HTML Logo by World Wide Web Consortium (www.w3.org). Click to learn more about our commitment to accessibility and standards.

Moving forward with Composr

ocPortal has been relaunched as Composr CMS, which is now in beta. ocPortal 9 will be superseded by Composr 10.

Head over to compo.sr for our new site, and to our migration roadmap. Existing ocPortal member accounts have been mirrored.


Unable to login using OpenID

Login / Search

 [ Join | More ]
 Add topic 
Posted
Rating:
#93433 (In Topic #18683)
Avatar

Fan in action

Hi, i installed openid and not able to login using it :(
the website url is go4tek.com  
Back to the top
 
Posted
Rating:
#93434
Avatar

You'll need to give a lot more info - what provider did you try, was there an error message, what exactly happened (exact things, e.g. page reloaded straight back to login with no error, or button clicked and navigation didn't happen at all), etc.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#93435
Avatar

Fan in action

Chris Graham said

You'll need to give a lot more info - what provider did you try, was there an error message, what exactly happened (exact things, e.g. page reloaded straight back to login with no error, or button clicked and navigation didn't happen at all), etc.
The error message is as follow for google etc
Forbidden You don't have permission to access /oc/start.htm on this server. Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

I did move my website to the root dir from /oc dir i only changed the following in the info.php
base_dir and cookie:(


Last edit: by ancraz
Back to the top
 
Posted
Rating:
#93436
Avatar

Ah, I suspect your server has mod_security on it and somehow that is blocking the request. It does tend to result in a lot of annoying false positives.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#93437
Avatar

Talk to your web host about that. ^


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#93438
Avatar

Oh wait, just read last bit:
I did move my website to the root dir from /oc dir i only changed the following in the info.php
Try emptying your caches then, it should not direct to the wrong place like that.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#93439
Avatar

Fan in action

Chris Graham said

Oh wait, just read last bit:
I did move my website to the root dir from /oc dir i only changed the following in the info.php
Try emptying your caches then, it should not direct to the wrong place like that.
How do i do that :) please tell me
trying to fix the issue i deleted the entire we site file :(
but i still have the db , is it possible to restore the site


Last edit: by ancraz
Back to the top
 
Posted
Rating:
#93441
Avatar

Community saint

ancraz said

Forbidden You don't have permission to access /oc/start.htm on this server.
That looks like the cache problem, which you can clear using Admin Zone Tools Website cleanup tools.

ancraz said

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
That looks like there is ErrorDocument directive in /.htaccess which is still pointing to /oc/… .

You should check /.htaccess for other references to the old /oc/ directory.

ancraz said

trying to fix the issue i deleted the entire we site file :(
but i still have the db , is it possible to restore the site
That would depend on what kind of changes you made to the site, so the answers is 'maybe'.



Do you have a Samsung Galaxy S / Galaxy S II ? If so, why not check out my ScreenFree FM Radio .
Back to the top
 
Posted
Rating:
#93443
Avatar

Fan in action

temp1024 said

ancraz said

Forbidden You don't have permission to access /oc/start.htm on this server.
That looks like the cache problem, which you can clear using Admin Zone » Tools » Website cleanup tools.

ancraz said

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
That looks like there is ErrorDocument directive in /.htaccess which is still pointing to /oc/… .

You should check /.htaccess for other references to the old /oc/ directory.

ancraz said

trying to fix the issue i deleted the entire we site file
but i still have the db , is it possible to restore the site
That would depend on what kind of changes you made to the site, so the answers is 'maybe'.


I completely deleted all the files fom the server by mistake so i fixed it by doing a fresh install and pointing it to the old db , as you told i rewrote the .htaccess and now the site is back up  :thumbs:
still i have a problem with the openid the new error is as follow 
Forbidden

You don't have permission to access /start.htm on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

Apache Server at go4tek.com Port 80
Back to the top
 
Posted
Rating:
#93446
Avatar

Community saint

ancraz said

still i have a problem with the openid the new error is as follow  Forbidden

You don't have permission to access /start.htm on this server.


As I can go to /start.htm without problem it might just your browser cache.

I don't think its an openID specific problem because is complaining about /start.htm which every one has access to.

Have you tried logging in without using openID ?

Do you have a Samsung Galaxy S / Galaxy S II ? If so, why not check out my ScreenFree FM Radio .
Back to the top
 
Posted
Rating:
#93448
Avatar

It may well be mod_security after all.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#93450
Avatar

Community saint

It certainly looks like its mod_security.

If ancraz has the same problem when logging in without openID then that pretty much guarantees it.

Do you have a Samsung Galaxy S / Galaxy S II ? If so, why not check out my ScreenFree FM Radio .
Back to the top
 
Posted
Rating:
#93452
Avatar

Fan in action

Chris Graham said

It may well be mod_security after all.



temp1024 said

It certainly looks like its mod_security.

If ancraz has the same problem when logging in without openID then that pretty much guarantees it.


I am able to login without openId , the regular login works as well as facebook login
Back to the top
 
Posted
Rating:
#93453
Avatar

The mod_security rules work on analysing requests, and the openid request likely contains many odd parameters which it thinks are hack attempts. Talk to your host.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#93459
Avatar

Fan in action

Chris Graham said

The mod_security rules work on analysing requests, and the openid request likely contains many odd parameters which it thinks are hack attempts. Talk to your host.
Is there any particular setting or config i should ask the host to look at  :$  to fix the mod_security in such a way that it accepts open id
Back to the top
 
Posted
Item has a rating of 5 (Liked by FletchLiked by Jean)  
Rating:
#93460
Avatar

Community saint

First ask your host to whitelist the following rules:
300076 340007 340011 340014 340016 340017 340021 340027 340029 340095 340113 340118 340128 340131 340133 340144 340147 340148 340149 340157 340159 340164 350147 350148 380006 380018 380019 380020 380021 380800 390707 390708 390709 390715 390727 390801 390810 390904 393449 950801 973331
That covers all the mod_security rules we currently know of that interfere with ocPortal (from Configuring mod_security - ocPortal.com ).

If openID still does not work for you then it means that there are new rule that need to be identified.

Doing a quick google search and it appears that Drupal has similar mod_security problems with openID. Although whitlisting rules 1234234 340151 340153 340163 seemed to fix their problem, I don't think we should blindly whitelist them for ocPortal.

To identify the ocPortal specific rules you will need to:

  1. Try logging in with openID
  2. Get a 'Forbidden' error
  3. Tell your host to whitelist the last mod_security rule that was triggered for your IP address, and ask them to tell you the rule number (so that you can in turn tell us)

Repeat steps 1-3 until you can log in with openID. If Drupal is any indication you should only need to do this about 4 times before it works.

Do you have a Samsung Galaxy S / Galaxy S II ? If so, why not check out my ScreenFree FM Radio .
Back to the top
 
1 guests and 0 members have just viewed this: None
Control functions:
 Add topic 

Quick reply   Contract

Your name:
Your message: