[3.2][BETA] phpBB two factor authentication

A place for Extension Authors to post and receive feedback on Extensions still in development. No Extensions within this forum should be used within a live environment!
Get Involved
Forum rules
READ: phpBB.com Board-Wide Rules and Regulations

IMPORTANT: Extensions Development rules

IMPORTANT FOR NEEDED EVENTS!!!
If you need an event for your extension please read this for the steps to follow to request the event(s)
User avatar
tojag
Registered User
Posts: 408
Joined: Thu Aug 07, 2014 8:00 am
Location: Warsaw, Poland, EU
Name: Gregory

Re: [DEV]phpBB two factor authentication

Post by tojag »

First attempts.

Test environment
phpBB3.2.2 - clean installlation. No others extensions.
XAMPP 7.0.18.
Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/7.0.18
PHP 7
memory_limit=128M
max_execution_time=3000
post_max_size=8M
MySQL
libmysql - mysqlnd 5.0.12
10.1.22-MariaDB

OTP method with Google Authenticator
Require 2FA for admins & moderators.

After turning on 2FA and setting method and confirm by first code, first attempt of login as admin:
Fatal error: Allowed memory size of 134217728 bytes axhausted (tried to allocate 4096 bytes) in Unknown on line 0.

Next attempt every time:
General error SQL ERROR [ mysqli ]
You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''1' at line 4 [1064]


Edit:
I turned off https, next attempt... my test site shows only this:
Fatal error: Uncaught phpbb\exception\http_exception: TFA_SOMETHING_WENT_WRONG in C:\xampp7018\htdocs\phpBB3\ext\paul999\tfa\helper\session_helper.php:253 Stack trace: #0 C:\xampp7018\htdocs\phpBB3\ext\paul999\tfa\event\listener.php(172): paul999\tfa\helper\session_helper->generate_page('2', 0, NULL, true, 'index.php') #1 [internal function]: paul999\tfa\event\listener->auth_login_session_create_before(Object(phpbb\event\data), 'core.auth_login...', Object(phpbb\event\dispatcher)) #2 C:\xampp7018\htdocs\phpBB3\vendor\symfony\event-dispatcher\EventDispatcher.php(184): call_user_func(Array, Object(phpbb\event\data), 'core.auth_login...', Object(phpbb\event\dispatcher)) #3 C:\xampp7018\htdocs\phpBB3\vendor\symfony\event-dispatcher\EventDispatcher.php(46): Symfony\Component\EventDispatcher\EventDispatcher->doDispatch(Array, 'core.auth_login...', Object(phpbb\event\data)) #4 C:\xampp7018\htdocs\phpBB3\phpbb\event\dispatcher.php(62): Symfony\Component\EventDispatcher\EventDispatcher->dispatch('core.auth_login...', Object(phpbb\ in C:\xampp7018\htdocs\phpBB3\ext\paul999\tfa\helper\session_helper.php on line 253

Now I can't login at all.
I think I have to do a new installation of phpBB....

Edit:
The latter 'Fatal error' is just an effect of not closing the browser. After restarting the browser, again the same 'General SQL Error'.
User avatar
tojag
Registered User
Posts: 408
Joined: Thu Aug 07, 2014 8:00 am
Location: Warsaw, Poland, EU
Name: Gregory

Re: [DEV]phpBB two factor authentication

Post by tojag »

I try to off the extension by setting ext_active=0 in phpbb_ext but it still active. Login page is expected OTP code, even if I restart browser and xampp.
So, I have to reinstall test environment seriously.

