A paying user on my website is unable to access our service, getting the error "Authentication problem, please contact website administator" when they try to login. I have tried logging in as them myself and get the same error. However, if I click "login as user" in the admin panel it works fine. This probably needs some support from an aMember developer because I can't find any concrete clues yet and don't want to leave a paying user hanging whilst I figure it out. I have looked at the error logs and there is no record, I have looked at access logs and it shows the user as logging in... We have tried resetting the password and rebuilding the core and third-party databases, none of this has changed the outcome.
Update: The user can login now that I have selected "Disable auto-locking for this customer". There was no indication that the user was locked, because the "No" option was selected for locked. So I tried disabling it as a last hope, and to my surprise it worked. In future, where should I see notification that the user is locked? There were no error logs, and "No" was selected for locked, so I don't see how this is communicated through the admin panel.
We're testing the Account Sharing Preventation on our website, and are encountering a similar problem. Having intentionally used the same username from 3 IP addresses, we're now unable to login unless "Disable auto-locking..." is checked. Also, we wonder if aMember should have locked the account in the first place, as we had only specified "Email admin regarding account sharing" not "Disable customer account". And we haven't yet received the alert email - how long should that usually take after the breach?
The entire "protection" issue needs to be addressed by aMember. Drupal for example has an elegant system built in where it checks the session as well. We actually have business clients that may be logging in from the same ip. aMember has no capability built in for this. I'd love to see this as a feature in a new version. Check session instead of ip! One IP can be legitimate users like, like users behind a firewall, proxy, dedicated ip for a LAN, etc. However if we check session to see if someone is actually logged in, then it is much more effective.
I just had this same exact problem with aMember4: "Authentication problem, please contact website administator" with all my members getting this and I likewise had to "Disable auto-locking for this customer" for all members even thou the "No" option was selected for locked. After clicking "Disable auto-locking for this customer" all can login.
I just had this same exact problem with aMember4 too: "Authentication problem, please contact website administrator". This is the first time I've seen this problem. It only affected one customer (so far). After I selected "Disable auto-locking for this customer" he could again login.
I recommend to check his access log and make sure he is not sharing his login/password. If everything is ok, may be you have too restrictive settings for account sharing protection.
Hi Alexander, It just happened again. Thanks for the tip. I've changed the settings so that I get notified rather than having the system automatically disable the customer's account.
How do you find out whether a customer is sharing an account or not? This happened to one of my customers and they were locked out, and the access log shows 9 different IPs. But I don't want to accuse her...what is a "normal amount" IP addresses? Also, how do you change the setting to just get notified rather than having the system disable the account. And now, to make her account work, I had to disable auto-locking. If I don't, then she can't get in again. But ideally, I'd like to let her in, the reset it so it will lock her out again if she's sharing the account. How do I do that? Clear the log or something?