Joomla! Discussion Forums

Thanks Guys
This is fantastic i never had this type of responce mambo keep up the good work

Swampy

I have blogged about the change and included a screen pic:
http://dev.joomla.org/component/option, ... d,33/p,28/

Hi Gram
it seems to be working now fine I have asked the AOL users that were moaning if they could login ok and out of 25 users only 3 replied and said yes no problems

Thank you for your support

Mark

Excellent news Mark!

Thanks for reporting back your status.

GRAM

Stingray i have implemented the above with no problem until i come to use WYSIWYG editor i use mosCE 1.0.3 but this now fails to work i am not sure if this is a bug with the code when i click the button to upload flash, image, pop-up etc the pop up stays blank and says done if i restore the original file the editor work no problem

this is a heads up not sure if this is the right place to post this

Thank you
Mark

Where can the 1.0.x SVN file be located? 

Here?                http://forge.joomla.org/sf/frs/do/viewS ... joomla/frs

Thanks,

Trying to fix the AOL problem.

There is going to be some affect on 3rd party addons by this change - especially bridging software.

Compatability levels are something that we strive to maintain throughout Stability/Security releases. 
However, if a security issue exists, then compatability will be sacrificed for the sake of security.

As to whether this bug you see is due to these changes I cannot say.  Best to noticy the mosCE developer to seeif they can solve the problem.

http://scm.joomla.org/svn/repos/joomla/branches/1.0

However, I would really caution accessing SVN and patching from this yourself - expecially for a live site - unless you are experienced with the use of SVN and are knowledgable enough to handle any possible problems that may occur be undertaking this process

Thanks...and I'm not experienced in it myself...however, my site is live and AOL users are going to have a big problem which is going to give me a big problem with my client...

Would appreciate any help and/or guidance...is there someone I can hire or should I wait it out for 1.0.8?

TIMCOweb

If you can wait a few days then I would wait for 1.0.8


If it is totally mission critical than I can assist and can be contacted by PM.

PM? remember I'm a newbie

Personal Message option - one of the little icons under a users avatar/picture

This was working great for me, but now I am noticing that in my Who's Online module some of the users are showing up as their session string instead of their names.  If they clear their browser cache and cookies it returns to normal for a little while but comes back when they login again. Here is an example:

    * 20376006a9e025b0dd624d504b761113
    * 4ca2c700f908cb798df0e7b396443d8c
    * mkemichael

Does anyone know what this might be and how to correct it?

Thanks!

During compatibility tests with CB RC2 and 1.0, we troubleshooted and corrected this problem

Rey has put this fix and others found during these tests in 1.0 svn   look at the includes/joomla.php file there.

More to come

Yes big thanks to the CB team - in this case Beat & Trail - this issue was discovered a solution proposed and now is committed to 1.0.8 SVN in fairly short order

That did it.  thanks to all of you for you great work.

I just installed 1.0.8 to replace a mambo implementation.  I have the security setting at "2" to allow support for AOL, however; after the user clicks a few links, they are logged out.  They remain in the Who's Online listing, and are unable to relogin.

Any explanations ? I thought this was fixed. 

Please help...

There are a couple of possibilities.  If these users logged in after you made the switch, then really only one.

AOL has many different proxy banks, some exceed (in IP addresses) 256 different IP addresses.  If your AOL user (is there more than one having the problem??) may be behind one of these larger proxy banks.  The solution now implemented was a quick and easy way to accomodate the vast majority of them, but will not address these largest proxy banks.

Since a server has no way to determine the network address range from a users browser, there is no easy answer for these larger proxy banks.  The only thing you can do is open the session security in a way that could potentially be hacked by very large numbers of users, for example to eliminate IP validation altogether.

There are a couple of work arounds.  One is they can use the "remember" option when they login (I think this still works).  This will inflate the logged in user count on your "who's online" module (and increase the number of sessions in your database), but that may be an acceptable option to accomodate these users.

You could also have them use Internet Explorer or Firefox rather than the AOL browser.

I don't know if this is the cause of the difficulty you are having, but maybe something here can help.

