Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error - Unauthorized action or expired link after login #97

Open
gehwissenlos opened this issue Oct 26, 2021 · 13 comments
Open

Error - Unauthorized action or expired link after login #97

gehwissenlos opened this issue Oct 26, 2021 · 13 comments

Comments

@gehwissenlos
Copy link

I updated to version 1.8.2 and now a get a message "Error - Unauthorized action or expired link" every time I log in. After I hit "login" it prints this error. In the log of my webserver I see a line "Error | 403 | POST /admin/ HTTP/1.0". When I enter domain.tld/admin I'm in the backend. So login is successful but the post method throws an error. I activated debug mode but there wasn't any hint what could be the problem.
The problem is linked to the sleeky backend plugin. When I deactivate this plugin all works correctly. I updated it to version 2.5.0 but still the same error message appears.
This happens on two installations of Yourls. I use PHP 8.0.11 and MySQL 8.0.26, tested with Chrome and Edge on Windows 10 and 11.
@tjlabais
Copy link

same error with my update on 1.8.2

@tjlabais
Copy link

tjlabais commented Oct 28, 2021
edited

Okay here is my solution for the moment. Remove the following code from plugins.php

// Hide admin links for non-authenticated users if (yourls_is_valid_user() != 1) { echo <<<HEAD <style>ul#admin_menu li:not(.frontend_link) {display: none}</style> HEAD; }

I don't know if this will affect security-wise. Need author's comments.

@JoaoBernardoo
Copy link

I am also having this issue, I find that this is happening with all our plugins that were not made by Ozh.

@TheRayJohnson
Copy link

Happening here as well. Only seems to happen when using Sleeky Backend plugin.
If I disable this and login with YOURLS default skin it's fine. YOURS v1.9 | Sleeky v2.4.1

@punkajk
Copy link

punkajk commented Jul 21, 2022

The issue is still there. I think the developer has ended the support for Sleeky.

@TheRayJohnson
Copy link

The issue is still there. I think the developer has ended the support for Sleeky.

Seems they only updating the Frontend (13 months ago; 27th June 21) the backend has seen nothing since 16 Feb 2020..

@TowyTowy
Copy link

Happening for me too :(

@pejotigrek
Copy link

same thing popped up on my installation:
yourls v1.9.1
sleeky v2.4.1

@gnustavo
Copy link

Same thing here:
yourls v1.9.1
sleeky v2.4.1

@gamebits
Copy link

This was happening to me with YOURLS v1.9.1, but no Sleeky. In my case, the problem was the Don't Track Admins v1.2 plugin. Updating to v1.3 resolved the issue.

@thompsonpaul
Copy link

Okay here is my solution for the moment. Remove the following code from plugins.php

// Hide admin links for non-authenticated users if (yourls_is_valid_user() != 1) { echo <<<HEAD <style>ul#admin_menu li:not(.frontend_link) {display: none}</style> HEAD; }

I don't know if this will affect security-wise. Need author's comments.

To maintain the user validation, you can adjust this code instead of removing it altogether, per #127 (comment)

@UTCGilligan UTCGilligan mentioned this issue Nov 10, 2023
Closed
@suryatanjung
Copy link

I also still having this issue.
YOURLS v1.9.2
Sleeky v2.5.0

@tkgrphy
Copy link

tkgrphy commented Feb 8, 2024

Same issue here on 1.9.3. Keeps showing up even after deactivating all plugins, clearing cache...any idea?
Happened first after moving hosting provider...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests