Page 3 of 6

Re: [DEV]phpBB two factor authentication

Posted: Wed Mar 14, 2018 11:59 am
by tojag
First attempts.

Test environment
phpBB3.2.2 - clean installlation. No others extensions.
XAMPP 7.0.18.
Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/7.0.18
PHP 7
memory_limit=128M
max_execution_time=3000
post_max_size=8M
MySQL
libmysql - mysqlnd 5.0.12
10.1.22-MariaDB

OTP method with Google Authenticator
Require 2FA for admins & moderators.

After turning on 2FA and setting method and confirm by first code, first attempt of login as admin:
Fatal error: Allowed memory size of 134217728 bytes axhausted (tried to allocate 4096 bytes) in Unknown on line 0.

Next attempt every time:
General error SQL ERROR [ mysqli ]
You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''1' at line 4 [1064]


Edit:
I turned off https, next attempt... my test site shows only this:
Fatal error: Uncaught phpbb\exception\http_exception: TFA_SOMETHING_WENT_WRONG in C:\xampp7018\htdocs\phpBB3\ext\paul999\tfa\helper\session_helper.php:253 Stack trace: #0 C:\xampp7018\htdocs\phpBB3\ext\paul999\tfa\event\listener.php(172): paul999\tfa\helper\session_helper->generate_page('2', 0, NULL, true, 'index.php') #1 [internal function]: paul999\tfa\event\listener->auth_login_session_create_before(Object(phpbb\event\data), 'core.auth_login...', Object(phpbb\event\dispatcher)) #2 C:\xampp7018\htdocs\phpBB3\vendor\symfony\event-dispatcher\EventDispatcher.php(184): call_user_func(Array, Object(phpbb\event\data), 'core.auth_login...', Object(phpbb\event\dispatcher)) #3 C:\xampp7018\htdocs\phpBB3\vendor\symfony\event-dispatcher\EventDispatcher.php(46): Symfony\Component\EventDispatcher\EventDispatcher->doDispatch(Array, 'core.auth_login...', Object(phpbb\event\data)) #4 C:\xampp7018\htdocs\phpBB3\phpbb\event\dispatcher.php(62): Symfony\Component\EventDispatcher\EventDispatcher->dispatch('core.auth_login...', Object(phpbb\ in C:\xampp7018\htdocs\phpBB3\ext\paul999\tfa\helper\session_helper.php on line 253

Now I can't login at all.
I think I have to do a new installation of phpBB....

Edit:
The latter 'Fatal error' is just an effect of not closing the browser. After restarting the browser, again the same 'General SQL Error'.

Re: [DEV]phpBB two factor authentication

Posted: Wed Mar 14, 2018 2:01 pm
by tojag
I try to off the extension by setting ext_active=0 in phpbb_ext but it still active. Login page is expected OTP code, even if I restart browser and xampp.
So, I have to reinstall test environment seriously.

Edit:
After manually clear cache folder I can off it.

Re: [DEV]phpBB two factor authentication

Posted: Wed Mar 14, 2018 2:32 pm
by tojag
New attempt. New clean installation of test environment phpBB 3.2.2.
Previous test "required 2FA for ACP", now "don't require 2FA".
After enable it in UCP, with OTP and confirm by first code, the same "General SQL error" like previos when I try to login :(

Re: [DEV]phpBB two factor authentication

Posted: Thu Mar 29, 2018 7:41 am
by nou nou
Hi there,


trying this on a test board (phpBB3.2.2), activated the extension successfully (0.0.2), then in the setting switched it to "do not require 2fa" and then got this error message:

Code: Select all

Fatal error: Uncaught phpbrowscap\Exception: error locking lockfile /home/user/mywebsite.com/forum/cache/cache.lock in /home/user/mywebsite.com/forum/ext/paul999/tfa/vendor/browscap/browscap-php/src/phpbrowscap/Browscap.php:555 Stack trace: #0 /home/user/mywebsite.com/forum/ext/paul999/tfa/vendor/browscap/browscap-php/src/phpbrowscap/Browscap.php(301): phpbrowscap\Browscap->updateCache() #1 /home/user/mywebsite.com/forum/ext/paul999/tfa/modules/u2f.php(114): phpbrowscap\Browscap->getBrowser('Mozilla/5.0 (Wi...') #2 /home/user/mywebsite.com/forum/ext/paul999/tfa/modules/u2f.php(95): paul999\tfa\modules\u2f->is_potentially_usable('2') #3 /home/user/mywebsite.com/forum/ext/paul999/tfa/helper/session_helper.php(209): paul999\tfa\modules\u2f->is_usable('2') #4 /home/user/mywebsite.com/forum/ext/paul999/tfa/helper/session_helper.php(174): paul999\tfa\helper\session_helper->isTfaRegistered('2') #5 /home/user/mywebsite.com/forum/ext/paul999/tfa/event/ in /home/user/mywebsite.com/forum/ext/paul999/tfa/vendor/browscap/browscap-php/src/phpbrowscap/Browscap.php on line 555

Re: [DEV]phpBB two factor authentication

Posted: Thu Mar 29, 2018 7:43 am
by Paul
I have fixed last week a bunch of issues, including the ones reported by tojag, and also this lock error. There is still one issue I need to fix, and after that I will make a new release to test out.
This release will require 3.2.0, and won't work on 3.1.

