Welcome to the Question2Answer Q&A. There's also a demo if you just want to try it out.
+3 votes
1.2k views
in Q2A Core by

Hi all
Please help me !
"Please click again to confirm" showing this message when try to login, register
How to fix ?
I am using Stablehost.
What I checked:
- Setup again with Feb 3, 2016: Q2A 1.7.3 released! ( New data and source)
But when I logout the first time with admin user and login again, it shows message "Please click again to confirm". After that I can't login anything.
The "clearing the cache" solution did not work for me.

Q2A version: 1.7.3

Q2A version: 1.7.3
by
Seems like there is a problem somewhere with the CSRF protection.
What is the website URL?
by
Please check for me: http://hoidaptienganh.com/

Tks
by
Can you check your error log for any messages that start with:

"PHP Question2Answer form security violation for..."

And let me know what the message says. Thanks.
by
Log show :

[22-Feb-2016 06:36:14 America/New_York] PHP Question2Answer form security violation for notice-visitor by anonymous (code mismatch) on / via http://hoidaptienganh.com/
[22-Feb-2016 06:36:24 America/New_York] PHP Question2Answer form security violation for vote by anonymous (code mismatch) on / via http://hoidaptienganh.com/
[22-Feb-2016 06:39:15 America/New_York] PHP Question2Answer form security violation for vote by anonymous (code mismatch) on / via http://hoidaptienganh.com/
[22-Feb-2016 06:40:57 America/New_York] PHP Question2Answer form security violation for notice-visitor by anonymous (code mismatch) on / via http://hoidaptienganh.com/
[22-Feb-2016 06:41:01 America/New_York] PHP Question2Answer form security violation for vote by anonymous (code mismatch) on / via http://hoidaptienganh.com/
[22-Feb-2016 06:41:22 America/New_York] PHP Question2Answer form security violation for vote by anonymous (code mismatch) on / via http://hoidaptienganh.com/
[22-Feb-2016 22:14:22 America/New_York] PHP Question2Answer form security violation for notice-visitor by anonymous (code mismatch) on / via http://hoidaptienganh.com/
[23-Feb-2016 02:34:57 America/New_York] PHP Question2Answer form security violation for login by anonymous (code mismatch) on /login?to=chat via http://hoidaptienganh.com/login?to=chat

1 Answer

+1 vote
by

I took a look at the site, and it looks like the qa_key cookie is being regenerated on every page view. That happens in the qa_set_form_security_key function of qa-include/app/users.php.

Not sure why it should be happening, somehow the $_COOKIE['qa_key'] is getting lost somewhere. Could you try a separate PHP script where you just do...

<?php
echo $_COOKIE['qa_key'];

...and see what you get?

by
And check if there is any plugin that is influencing the security key.
...