Edit:
After manually clear cache folder I can off it.
Last edited by tojag on Thu Mar 15, 2018 12:32 pm, edited 1 time in total.
User avatar
tojag
Registered User
Posts: 408
Joined: Thu Aug 07, 2014 8:00 am
Location: Warsaw, Poland, EU
Name: Gregory

Re: [DEV]phpBB two factor authentication

Post by tojag »

New attempt. New clean installation of test environment phpBB 3.2.2.
Previous test "required 2FA for ACP", now "don't require 2FA".
After enable it in UCP, with OTP and confirm by first code, the same "General SQL error" like previos when I try to login :(
nou nou
Registered User
Posts: 403
Joined: Sat Oct 29, 2016 8:08 pm

Re: [DEV]phpBB two factor authentication

Post by nou nou »

Hi there,


trying this on a test board (phpBB3.2.2), activated the extension successfully (0.0.2), then in the setting switched it to "do not require 2fa" and then got this error message:

Code: Select all

Fatal error: Uncaught phpbrowscap\Exception: error locking lockfile /home/user/mywebsite.com/forum/cache/cache.lock in /home/user/mywebsite.com/forum/ext/paul999/tfa/vendor/browscap/browscap-php/src/phpbrowscap/Browscap.php:555 Stack trace: #0 /home/user/mywebsite.com/forum/ext/paul999/tfa/vendor/browscap/browscap-php/src/phpbrowscap/Browscap.php(301): phpbrowscap\Browscap->updateCache() #1 /home/user/mywebsite.com/forum/ext/paul999/tfa/modules/u2f.php(114): phpbrowscap\Browscap->getBrowser('Mozilla/5.0 (Wi...') #2 /home/user/mywebsite.com/forum/ext/paul999/tfa/modules/u2f.php(95): paul999\tfa\modules\u2f->is_potentially_usable('2') #3 /home/user/mywebsite.com/forum/ext/paul999/tfa/helper/session_helper.php(209): paul999\tfa\modules\u2f->is_usable('2') #4 /home/user/mywebsite.com/forum/ext/paul999/tfa/helper/session_helper.php(174): paul999\tfa\helper\session_helper->isTfaRegistered('2') #5 /home/user/mywebsite.com/forum/ext/paul999/tfa/event/ in /home/user/mywebsite.com/forum/ext/paul999/tfa/vendor/browscap/browscap-php/src/phpbrowscap/Browscap.php on line 555
Paul
Infrastructure Team Leader
Infrastructure Team Leader
Posts: 26285
Joined: Sat Dec 04, 2004 3:44 pm
Location: The netherlands.
Name: Paul Sohier
Contact:

Re: [DEV]phpBB two factor authentication

Post by Paul »

I have fixed last week a bunch of issues, including the ones reported by tojag, and also this lock error. There is still one issue I need to fix, and after that I will make a new release to test out.
This release will require 3.2.0, and won't work on 3.1.
Knock knock
Race condition
Who's there?

My BlogMy Photosmy phpBB Extensionscustom phpBB work & Development
nou nou
Registered User
Posts: 403
Joined: Sat Oct 29, 2016 8:08 pm

Re: [3.2][DEV] phpBB two factor authentication

Post by nou nou »

Sounds great thanks! Will simply replacing the extension files with that new version fix the issue or do I have to do some database magic to remove v0.0.2 first? :)
User avatar
tojag
Registered User
Posts: 408
Joined: Thu Aug 07, 2014 8:00 am
Location: Warsaw, Poland, EU
Name: Gregory

Re: [3.2][DEV] phpBB two factor authentication

Post by tojag »

Hi Paul
Any new version of Your extension?
Regards
Paul
Infrastructure Team Leader
Infrastructure Team Leader
Posts: 26285
Joined: Sat Dec 04, 2004 3:44 pm
Location: The netherlands.
Name: Paul Sohier
Contact:

Re: [3.2][DEV] phpBB two factor authentication

Post by Paul »

No, not yet. Have been quiet busy at work and stuff, so no time. Once there is a new version it will be posted here.
Knock knock
Race condition
Who's there?

My BlogMy Photosmy phpBB Extensionscustom phpBB work & Development
User avatar
tojag
Registered User
Posts: 408
Joined: Thu Aug 07, 2014 8:00 am
Location: Warsaw, Poland, EU
Name: Gregory

Re: [3.2][DEV] phpBB two factor authentication

Post by tojag »

Paul, any chance for a new release?
ivellios1988
Registered User
Posts: 14
Joined: Sat Jun 05, 2010 11:42 am

Re: [3.2][DEV] phpBB two factor authentication

Post by ivellios1988 »

Bump. Any chances for a new release? The module doesn't work properly in phpBB 3.2.5, after providing the code it shows some session-related errors.

