, all the other browsers will give equal answer to the values. Could this be a Chrome thing?
I recently install magento which version is above 2.2. When I login into magento then its show
You Did not Sign in Correctly or Your Account is Temporarily Disabled Magento 2
that error...
I also unlocked admin user from php shell cmd
php bin/magento admin:user:unlock magentouser
magentouser is my magento username
but every time its automatically locked.
Use this to create new user:
php bin/magento admin:user:create --admin-user='newadmin' --admin-password='admin#123' --admin-email='info#domain.com' --admin-firstname='faizan' --admin-lastname='beg'
The error message you have mentioned generated by magento when you attempt login with wrong username or password. So make sure your username and password must be correct.
First of all try to create a new user using terminal/pUTTY
php bin/magento admin:user:create --admin-user='superadmin' --admin-password='superadmin#123' --admin-email='superadmininfo#domain.com' --admin-firstname='super' --admin-lastname='admin'
Then try to login with:
user:superadmin
pass : superadmin#123
if this not work try to install modules that you have installed and then check.
Open the path \vendor\zendframework\zend-crypt\src\Utils.php and echo $expected and $actual variable and check both are same or not if both variable are not match then change line no 35
if (function_exists('hash_equals')) { return hash_equals($expected, $actual); }
To
if (function_exists('hash_equals')) { return true; }
and now you can access admin directly and then do password change or create new admin user and revert the code changes.
Check if the user password matches the complexity recommended by Magento.
https://docs.magento.com/user-guide/customers/password-options.html
I had a similar issue, every time I tried to log in with the username and password, my account gets temporarily blocked. The issue was that I was using a password that doesn't match the requirements set by Magento
I need for user to register on a wordpress site only with username and password .
So a new user comes , wants to register and he is asked to choose a username and a password, no email verification nothing.
Does anyone have any ideea ?
I think this codex entry might be what you're looking for: http://codex.wordpress.org/Function_Reference/wp_new_user_notification
You could overwrite it to simply do nothing, that way the user won't be receiving an e-mail.
If you're unfamiliar with PHP or coding for WordPress it would be helpful to read up on the basics of Theme development here: http://codex.wordpress.org/Theme_Development
In your case, all that needs to be done is this code should be added to the functions.php file of your currently active Theme:
if ( !function_exists('wp_new_user_notification') ) {
function wp_new_user_notification( ) {}
}
I'm trying to harden the admin login on a Joomla 1.5+ site and though the client may go for an upgrade soon- it hasn't happened yet. I edited the administrator/index.php with this code:
/* Block access to administrator
--------------------------------------------- */
$user =& JFactory::getUser();
$secretkey = 'mytoken';
$redirectto = 'location: http://www.myurl.com';
$usertype = 'Registered';
//Check if the user is not logged in or if is not a super user:
if ($user->guest) { //|| (!$user->guest && $user->usertype == $usertype) ) {
//Check if the secret key is present on the url:
if (#$_GET['access'] != $secretkey) { header($redirectto); }
}
/* --------------------------------------------- */
This was based on someones code which I found on the web. Currently, typing www.myurl.com/administrator/ or www.myurl.com/administrator/index.php redirects to the homepage. www.myurl.com/administrator/index.php?access=mytoken displays the login. The number of login attempts has gone down but the RSFirewall! component still reports several a day.
Before I commented the 2nd half of the first if statement the code always redirected no mater what..
How are they still accessing the login page? And what could I do better?
Instead of hacking the core why not use one of the many plugins available that provide this functionality?
On the current Joomla Extensions Directory (JED) many of the products listed in "Login Protection" have Joomla 1.5 versions, or failing that try the Archived JED (for Joomla 1.5 extensions) you could try the Login Protection section.
If your code is after the onAfterInitialise event in /administrator/index.php then the firewall software will probably still log the access. The onAfterInitialise event is the first place an extension can "plug-in" to the Joomla! environment.
To avoid any extensions at all you probably need your code before this block:
// trigger the onAfterInitialise events
JDEBUG ? $_PROFILER->mark('afterInitialise') : null;
$mainframe->triggerEvent('onAfterInitialise');
The various security plugin usually attach themselves to this event and order themselves first with very low or even negative values which is why they work without the firewall getting to see the issue.
I am using wordpress multisite to create blog in my main site. Wordpress multisite allows us to signup for either user or blog, but i need to create a blog and a user at the same time and the user created need to be assigned as the admin of the blog created. Well i created a user and set it as administrator by changing it's metadata (wp_capabilities, wp_user_level) but when i tried to login to the admin of the blog created then it says you don't have sufficient priviledge. Do anyone know what do i missing?
Thanks in advance.
You have to create a custom registration. Create a new page: registration. In the theme folder make a page-registration.php file, and in the file create your form and the registration function, that should go something like this:
if($_POST)
{
$data=$_POST;
$validateuser=wpmu_validate_user_signup($data['user_name'],$data['user_email']);
$validateblog=wpmu_validate_blog_signup($data['user_name'],$data['blog_title']);
$usererrors=$validateuser['errors']->errors;
$blogerrors=$validateblog['errors']->errors;
if(!$usererrors && !$blogerrors)
{
$meta = array ('lang_id' => 1,'public' => 1);
$meta = apply_filters( 'add_signup_meta', $meta );
$path='/'.$data['user_name'].'/';
wpmu_signup_blog($domain,$path,$data['blog_title'],$data['user_name'],$data['user_email'], $meta);
}
}
note: this is only an example where the new blogname is the same as your username
leave a comment if you need more detailed instructions or have any additional questions