Community Support Forums

Re: security bug?

2011-05-13T23:54:21-05:00

I'm glad that solved it for you.

Statistics: Posted by Cristián Lávaque — May 13th, 2011, 11:54 pm

Re: security bug?

2011-05-13T22:30:49-05:00

Hey, sorry. Yes the problem does go away when I log out from admin. So sorry to have bothered you with this.

I have another question about redirecting login to the login welcome page for the author role. I will start another thread.

Statistics: Posted by rcherry — May 13th, 2011, 10:30 pm

Re: security bug?

2011-05-13T22:09:45-05:00

DJEcon, could you start a new thread in this forum about your problem, and give as many details as possible to reproduce your problem? viewforum.php?f=4

Thanks.

Statistics: Posted by Cristián Lávaque — May 13th, 2011, 10:09 pm

Re: security bug?

2011-05-13T22:08:01-05:00

rcherry, sorry I took so long to notice your thread, it was in the general WordPress forum instead of the s2Member specific one (the one I monitor). I moved it here now.

I did a little test and, with free registrations off, I am shown the registration link in the login page if I'm logged in as an admin, if I log out, then the link goes away...

This is just weird WordPress behavior, why even show the login page or registration one to a logged in user, not to mention admin, is beyond me.

Does your problem go away if you're not logged in?

Statistics: Posted by Cristián Lávaque — May 13th, 2011, 10:08 pm

Re: security bug?

2011-05-12T20:42:41-05:00

Sorry I don't have an answer for your issue either. I use this for club membership where members are at level 0. No paypal involved.

Statistics: Posted by rcherry — May 12th, 2011, 8:42 pm

Re: security bug?

2011-05-12T20:00:04-05:00

Aha . . . it IS different. Seems as though we need help from the PROS. Sorry I don't have a solution for you. I don't have open registration either, but I do have 2 membership levels managed by S2Member and PayPal; those who pay us by check are entered in manually by me. Good luck!

Statistics: Posted by DJEcon — May 12th, 2011, 8:00 pm

Re: security bug?

2011-05-12T19:16:27-05:00

Not quite the same issue. When I click on "Lost Password?" then enter my email address I do get an email message with a link to click that takes me to the Login page. The issue is that on this page there is a link to register, even though in s2member admin I chose not to allow open registration. From the register link I can register an account on the site and I don't want to allow registration. All users are to entered by the sysadmin.

Statistics: Posted by rcherry — May 12th, 2011, 7:16 pm

Re: security bug?

2011-05-12T16:50:48-05:00

Yes, I think I'm having the same or similar problem, that came to my attention from some of my members. They were choosing "Lost Password" on the Login page, and were repeatedly redirected back there, even after selecting "get new password". They never received an email with a new password.
I've had members use this function before, and never had any complaints.
Any ideas?

Statistics: Posted by DJEcon — May 12th, 2011, 4:50 pm

security bug?

2011-05-11T09:49:04-05:00

Is this a known security bug with S2Member?

Open registration is set to "No (do NOT allow Open Registration)". However if I request a password reset from the wp-login.php page and then click on the link in the email sent by WordPress the link sends me to a page where the "Register" link shows on the page. From here I can register a new account:

http://~/wp-login.php?action=rp&key=JG1 ... zh3&login=

I don't want open registration, all users will be manually input by the sysadmin. Is there a way to fix the issue described above?

Statistics: Posted by rcherry — May 11th, 2011, 9:49 am