Re: [3.2][DEV] phpBB two factor authentication

Posted: Thu Mar 29, 2018 7:57 am
by nou nou
Sounds great thanks! Will simply replacing the extension files with that new version fix the issue or do I have to do some database magic to remove v0.0.2 first? :)

Re: [3.2][DEV] phpBB two factor authentication

Posted: Mon Jun 11, 2018 10:01 am
by tojag
Hi Paul
Any new version of Your extension?
Regards

Re: [3.2][DEV] phpBB two factor authentication

Posted: Mon Jun 11, 2018 11:02 am
by Paul
No, not yet. Have been quiet busy at work and stuff, so no time. Once there is a new version it will be posted here.

Re: [3.2][DEV] phpBB two factor authentication

Posted: Thu Mar 21, 2019 9:42 am
by tojag
Paul, any chance for a new release?

Re: [3.2][DEV] phpBB two factor authentication

Posted: Fri Apr 05, 2019 4:28 pm
by ivellios1988
Bump. Any chances for a new release? The module doesn't work properly in phpBB 3.2.5, after providing the code it shows some session-related errors.

By the way, I made an almost-complete Polish translation for this module, in case someone needs one.

Re: [3.2][DEV] phpBB two factor authentication

Posted: Fri Apr 05, 2019 5:29 pm
by Paul
What about posting those errors? Instead of telling there are errors ;)

Re: [3.2][DEV] phpBB two factor authentication

Posted: Sat Apr 06, 2019 11:49 am
by ivellios1988
Sorry, I was away from home. Here's the error message:

Code: Select all

SQL ERROR [ mysql4 ]

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''1' at line 4 [1064]

SQL

UPDATE phpbb_sessions SET tfa_random = '', tfa_uid = 0 WHERE session_id = '93bf3cf2f519e59f25ddf9f87210f231' AND session_user_id = '1

BACKTRACE

FILE: (not given by php)
LINE: (not given by php)
CALL: msg_handler()

FILE: [ROOT]/phpbb/db/driver/driver.php
LINE: 997
CALL: trigger_error()

FILE: [ROOT]/phpbb/db/driver/mysql.php
LINE: 191
CALL: phpbb\db\driver\driver->sql_error()

FILE: [ROOT]/phpbb/db/driver/factory.php
LINE: 329
CALL: phpbb\db\driver\mysql->sql_query()

FILE: [ROOT]/ext/paul999/tfa/controller/main_controller.php
LINE: 136
CALL: phpbb\db\driver\factory->sql_query()

FILE: (not given by php)
LINE: (not given by php)
CALL: paul999\tfa\controller\main_controller->submit()

FILE: [ROOT]/vendor/symfony/http-kernel/HttpKernel.php
LINE: 135
CALL: call_user_func_array()

FILE: [ROOT]/vendor/symfony/http-kernel/HttpKernel.php
LINE: 57
CALL: Symfony\Component\HttpKernel\HttpKernel->handleRaw()

FILE: [ROOT]/app.php
LINE: 35
CALL: Symfony\Component\HttpKernel\HttpKernel->handle()
EDIT: It looks like @tojag had similar issue?

Re: [3.2][DEV] phpBB two factor authentication

Posted: Sat Apr 06, 2019 11:58 am
by ivellios1988
PROBLEM SOLVED! Well, at least I think so ;)

File: ext/paul999/tfa/controller/main_controller.php

Line: 135

Find:

Code: Select all

session_user_id = '" . (int) $this->user->data['user_id'];
Replace with:

Code: Select all

session_user_id = " . (int) $this->user->data['user_id'];

Re: [3.2][DEV] phpBB two factor authentication

Posted: Sat Apr 06, 2019 1:55 pm
by ivellios1988
And this is my Polish translation for 2fa: http://archiwum-paranormalium.ovh/phpbb ... ion/pl.zip

Re: [3.2][DEV] phpBB two factor authentication

Posted: Sat Apr 06, 2019 2:25 pm
by Paul
That error was already fixed in the develop branch (Which is also the branch which should be used really) as far I know.

If you want to contribute a translation, please create a PR on github. Also make sure to use the develop as base for it.