By the way, I made an almost-complete Polish translation for this module, in case someone needs one.
Paul
Infrastructure Team Leader
Infrastructure Team Leader
Posts: 26285
Joined: Sat Dec 04, 2004 3:44 pm
Location: The netherlands.
Name: Paul Sohier
Contact:

Re: [3.2][DEV] phpBB two factor authentication

Post by Paul »

What about posting those errors? Instead of telling there are errors ;)
Knock knock
Race condition
Who's there?

My BlogMy Photosmy phpBB Extensionscustom phpBB work & Development
ivellios1988
Registered User
Posts: 14
Joined: Sat Jun 05, 2010 11:42 am

Re: [3.2][DEV] phpBB two factor authentication

Post by ivellios1988 »

Sorry, I was away from home. Here's the error message:

Code: Select all

SQL ERROR [ mysql4 ]

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''1' at line 4 [1064]

SQL

UPDATE phpbb_sessions SET tfa_random = '', tfa_uid = 0 WHERE session_id = '93bf3cf2f519e59f25ddf9f87210f231' AND session_user_id = '1

BACKTRACE

FILE: (not given by php)
LINE: (not given by php)
CALL: msg_handler()

FILE: [ROOT]/phpbb/db/driver/driver.php
LINE: 997
CALL: trigger_error()

FILE: [ROOT]/phpbb/db/driver/mysql.php
LINE: 191
CALL: phpbb\db\driver\driver->sql_error()

FILE: [ROOT]/phpbb/db/driver/factory.php
LINE: 329
CALL: phpbb\db\driver\mysql->sql_query()

FILE: [ROOT]/ext/paul999/tfa/controller/main_controller.php
LINE: 136
CALL: phpbb\db\driver\factory->sql_query()

FILE: (not given by php)
LINE: (not given by php)
CALL: paul999\tfa\controller\main_controller->submit()

FILE: [ROOT]/vendor/symfony/http-kernel/HttpKernel.php
LINE: 135
CALL: call_user_func_array()

FILE: [ROOT]/vendor/symfony/http-kernel/HttpKernel.php
LINE: 57
CALL: Symfony\Component\HttpKernel\HttpKernel->handleRaw()

FILE: [ROOT]/app.php
LINE: 35
CALL: Symfony\Component\HttpKernel\HttpKernel->handle()
EDIT: It looks like @tojag had similar issue?
Last edited by ivellios1988 on Sat Apr 06, 2019 1:58 pm, edited 1 time in total.
ivellios1988
Registered User
Posts: 14
Joined: Sat Jun 05, 2010 11:42 am

Re: [3.2][DEV] phpBB two factor authentication

Post by ivellios1988 »

PROBLEM SOLVED! Well, at least I think so ;)

File: ext/paul999/tfa/controller/main_controller.php

Line: 135

Find:

Code: Select all

session_user_id = '" . (int) $this->user->data['user_id'];
Replace with:

Code: Select all

session_user_id = " . (int) $this->user->data['user_id'];
ivellios1988
Registered User
Posts: 14
Joined: Sat Jun 05, 2010 11:42 am

Re: [3.2][DEV] phpBB two factor authentication

Post by ivellios1988 »

And this is my Polish translation for 2fa: http://archiwum-paranormalium.ovh/phpbb ... ion/pl.zip
Paul
Infrastructure Team Leader
Infrastructure Team Leader
Posts: 26285
Joined: Sat Dec 04, 2004 3:44 pm
Location: The netherlands.
Name: Paul Sohier
Contact:

Re: [3.2][DEV] phpBB two factor authentication

Post by Paul »

That error was already fixed in the develop branch (Which is also the branch which should be used really) as far I know.

If you want to contribute a translation, please create a PR on github. Also make sure to use the develop as base for it.
Knock knock
Race condition
Who's there?

My BlogMy Photosmy phpBB Extensionscustom phpBB work & Development
Post Reply

Return to “Extensions in Development”