- This topic has 8 replies, 2 voices, and was last updated 8 years, 8 months ago by
.
Viewing 9 posts - 1 through 9 (of 9 total)
-
Posts
-
this is the process for a regular user 1 enter to site ct.w3dzign.com 2 login in 3 open "Semanas" link at the top menu 4 select the course 5 enter the course and for last click in the button of "continuar curso" (continue curse) and then appears the welcome page of the course and the beggin the course button in the bottom of this page then open the page where they see in the rigth the units and quizez in order like day1 day1EvaluationDay2 Day2Evaluation But dont load the first unit Content the loader keep freeze and they cant click to the other units or exam what cand we do wrong? and how to fix it? thanks for all your help (View image atatched) By the way we put the site into a ethical hacking and we are advanced more of the rules we need to fix are in the server and in the wordpress core we have 1 lower issue about csrf forms and we dont know how to technicaly response to this guys that there is no major problem, and one or two insecure cookies for bbpress bp-activity-oldestpage is the name of the cookie wel now thanks again for all your helpPlease share your admin credentials and site url to check this issue at your end . PS : mark reply as private while sharing the credentials .I just renew my support licence :D sorry for the delay and investigatin i disiable de visual composer for units and remove visial composer code inside the unit and it fix im gonna be more test to see if the problem was solved for the other 2 menor issues can you help us whit somethig of this? forms whit nonces to protect from csrf attacks? we dont know how to technicaly response to this guys that there is no major problem, and one or two insecure cookies for bbpress bp-activity-oldestpage is the name of the cookie wel now thanks again for all your helpHello the problem was fixed by disseable the visual composer in the units but now the users want to retake the exams and when they want to verify the first result of the exam the screen turns black with opacity and freeze and they dont get the result of the exam and finally they can repeat the exan in case the user have a poor evaluationYour visual composer plugin is outdated please upload the lates version of the visual composer . Please refer this tip to update the visual composer : https://wplms.io/support/knowledge-base/how-to-update-visual-composer/ Also i was not able to replicate the quiz issue : http://screencast-o-matic.com/watch/cDen1N1XY2 CAn you please more information in this : csrf attacksin the screen cast i use the same quiz and have no proble but can you try another one? in another course I worried about the issue of the exam and we found how to the users can remake the exam if they go to profile stats and the tab of results they can view the past exams and they can make another try for the exam but when i click there and want to retry my exam open the old exam of 1 question per page so maybe if we can correct the view results in the same page of the course i saw errors about security issues y dont know is because previously was a non https site Mixed Content: The page at 'https://ct.w3dzign.com/course-status/' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://ct.w3dzign.com/my-account-2/testuserw3/course/course-results/?action=3348'. This request has been blocked; the content must be served over HTTPS.send @ jquery.js:5 i atatched a image of the error
The other issue is The login form isn't using HTTPS.
What can happen?
An attacker can, if intercepting the traffic, read login credentials in plain text.
<formname="login-form" id="vbp-login-form" class="standard-form" action="http://ct.w3dzign.com/AccessoConsultores/" method="post"> For the CSRF attack vulnerability as i said the people who hire this platform make a Scan or ethical hacking in the vilnerabilities are difrent issues we can correct many in the htacces file and in the server some others with plugins but they want to put every sign in form a NONCES for security if you have a clue where tu put this thing, because we have the idea we have located the login form php and the plugeable file but we dont know how to make this possible. there are other thinks like /wp-content/plugins/vibe-course-module/includes/js/course-module-js.min.js HTTP/1.1 content sniffing :( jajajaja sorry for all the trouble and my bad english i think is learning for all us and i hope you can help us and for the visual composer let me reinstall the new one and thanks for the WPLMS it worth pay for this every pennyAbout quiz : Please note that initially there were just single quizzes in wplms .We added the in course quiz feature in later versions of the wplms . Right now the retakes from the stats -> quiz results page takes user to the single quiz page whether the in course quiz is enabled or not . Also it is challanging to redirect user to the course status page again with the in course quiz ,we would try redirecting user to the course status page with in course quiz in the later updates . About retakes form issue with the https : Please note that we are not using any hardcoded link in wplms theme and in any of its plugins . We are using " bp_core_get_user_domain " which is buddyoress core function in that post url . About login widget page : Again please note that we are not using any hardcoded link in wplms theme and in any of its plugins . Again we are using home_url function which is wordpress core function in the login widget . Please make sure that you have added the https in the home url and sote url settings from wp-admin -> settings -> general . refer : http://www.wpbeginner.com/wp-tutorials/how-to-add-ssl-and-https-in-wordpress/Hello i fix almost everthig most of thesse was a error of us just 1 cookie are not set to secure and httponly is bp-activity-oldestpage the cookie and i found another oportunity area in the settings of the user you can change the password but if you have a policy plugin about strong password this tab of user settings isnt apropiate for the plugins of password policy thanks for all your help sometimes just we need a clue not you fix everything
Viewing 9 posts - 1 through 9 (of 9 total)
- The topic ‘ajax loader freeze when enter to the first unit’ is closed to new replies.