Discuss: phpBB 3.0.9 released

[Windoteck Forum]

3.0.9 The release of me left me with charm and intrigue of the release of Ascareus (:

I hope that changes be surprised at all, I want a good version and have the 3.x versions are based on the best he has done phpBB.

PS: I would like to change my nickname from my phpBB forum users here, I would call Hardank

[callumacrae]

PS: I would like to change my nickname from my phpBB forum users here, I would call Hardank

You're in the wrong place, but I'll answer here because the answer is short. You can only have your username changed of you have good reason, and it you believe you have god reason then you should PM a member of the moderator (I think) team requesting the change and saying why you want it.

I would warn you though, it's unlikely they'll change your nick - I've been through this before and they wouldn't.

[Windoteck Forum]

Thanks, but I have a good reason which is safety, do not keep passwords on any side, or user, my passwords on different sites are varied, and I never forget but in most places I have the name Hardank

When I check in phpBB forums, was just knowing the software world forums, and when I found my stage name "Hardank" combination of my name and nothing else.

I change my name to Hardank because it is very hard to remember Windoteck Forum, a half hour drive and when I write on paper and put it in a specific location is lost, scored on the PC and can not find it and put it in place that no files

[Jessica]

Thanks, but I have a good reason which is safety, do not keep passwords on any side, or user, my passwords on different sites are varied, and I never forget but in most places I have the name Hardank

When I check in phpBB forums, was just knowing the software world forums, and when I found my stage name "Hardank" combination of my name and nothing else.

I change my name to Hardank because it is very hard to remember Windoteck Forum, a half hour drive and when I write on paper and put it in a specific location is lost, scored on the PC and can not find it and put it in place that no files

if that's the case PM a moderator and see if they will change your username

[P_I]

Updated one of our sites last night and it went very smoothly. Thanks to all involved.

Hope this is the right place to ask, but I have one follow-up on a new feature per the changelog: http://www.phpbb.com/support/documents. ... ion=3#v308.

One New Feature of interest to boards that I admin is "[PHPBB3-9992] - Limit amount of failed login attempts per IP", which adds items to ACP->Security Settings. At this point they don't appear to have been documented in the phpBB 3.0 Olympus Documentation and the database table mentioned in http://tracker.phpbb.com/browse/PHPBB3-9992 doesn't exist, although another table xxx_login_attempts has been added and seems to implement the feature. Where can an admin find information on how to use this new feature and it settings?

[tbackoff]

At this point they don't appear to have been documented in the phpBB 3.0 Olympus Documentation

The documentation is indeed missing a few things. This is known.

and the database table mentioned in http://tracker.phpbb.com/browse/PHPBB3-9992 doesn't exist, although another table xxx_login_attempts has been added and seems to implement the feature

The table mentioned in the link you provided was a suggestion. The development team decided to use xxx_login_attempts instead.

Where can an admin find information on how to use this new feature and it settings?

Under ACP > GENERAL tab > Security settings:

Maximum number of login attempts per IP address:
The threshold of login attempts allowed from a single IP address before an anti-spambot task is triggered. Enter 0 to prevent the anti-spambot task from being triggered by IP addresses.

[P_I]

Where can an admin find information on how to use this new feature and it settings?

Under ACP > GENERAL tab > Security settings:

Maximum number of login attempts per IP address:
The threshold of login attempts allowed from a single IP address before an anti-spambot task is triggered. Enter 0 to prevent the anti-spambot task from being triggered by IP addresses.

There is a second setting on ACP > GENERAL tab > Security settings that seems to be involved also:

"IP address login attempt expiration time:
Login attempts expire after this period." Default is 21600 seconds.

Thanks for the reply. We had noticed the new setting and explanation. We've had spambot problems in the past and took action as described in http://www.phpbb.com/community/viewtopi ... #p12965888. We're trying to understand the "Security settings" default values and determine appropriate settings for our boards and whether we should to use our MOD.

Based on some experimentation, it appears that upon a failed login attempt, an entry is put into xxx_login_attempts. From my read of the ACP settings information, one should expect if the Maximum number of login attempts per IP address: value is exceeded then attempts on IP address will see a CAPTCHA. Is that correct?

Should one also expect that after IP address login attempt expiration time: entries are removed from the xxx_login_attempts table?

Another scenario to consider, what happens if a user login fails with a bad password and then the user correctly logs in? Does this remove the failure from the xxx_login_attempts table and thus lower the count of login attempts?