|
|
Can you share a screenshot of your email log? I'd like to see what all these emails are so I can figure out what's going on. Thank you! |
|
|
Screen shots of email trail Just Visited = equals I just went to the home page no login After Login = I entered my login info After Code = I entered the validation code and have now access. After Code.png (23,807 bytes) After Login.png (22,201 bytes) Just visited.png (7,755 bytes) |
|
|
What is strange is that I can just go to the home page and its triggering the validation routine automagically. I don't even try logging in it just starts firing off emails. |
|
|
Also when you login and it gives notice that the IP must be verified it should forward to the screen to add the code or the email should apply the code to the URL when clicked would be more efficient I feel. |
|
|
Seems like a bug. I'll look into it. What might be happening is Composr is creating a session, then triggering the error about IP validation, but not invalidating the session (or just not creating one to begin with). Thus you're still logged in and anything triggering a session check also triggers another IP verification. |
|
|
Master Rat, do you know if you had a login cookie in use / you used the remember me functionality? |
|
|
For time's sake since I am going out of town shortly, I went ahead and implemented what I think might be a fix: https://gitlab.com/composr-foundation/composr/-/commit/9232721aef9a7ff3db25e55ae084294e12a32174 * Added cookie eating so Composr doesn't try logging in again with cookies * Added a 1-hour grace period before sending another e-mail |
|
|
Automated response: IP validation email sent multiple times The IP needs validated e-mail gets sent multiple times. This patch eats login cookies when IP needs validated and adds a 1-hour grace period, hopefully to reduce the number of e-mails. You can apply the patch via the upgrader.php like you would a regular upgrade. |
|
|
This issue still exists even after the patch. |
|
|
Ugh, okay. I need more information then since I cannot reproduce the issue (I have this feature enabled on one of my v11 sites as well but I'm not getting repeat e-mails). There are a lot of questions that follow below. Please let me know if you need clarification or help on any of them. And please do NOT share your IP address in a comment despite my questions about IP addresses; I tried to ask them in such a way that you can answer them without exposing your IP address publicly. You can also comment privately if you still feel like you don't want your answers to be public. * What operating system are you using? * What version PHP? * What webserver + version? * How are you logging in? Did you check "remember me" when logging in? Do the opposite and tell me if the issue persists. * Does your IP address (when searching "what is my IP" in a search engine) match what is listed on your account profile? * Check the database sessions table. Does there appear to be a new or updated session ID on every page load / each time you get the e-mail? If so, is the IP address changing? Does the IP match what the "what is my IP" search engine told you? Are there any asterisks (if so, treat them as wildcards)? |
|
|
These I can answer right now: PHP = Latest Version Logging In = I tried both ways doesn't make a difference. IP Address = Yes it changes but only when I shut down the computer does it change. Matches Yes at log in my IP is a match and remains. I am out of town doing music sessions till Friday so the rest I will fill in then. |
|
|
Assigning to Chris. I cannot figure this one out; hopefully he can. |
- Anonymous
