Log in | Register
  1. Forum
  3. Non-Commercial Extensions
  5. SCLogin Enhanced Login
  7. Is SCLogin and JFBConnect compatible with Joomla 3.3?

Topic-icon Is SCLogin and JFBConnect compatible with Joomla 3.3?

Active Subscriptions:

None
10 years 4 months ago - 10 years 4 months ago #43916 by mh1
All was working perfectly until the 3.3 update (SCLogin 4.0.5), but now I get this Apache system message when a user tries to log in or out using the SCLogin module:
"The page you are trying to access is restricted due to a security rule."
If you believe the security rule is affecting the normal operation of your website,
you can disable it by adding the following lines to your .htaccess file:

<IfModule mod_security.c>
# Turn the filtering engine On or Off
SecFilterEngine Off
</IfModule>

Any ideas?
Last edit: 10 years 4 months ago by mh1.
The topic has been locked.
Support Specialist
10 years 4 months ago #43922 by alzander
We've tested quite a bit with Joomla 3.3.0. JFBConnect v6.0.5 had a minor, minor update for 3.3.0 compatibility, but things would work just fine without it. The just-released 6.0.6 and 4.0.6 versions also had some other very minor changes, which again, shouldn't be necessary.

In general, there are no known 'big' issues with JFBConnect v6.0.x (any versions) and Joomla 3.3.0.

As for the issue you mention, I'd recommend trying the standard Joomla mod_login module to see if you run into the same issue. If so, it means it's more an underlying problem and not an SCLogin specific issue.

I hope that helps explain, but let me know any other details you figure out.

Thanks,
Alex
The topic has been locked.
Active Subscriptions:

None
10 years 4 months ago #43949 by mh1
Thanks for the reply Alex.

<<Edit>>
As I was typing this, I've discovered that it might be related to 'Encrypt Login Form'. If this is set to 'No' the issue disappears. Please note that this has always been on and the issue only arose after the upgrade to from Joomla 3.2 to 3.3 (and only on the homepage).
<</EDIT>>

I have been doing some troubleshooting and have found the following.

1. The issue is only happening on the homepage. SCLogin functions fine on all other pages

2. When you click the 'Log In' button after entering your details, you get the following message:

“Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection and could easily be read by a third party. Are you sure you want to continue sending this information?”

Again, this only happen on the homepage.

3. The site has SSL and both issues only happen when you try to login on the homepage via https (fine vie http)

4. This issue doesn't happen with the standard Joomla login module (mod_login)

5. I've updated to 6.0.6 and 4.0.6 and the issues are still present.

I will send you login details via PM if you would be kind enough to have a look. Please note that I have other login modules on all pages so that you can test (Stackideas guys are looking at other unrelated issues).
The topic has been locked.
Support Specialist
10 years 4 months ago #43956 by alzander

“Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection and could easily be read by a third party. Are you sure you want to continue sending this information?”

I'm assuming you're getting that message when the Encrypt Login Form setting is disabled, correct? That would be the normal behavior of a browser to notify you that you're submitting data to a non-https form when the current page is https-enabled.

As for your issue, I'm not sure why the Encrypt Login Form is throwing a security violation. The only thing that that setting does is change the URL of the form submission from:
http://domain.com/index.php
to
https://domain.com/index.php
That's the correct format for submitting credentials to ensure they are encrypted.

Feel free to send credentials, and we'll gladly take a look at your settings. However, I'll tell you now that there is very little we could like do. The mod_security extension is part of Apache itself and much lower than Joomla. If that's throwing the exception, your mod_security rules would need to be investigated to determine what exactly is being passed that's causing a problem. That's not something we could do with Joomla credentials, or would know how to do anyways. That's something I'd recommend contacting your host about.

One quick test, as always, is to revert to the standard Joomla mod_login module. Test to see if that has the same issue on the home page. If so, that completely eliminates the SCLogin module as being the problem.

I hope that helps,
Alex
The topic has been locked.
Active Subscriptions:

None
10 years 4 months ago #43963 by mh1
Hi Alex,

Perhaps I wasn't as clear as I could have been.

1. Login details were already sent.

2. This issue does not happen with the Joomla Login Module only the SCLogin is affected.

alzander wrote: I'm assuming you're getting that message when the Encrypt Login Form setting is disabled, correct? That would be the normal behavior of a browser to notify you that you're submitting data to a non-https form when the current page is https-enabled.


As stated, the issue does not happen if the Encrypt Login Form setting is disabled. It only happens if it is enabled.

The site is SSL enabled, but Firefox and Safari both detect the SCLogin fields as being unencrypted ("Password fields present in a form with an insecure (http://) form action. This is a security risk that allows user login credentials to be stolen").

I appreciate your help.
The topic has been locked.
Support Specialist
10 years 4 months ago #43980 by alzander
I'm very confused as to how your configuration is working. I just went into the admin area and disabled all instances of the SCLogin module. However, it still was always displayed in the top right.

Can you explain more about what page I should be testing from and what specific instance of the SCLogin module is implemented there (title, module id, template position)?

On the site, I'm also not seeing the error you mention in the current configuration. Is it setup in a way to show the error? If so, when should I see it and how? From what I see on the current page, the login form is set to submit to "/component/users/". That's a relative path of the current domain, which is secure, and should work, so it makes sense that I don't see the error.

Thanks,
Alex
The topic has been locked.
Active Subscriptions:

None
10 years 4 months ago #43984 by mh1
Hi Alex,

It is this one:

administrator/index.php?option=com_modules&view=module&layout=edit&id=223

I have the new Joomla Front end module edit enabled, so hovering over will tell you which position (Position 0). There's a Joomla Login Module (currently disabled) in the same position, so feel free to enable it for testing.

It is the one on the homepage. I disabled the option to send login details securely, as that was when the error was being thrown. Just enable it and you will see for your self. Naturally, I need this setting on, but with the issue, nobody can login.

The I enabled caching a few hours ago (Joomla plugin and Global Config), hence why you were probably still seeing the module. Just clear your cache and Joomla cache and you will be good to go.

Mark.
The topic has been locked.
  1. Forum
  3. Non-Commercial Extensions
  5. SCLogin Enhanced Login
  7. Is SCLogin and JFBConnect compatible with Joomla 3.3?
From the Blog
Facebook | Twitter | LinkedIn | Blog RSS