The majority of your AOL users should be able to access with normal logins, even with the AOL browser.  It has worked very well for me, with only a few sporadic failures, those being dial up users using the AOL browser and I suspect, users sitting behind these largest AOL proxy banks.

Sad thing is, AOL could fix this.  I don't know why they don't.

GRAM

Ok, I've put this hack in place on a site using 1.0.7 so solve a problem which I suspect is being caused by the users IP address changing during a session.

I'm using CB RC2 so it would be usefull to find out more about how to fix the problem that was identified.

But asside from that, while it mostly appears to work fine (I have yet to follow-up with the users that could not log in and will be closely monitoring over the next 24 hours) I did test it in IE7 Beta (in addition to Firefox and IE6) and while accessing the site and logging in is fine, logging out is not! Thousands of session entries are created in the database as if something has gone into an infinate loop and the browser eventually times out.

Is this a legit problem or just a bad Beta from MS?

Any suggestions welcomed.

The solution implmented into 1.0.8 core seems to be working correctly and form all reports works with CB.

As to implmenting it into 1.0.7 this is another issue as there are multiple problems with session management in 1.0.7 and below, which were addressed in 1.0.8

So it is possible, one of the other session management problems is affecting your patch attempt.

AOL users of one of my sites have been complaining about this. Has there been any additional thought on a non-hack (read "permanent") solution to this problem? Can a visual security code be added to the login process and used instead of the IP address? I have removed the Remember Me checkbox from the login module, and that may have been how some members were using the site. I am not too keen on implementing gram's hack, but if that's all we've got I guess I may have to. All my sites have been upgraded to 1.0.10 and CB 1.0.1.

By the way, I have at least one member using AOL over dial-up and he says he doesn't see this problem. The main issue for me is that AOL broadband users can't use the site because they remain not logged in as their IP address constantly changes. Does anyone who uses AOL know if there's a setting in that software to make it not do this?

Thanks in advance. Please move this message if this is no longer the appropriate thread.

Ciao,
Bruce

What exactly do you mean by "this"?



Which hack? The outcome of this thread has been implemented in 1.0.8, there is no need to hack any core files anymore.



Have you read this? http://dev.joomla.org/component/option, ... d,33/p,28/
Setting the security level to 2 (Allow for proxy IPs) or 1 (Backward compatibility) shouldn't give you any trouble with AOL users.

As I said in my post, the main issue is that AOL broadband users can't use the site because they remain not logged in as their IP address constantly changes (after attempting to log in, of course). I have 1.0.10 installed and I am still getting emails from AOL users who say they cannot log in, yet I see them logged in when I check. Perhaps you were referring to the session count incrementing out of control. 1.0.8 did fix that.

GRAM posted a hack (it appears in another thread) to joomla.php that includes changes to three different functions in that file. His changes were to the 1.0.8 version of that file, and it has changed quite a bit in the area he hacked since 1.0.8.

I hadn't seen the post you referred to, but I have selected security level 2 and will invite one affected user to try it out.

Thanks for your reply! 

Bruce

The changes (beyond Gram's hack) were basically to make it fit more nicely in the core.  It is all pretty much the same as Graham's hack, just cleaned up a little more for better usability/configurability through the admin panel.  Gram did a stellar job by taking the lead on that fix (I should mention).

If security level 2 still garners complaints from AOL users, just revert to level 1 for total compatibility and you should definitely not have the problems, although higher sessions counts may appear.  It's a trade-off, but option 2 is what I'm using (still from the hacked version, LOL, since I'm on Joomla v1.0.2 still

Two of my AOL users have reported that security level 2 is working fine with MSIE. However, one of them was still having trouble with the AOL browser. Perhaps it's a caching issue, but I don't know how to clear the AOL browser's temporary files. Hopefully in time it will clear itself and she can use either browser.

Thanks gram for the great job and to the team for their normal excellent attention to the issues that matter.

Bruce

Please note that Steve Graham's (GRAM) proposed solution to solve the login problems for AOL users and the high session count problem was fully implmented in 1.0.8 - no further hacking is now necessary since 1.0.8.

http://dev.joomla.org/component/option, ... d,33/p,28/