Elxis CMS Forum
Support => Security => Topic started by: Webcrawler on March 02, 2012, 22:43:44
-
I get an "Invalid Security Code" error when submitting a registration. This happens in both the latest versions of Firefox and Internet Explorer. The website is live. I installed elxis_2009.3_aphrodite_rev2684. My server's PHP version is 5.2.17. Sessions Path has been set in php.ini to /temp. Setting Cache to "No" did not help. If I disable Captcha, the registration gets submitted. There are a few posts on this issue in the Forum but none of them seems to have been solved. I have tried some of the suggestions but nothing has worked so far. Any help pointing in the right direction will be greatly appreciated.
-
Hello Webcrawler,
Please see this link and the link at the bottom of that page.
https://forum.elxis.org/index.php?topic=4149.0 (https://forum.elxis.org/index.php?topic=4149.0)
-
Hi exmanhattan,
I look at the links, but I am just an amateur and did not get it. Can you give me more specific instructions? Thanks!
-
The link to that page shows what steps were taken to solve a similar situation. The following link https://forum.elxis.org/index.php?topic=4160.0 (https://forum.elxis.org/index.php?topic=4160.0) is the probable solution to your problem.
Using your website, login and then click on system > view system info.
While there check permissions to make sure that all folders are writeable. Then check php info looking for differences between your local value and the master value. You will be looking for php settings that are discussed in the above link.
Also have a look at http://wiki.elxis.org/wiki/PHP_settings (http://wiki.elxis.org/wiki/PHP_settings)
-
worked for me, thx Webcrawler
-
Webcrawler,
There are many possibilities to problem solving.
First, the security code is generally numbers and characters and can be composed of upper and lower case, latin characters. So if you are not entering them exactly as shown then it will produce an error. The security code can be modified to numbers only if desired.
Secondly, if your problem is server related with the php.ini settings, then you will have to create a php.ini file using an editor and save it to the root directory / folder of your website. You can check your php settings through the Elxis control panel to compare settings to the link of the wiki.
If that does not work, let us know.
-
Off-topic : I can't see here the word 'Joomla' even if there is on signature area. >:(
-
Yes, scept1c is a naughty person!
-
Thanks xmanhattan, but still can't get it to work. Unfortunately the links you provided are not suggesting anything more than what I have already done. It suggest the changes required in the php.ini file.
My php.ini file is:
allow_url_fopen = Off
short_open_tag = Off
register_globals = Off
display_errors = Off
magic_quotes_gpc = Off
date.timezone = "America/Los_Angeles"
session.save_path = "/home/virtualg/tmp"
disable_functions = "system, exec, passthru, shell_exec, suexec, dbmopen, popen, proc_open, disk_free_space, diskfreespace, set_time_limit, leak"
I am attaching my phpinfo printout for you to check out. Maybe you will see something that I don't.
-
Well after looking at your phpinfo, I don't see anything out of the ordinary.
I am going to suspect the disabled functions. Put a hash in front of that line and see what happens.
On my host, I was not able to disable all of them so that might be causing the same for you.
If after that, it works, then if you will be forced to enter them one at a time to see which one is causing the problem.
-
No luck! I commented out disable functions but did not work.
-
Comment the session.save_path = "/home/virtualg/tmp" also. That is not generally necessary.
Also have a look at this: https://forum.elxis.org/index.php?topic=4149.0 (https://forum.elxis.org/index.php?topic=4149.0)
-
Hi Xmanhattan,
It worked this time, by commenting out session.save_path. Thank you for your help. Out of curiosity, will there be any side effects from commenting out session.save_path to the temp directory?
-
There is no problem in leaving it that way. Glad that it works.
-
Hi Xmanhattan,
I just noticed that the "Invalid Security Code" error is still showing up when someone tries to register. It worked at first when I commented out session.save_path, but seems that it only worked temporarily. It is not working now. I tried changing the Cache in Global Settings and it worked a couple of times but eventually the error comes back again. Please help. Thanks!
-
Have been testing it for the last 2 days. Still getting "Invalid Security Code" error. It works occasionally with "Standard" Global Cache setting and "session.save_path" commented out. I have also noticed that after a registration is successful, other following registrations (using different computers) get an error saying "Warning, please try back in a few seconds." Not sure what it is about. Any suggestions will be appreciated.
-
Try placing a comment before #disable_functions. As each server has different configurations, you will have to test the disable_functions that you use one by one.
-
I tested by commenting out each one of the disable_functions, but none of them worked. I either get "Invalid Security Code" or "Try Again in a Few Seconds." Mostly "Try Again in a Few Seconds."
-
You are testing this using the full url including www I assume?
-
Yes.
-
Can anyone help me with this issue? My site is up and running but people can't register. Help will be greatly appreciated.
-
Can you please send me via Private Message an FTP + Administrator access to check this out. As i can see your website is : http://www.virtualgate.com/.
-
It's OK. Please make some tests and verify me that everything work properly!
TIPS
- Disable the PHP Functions PHP functions system, exec, passthru, shell_exec.
- Don't use Cache on your elxis website. It's no need for Static or Standard Cache.
-
Thanks! I will test it.