Re authentication of User Account times out with error

[eSilverStrike]

When a token expiry happens you are required to re authenticate your account. When you successfully re enter your login details the return url times out in USER_resendRequest

I have done some updates to this function but resetting the Post variables is still not working right and will result in the following error when the Post method is used.

E_USER_NOTICE(1024) - Resending POST request failed: Curl error: Operation timed out after 30005 milliseconds with 0 bytes received @ \public_html\users.php line 592

For Testing: To initiate a Re authentication for the Post Method, I "Report Abuse" for a comment. On the submit screen I change the value for _glsectoken in the html and then hit the submit button.

Should also check GET method as well works...

[eSilverStrike]

I have since updated the code for both Post and Get, it should work but does not.

I am getting a similar error for Get requests when HTTP_Request2 "send" happens:

E_USER_NOTICE(1024) - Resending GET request failed: Curl error: Operation timed out after 30005 milliseconds with 0 bytes received @ \public_html\users.php line 591

For Testing: To initiate a Re authentication for the Get Method, I am logged in as Admin and go to an article with comments. I then modify the _glsectoken url variable in one of the delete comment urls and then click on the delete.

[eSilverStrike]

The funny thing is that the HTTP_Request2 send for both Get and Post Method does actual seem to partially work as both the email gets sent for the abuse report of the comment (post method) and the comment gets deleted for the Get method. It just for some reason times out and returns the error.

[eSilverStrike]

@mystralkk Can you give this issue a try? I have updated the code so both the Get and Post method should work. The proper url is set and the post or get data is updated. For some reason line 572

$response = $request->send();

will always time out and throw the error on line 585. The page actually gets run (as the comment gets deleted) but for some reason the time out happens.

Even when I hard code the $returnurl to something simple it times out.

Can you take a look at this and see what I am missing?

[eSilverStrike]

@mystralkk Okay I did another small update that improves the error handling and does a check for ssl.

I have updated Geeklog.net with the latest code and confirms this error happens on it as well so it is not how my development server is setup.

Switching the adapter from curl to socks also produces a similar error. (not sure why we use curl, I assume there must be a reason?)

One other thing I notice is that this seems to be an issue when trying to access a local url. If I hard code a url to an external url in USER_resendRequest then the actual HTTP_Request2 send code works.

BTW once we figure this out we should then update the Geeklog Docs and the Environment Check since currently we do not require the Curl extension for Geeklog which is being used here (unless that changes).

Doing a quick search on the rest of the Geeklog code for curl it looks like it may be used in 2factorauth. I notice recaptcha has a work around if curl is not found. The rest of Geeklog that uses HTTP_Request2 looks like uses the default adapter setting which is socks.

[mystralkk]

I tried changing 'follow_redirects' option and 'strict_redirects' option but could not avoid time out. Like you, I suspect local URLs cause this error (DNS lookup) and tried changing site URL to ::1 or 127.0.0.1 but PEAR HTTP Request2 class rejects IP address.

[eSilverStrike]

@mystralkk ugh I spent forever on this issue. I ended up copying the code to a separate file so I could make changes easier and execute it easier.

It looks like it is a cookie issue. More specifically our session cookie is changing for some reason.

I have a feeling it may be because the IP for the session changed and maybe a new session id gets generated??? I enabled the session logging and the session is still user 2 when it is recreated so that might be it.

[eSilverStrike]

@mystralkk Okay I figured out that session_start() was stalling when HTTP_Request2 sent its request.

So I had to close the first session and write all session variables to unlock the session file before using HTTP_Request2. The process also uses Socks instead of Curl now. I am not sure why we switched to curl but the other way seems to work with the few examples I tried.

I have updated Geeklog.net with the latest code.

Do you want to give it a test and close the issue if things look good?

Also does any other code libraries use curl? A quick search of the code showed that the 2factorauth code might for the QR stuff?

reCaptcha and the RichFileManger also can use it but it looks not to be required and has fallback code.

Just wondering if we need to update the Check Environment page to say it is required if 2factorauth is used....

[mystralkk]

Thanks @eSilverStrike , your fix works fine! I removed TwoFactorAuth class dependency on cURL extension by creating QRCodeProvider class based on the default QRServerProvider class and HTTP_Request2 class with change set 839ad85.

[eSilverStrike]

Thanks for looking into it and updating the TwoFactorAuth class