search

Solutions-Nitriques / anti_brute_force

Secure your Symphony CMS login page against brute force attacks
http://symphonyextensions.com/extensions/anti_brute_force/
Other
10 stars 12 forks source link

Unbanning via email is broken #21

Closed michael-e closed 10 years ago

michael-e commented 10 years ago

Using Symphony 2.5.0beta2, unbanning via email seems broken.

There was a problem locating your account. Please check that you are using the correct email address.

And yes, I double-checked that I used my account's email address. :-)

michael-e commented 10 years ago

Ah, I think I found it. You are attempting to send from no-reply@getsymphony.com. This will not work with most SMTP accounts, because most providers won't allow to "fake" the sender address. It would be much better to use the standard sender from the Symphony prefs!

michael-e commented 10 years ago

Of course, the error message is wrong as well. The problem is that the email can not be sent.

nitriques commented 10 years ago

:D Thanks for finding that out. I'll try to solve this ASAP.

I encounter another similar bug where nothing would get display because no email providers were setup. I even had a discussion with some people around adding input field in the installer for this, because it is often forgotten about, but the decision was made that since it's not mandatory, it should not sit in the installer.

I think I should simply add a page alert when no email provider is found...

michael-e commented 10 years ago

I think that the problem is something else. My installation can send email using SMTP or Sendmail, both configurations are valid. At the moment I am digging through your code to see what the problem might be.

michael-e commented 10 years ago

In content.login.php, line 148 ff:

// if no default values are set
if (!is_array($emailSettings) || !isset($emailSettings['from_address'])) {
    $email->setFrom($author['email'], Symphony::Configuration()->get('sitename','general'));
} else { // make it work even if no settings are setted.
    $email->setFrom('no-reply@getsymphony.com', 'Symphony CMS');
}

You forgot one case, the "everything is OK" case! :-))

nitriques commented 10 years ago

Sorry, but I do not see the problem with this excerpt.

michael-e commented 10 years ago

You say: If there are no settings, use the author email and the sitename, else use no-reply@getsymphony.com. So you never use the settings if they are correct!

nitriques commented 10 years ago

Damn! Just spotted it. I feel so stupid now.

michael-e commented 10 years ago

It takes some time to see the obvious. And it may be simpler if one is a bad programmer (like me).

nitriques commented 10 years ago

Hahaha we are all bad programmers, it's the most difficult thing a human can do.

nitriques commented 10 years ago

@michael-e How does cadb168 looks ?

michael-e commented 10 years ago

Confirmed!