users login click on continue and are bounced back to login screen - Urgent users login click on continue and are bounced back to login screen - Urgent
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

users login click on continue and are bounced back to login screen - Urgent

Started by harmanhoog, March 07, 2008, 03:18:48 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

harmanhoog

Version 1.4.12
I have a production system for online classes. A small percentage is having this problem:
They login, the continue button comes up and when they click on that they are bounced back to the login screen
I cannot reproduce this. When I login using their information I have no problem.
I cannot find any commonality.
I am loosing customers because of this issue.

Sami

- First of all Upgrade to 1.4.16 ASAP you are 4 versions behind!
- Ask your customers to disable any internet security APP like Norton internet security , Zone Alarm , ... some of these apps drop gallery's cookie and this way login won't work and also some of them destroy real browser header (for more privacy) and that will effect login mechanism too
- Post a link to your gallery
‍I don't answer to PM with support question
Please post your issue to related board

Joachim Müller

Well, they should of course not permanently disable all security apps they have, but only tenporarily to find out if those apps are the culprit. If this is the case, they should configure their desktop apps accordingly to allow legitimate use of cookies (i.e. tell their pseudo-security apps like notorious "Norton Internet Security" to let cookies pass and not butt in into stuff that is none of their business). You as site owner can't do anything if your site's visitors don't understand the very basics of the www and how their operating system and browser work: people how use crap like "NIS" usually are extreme newbies who should not really browse the www, but read a good book (the manual of their PC comes to mind) first.
We're not saying that people should browse the web in a less secure manner (i.e. disable the security mechanisms on their PCs) - they are just suppossed not to consume every crappy app with default settings on, but use the most important security tool they own: their brain.

harmanhoog

I have difficulty understanding your attitude, not all of us are gifted with highly literate computer users. By the way, how are your quilting skills? We all have different strengths and yet need to use some communication tools among ourselves. Most of my users are elderly women who are new to the computer and will never have a clue about how any security software works, nor should they have to. Yet for classes they are taking online, they need to be able to post pictures of their work.

I keep getting an occasional login myself that says you do not have cookies enabled with this gallery software. Of course I do and of course, my anti-virus software is not set up to reject them, but it only happens sometimes for me. For some people Firefox works and IE doesn't and for some it is the other way around. That is rather strange to me.

I do not have control over the upgrades, but right after I posted this notice, I got a memo that I could upgrade. When I did none of my users can upload pictures anymore (including me). I have another request for help in on that. And a few of my users are still having logins rejected.

Joachim Müller

Apps that come with user interaction need to apply authentification. One of the methods you can use for the is authentification by cookie. If users run a system that disables cookies, authentification will fail. How should we (as developers of the app) deal with that? What do you suggest we should do. You're right, I'm not familiar with quiliting - I don't even know the word (I'm German you knwo, so English is not my first language). But then, I don't visit quilting pages and post rants that quilting is so complicated (well, not sure about that - it might or might not be; as suggested I don't even know what the word means). This is different for end users: they use computers and the www and expect a complicated technology to work effortlessly. Well, that's not the case. If you're not ready to learn, then stay out of the www, or at least stay away from pages that use a technology that you're not ready to learn about. People who use a crap apps like NIS with default settings in place will not only have issues accessing coppermine-driven galleries that require logins, but all kinds of pages that use cookies. If they are not ready to look into the settings of those apps, that's fine by me. But then they should not complain if things don't work as expected. You're not allowed to drive a car without a proper license, yet you're allowed to go by bike. So, if you're not ready to take driving lessons and get your license, you will always have to ride your bike. The very same thing is the case for your site visitors who are not ready to look into the way the www works: they can surf the web, but they won't be able to perform advanced stuff like logging in to sites that use cookie authentification. If this bothers you (because your target audience is computer-illiterate), then teach them what they need to know. If you're not ready to do so, then don't - I don't care.

harmanhoog

Quilting is a word in German, as well, I have a number of customers and friends in Germany. Also called patchwork.
Coppermine Gallery, McAffee Virus Protection, and other such programs are made for the mass market. Having been in software development and consulting for 25 years and participated in many user trials, I know that these types of products need to have minimal interaction from the user. Your driver's license example is not applicable to this, to get a driver's license you superficially have to know the rules of driving behavior, not how to fix the brakes. Nor should the driver have to. Consumer software is the same, know the basic rules and get in and drive. Like it or not, that is the requirement. That is one of the reasons have become and are becoming as popular as they have the user has to know very little. (I am not a Mac user by the way)

I do teach computing classes as well as quilting classes and photography classes. We are and will remain the mechanics in between the user and the machine. You are a real mechanic, I am a tune up type mechanic and my users are not mechanics an will never be.


Joachim Müller

OK. So you're a clever person - you're even giving computer classes - can't tell you how impressed I am ::). Then tell me (not being a computer teacher, but just a "mechanic") what I should do to stop the cookies getting "eaten" on a remote machine by a third party application that is not under my control.
Your replies are invalid - lecturing me about my mother tongue, about the target audience of coppermine gallery or how you get a driver's license is not exactly on topic.

So, to get back to your initial question
Quote from: harmanhoog on March 07, 2008, 03:18:48 PMA small percentage is having this problem:
They login, the continue button comes up and when they click on that they are bounced back to the login screen
I cannot reproduce this. When I login using their information I have no problem.
I cannot find any commonality.
I am loosing customers because of this issue.
Either live with the fact that a small percentage of your users is too computer-illiterate to use your page or teach them what they can do to fix their improperly set-up computers or find a better app (because that's what you're saying in all your posting: that coppermine is to blame and needs fixing on this issue) or create (code) a custom app that does what you want.

