Thanks, Dave. I've recorded the issue in Remember Me's GitHub repository and should have some additional data-gathering real-soon-now.
Printable View
Thanks, Dave. I've recorded the issue in Remember Me's GitHub repository and should have some additional data-gathering real-soon-now.
I've made some updates to the plugin's observer-class script to gather additional information when the gzuncompress issue occurs and also updated the processing when the cookie can't be decoded.
If anyone would like to "vet" the changes, simply replace the contents of the file /includes/classes/observers/class.remember_me_observer.php with the updated file content here.
I'll get that packaged up for release next week unless anyone reports additional issues.
Updated observer class and unblock the bot... will let you know what shows up. ThanksQuote:
Originally Posted by lat9
Quote:
Originally Posted by lat9
ok, uploaded amended file, will let you know on 1st error.
This is the reoccurring error I get which looks something like a cURL error...
Error log:
Matched IP on the server log:Code:[24-Dec-2017 23:49:13 America/Los_Angeles] Request URI: /cbgshop/index.php?main_page=contact_us, IP address: 62.210.111.11
#1 trigger_error() called at [/***/public_html/cbgshop/includes/classes/observers/class.remember_me_observer.php:213]
#2 remember_me_observer->decodeCookie() called at [/***/public_html/cbgshop/includes/classes/observers/class.remember_me_observer.php:43]
#3 remember_me_observer->__construct() called at [/***/public_html/cbgshop/includes/autoload_func.php:79]
#4 require(/***/public_html/cbgshop/includes/autoload_func.php) called at [/***/public_html/cbgshop/includes/application_top.php:170]
#5 require(/***/public_html/cbgshop/includes/application_top.php) called at [/***/public_html/cbgshop/index.php:26]
[24-Dec-2017 23:49:13 America/Los_Angeles] PHP Warning: gzuncompress error in decodeCookie, value = deleted, _SERVER[HTTP_USER_AGENT] = Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36, _COOKIE = array (
'zenid' => '*b6757cd96ed12416a34bc9e2',
'zcrm_dd28493d507e0c26b870d2305ebccfb9' => 'deleted',
) in /***/public_html/cbgshop/includes/classes/observers/class.remember_me_observer.php on line 213
User Tracking from site logs:Code:62.210.111.11 - - [24/Dec/2017:23:49:11 -0800] "GET /cbgshop/index.php?main_page=contact_us HTTP/1.1" 302 - "http://www.cowboygeek.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36"
62.210.111.11 - - [24/Dec/2017:23:49:12 -0800] "\x16\x03\x01\x018\x01" 404 - "-" "-"
The Cookie name is on my PC and store user account I have for testing. The cookie is still active. ZenID and user folder modified.Code:Click Count: 1
Country: France
IP Address: 62.210.111.11
Host: sender2p3.offresduweb.fr
Originating URL: http://www.cowboygeek.com Contact Us /cbgshop/index.php?main_page=contact_us
The bad bot has not come back yet..
Thanks, @davewest. I'll need to investigate why that cookie's value is coming back as "deleted"; that's the source of (at least) your issue.
It looks like I need to filter a cookie-value of deleted; see this stackoverflow post for details.Quote:
Originally Posted by lat9
I've got the remember-me processing file (see this link for the current update) to check for a cookie-value of deleted prior to additional decoding. I also thought that this would be a "good time" to ensure that the plugin's processing is disabled (i.e. no remembering) for customers currently pseudo-logged-in for a guest checkout (e.g. COWOA, COWAA).Quote:
Originally Posted by lat9
Uploaded the new file, will see if it fires off...Quote:
Originally Posted by lat9
I didn't add the COWOA bit.. I tested it fully with COWAA and found COWAA had good protection already in place. None account side still has a account, but theres not any way to log in to it due to a flag in the database, where the account side whether you log in or not it should not matter if Remember Me has a cookie active for they have an account. The register side behaves the same as a full account so remember me should still work there. With COWAA I have Remember Me on login, register, and no_account pages.. The password on no_account is the key, no password, no cookie is set or account is created..
I did not test with COWOA!
the logs was created when I wasn't accessing the site.
I could recreate the error by changing gzuncompress to gzdecode and didn't change things above.. I may try this again but with more code edits. Checking the manual, it has some issues with getting a none compressed string.
Theres some more hacks I want to try tomorrow, but I'm getting things ready to go out to a Xmas version of burning man this week so may have to wait until after the new year.
Hey guys, I'm so happy seeing work in progress here. lat9 and dave, I'd like to test latest changes. Can I put latest class.remember_me_observer.php ( Version: 1.4.5 ) on my live wensite? I wish all a Happy New Year also.