search

codeling / bfstop

Brute Force Stop Plugin (for Joomla!)
https://bfstop.bfroehler.info
GNU General Public License v3.0
36 stars 20 forks source link

BfStop don't handle phpmailer exception #193

Closed pgizest closed 1 year ago

pgizest commented 1 year ago

Hello,

I'm currently migrating to joomla4. For that, i have a VM (locally) in which I know i'm not able to send mail (with phpmailer or sendmail). When i log in frontend, when i'm in joomla 3.10, in case of bad user/password, i've got a message indicating that mail doesn't work (see first attached file) However, when doing the same in joomla 4, i've got an exception in php mailer. And when i disable the bfstop plugin, i don't have the problem.

I tried to use a more recent template (cassiopae), but it's the same

Login_J310 Login_J42

codeling commented 1 year ago

Thanks for the report. it shouldn't be that bfstop exposes such information (as to whether mail sending works or not); I will try to reproduce the problem and get back to you in the next days!

Maybe it helps as a workaround to just disable any mail notification from within bfstop's plugin settings?

pgizest commented 1 year ago

Yes i can disable the notification, but it's important to know which of my user failed to login (this is old person that i know, not very familiar with computer)

pgizest commented 1 year ago

Hello, I have added the screenshot now Regards

Le lun. 27 févr. 2023, à 08 h 21, Bernhard Froehler < @.***> a écrit :

Thanks for the report; I will try to reproduce the problem and get back to you in the next days. Just for completeness, I don't see the screenshots / attached files you mention.

— Reply to this email directly, view it on GitHub https://github.com/codeling/bfstop/issues/193#issuecomment-1445828597, or unsubscribe https://github.com/notifications/unsubscribe-auth/A6EXLLXNG7WCAIBQOPC4MKLWZRIYZANCNFSM6AAAAAAVJAY3OE . You are receiving this because you authored the thread.Message ID: @.***>

codeling commented 1 year ago

but it's important to know which of my user failed to login

You would still have the failed login attempts listed in the backend; and I meant you can disable it only for the test system; this would in any case only be a temporary workaround, and generally such an error shouldn't happen (/be shown in the public-facing UI).

codeling commented 1 year ago

First looked into J3 code and there it seemed more or less impossible, since messages were automatically enqueued on sending errors.

But this has been changed and improved in J4. A fix is now in the main branches of plugin and component. Joomla 3 will still report those messages directly from Joomla's phpmailer wrapper though (and no details on the error will be available to bfstop itself).