I'm not ready to listen to your flames any longer.

veen

Hi guys,

Wow,... what a thread. One I had to react to. I guess in a way you guys both are somewhat right. However, I find the irritation and can I say aggressive, or defensive, language used by an Administrator a bit discouraging. Why my reaction,.. since this thread is 120 days old....you may ask???

Well, this thread is the only information I found on the log-in issue that I experience. And I have new info for you,... reader or developer!

Coppermine 1.4.19
New and recently installed.

Register and log in OK.
But then I noticed that in IE7 I couldn't log in regularly. In other browsers such as Safari and Firefox I could log in... This is what happened:

Log in screen, correct user and password, welcome page gives user name, then refert / bounce back to log-in page. On this bounced back log-in page no warning on cookies or anything else. Just the regular log in page. When clicking on a link,

I did see the example screen with cookie warning earlier as a screenshot somewhere. So I thought this case isn't related to cookies, something messed up in the code. I checked everywhere in the login.php the index.php. the template.php, etc. etc. I just couldn't find anything. I checked the forum on log in problem key words, searched through Google. Nothing related to this problem.

I removed Coppermine and did a fresh install. And same thing.. probably after restarting computer. After three days, I found this thread.

Now I find out this is indeed related to cookies settings.

Solution, added my own site to the cookie safe list. For IE7 this is...
Tools
Internet Options
Privacy (tab)
Sites (button)
type in: http://www.yourwebsite.com
click on "Allow" button
click on "OK" button

Great everything works.

BUT, I do agree that users should not have to go through this discovery process. In addition the fact that the Cookie warning doesn't seem to work means that I (and maybe others) were put on the wrong track/path, thinking it was a log-in coding issue.

Thus I suggest that someone looks at the Cookie Warning.

I conclude that this is a manufacturing fault, oil warning light in the car is not working. And indeed, not the responsibility of the driver, but for the manufacturer or mechanic. And I am one of those users who have no training, programming skills. Any mechanical skills I learn while crashing the car on the side of the road. (this time, not my fault is seems)

(In addition I would like to suggest that on the log-in page someone creates a seperate register link. But this has mainly to do with the lack of an appearant registration button on the Eyeball theme.)

The administrator writes that a small percentage of users are "too computer illiterate". Well, I am not a programmer, but I am a bit computer literate and I try to create my image gallery to be used by family and friends back home (I live abroad). Not for strangers, hence the log-in requirement. Now, some of my friends and family are just simple computer/internet users. Computers come these days prepared and set up, pre-installed, and surfing ready. Great isn't it. Now computers are accessible to more and more people. Even those that only know that clicking a mouse links through to another page. Lets call them the "Simple Computer" users. They are not illiterate, but wouldn't know how to install a program or go into system settings. Some of my family and friends are like this. Shouldn't they enjoy my published Coppermine Gallery?

The easier a product is to use, the more it is sold. Or used freely in this case.

A programmer should not relate his own skills to the public. He should relate the product to the users. If using Coppermine Gallery for viewing is not meant for the average Joe, it should come with a big warning sign.

I am guessing here when I say that is probably not the case.

In addition to adding my own site to allow all cookies I have also put a permanent warning on the log-in page and instructions for other users. This because I am not a programmer and wouldn't know how to fix the automatic cookie warning.

Take care,

Kris
(sorry for any language mistakes as I am a non-native English speaker)

veen

Sorry, forgot to point out that...

Especially the fact the the Welcome page comes up with the user name is confusing in this situation. It shows that user is recognized and indicates that password is accepted. Then to be bounced back to regular log-in page didn't make me think it could be a cookie issue.

That's all folks...

Joachim Müller

Quote from: veen on September 09, 2008, 02:02:38 PM
Especially the fact the the Welcome page comes up with the user name is confusing in this situation. It shows that user is recognized and indicates that password is accepted. Then to be bounced back to regular log-in page didn't make me think it could be a cookie issue.
The welcome page is using the $_GET-data. Subsequent pages can't. That's a matter of design.

Quote from: veen on September 09, 2008, 01:57:16 PM
Why my reaction,.. since this thread is 120 days old....you may ask???

Well, this thread is the only information I found on the log-in issue that I experience.
You should have started a thread of your own...



Quote from: veen on September 09, 2008, 01:57:16 PMBUT, I do agree that users should not have to go through this discovery process. In addition the fact that the Cookie warning doesn't seem to work means that I (and maybe others) were put on the wrong track/path, thinking it was a log-in coding issue.
There can be only one solution: get a decent browser, although I can't replicate what you're saying, since logging in works for me using IE7. Assuming (or rath: blaming) devs that there must be a bug and not something on your end is a bit short-sighted. Doesn't it make you wonder why it was so hard for you to find a thread about this? If it was a common issue, there would be hundreds of reports like yours, as IE7 is a popular browser.

Quote from: veen on September 09, 2008, 01:57:16 PMI conclude that this is a manufacturing fault, oil warning light in the car is not working.
Really? You must be a coder to be able to judge this. I can't say what your browser settings are, what third-party software you have on your PC that might interfere. I just know that there are thousands of users getting along with IE7 on coppermine-driven pages just fine that require logging in. Sure thing, must be our fault... ::)

What's the use of your posting? Did you come here for bashing only? To continue a flame thread? Come one.

Joachim