Register / Retrieve Lost Info Issues

[Colours]

I noticed someone has already posted on your Facebook account in October, but I don't think it grabbed your guys' attention. I also posted today, afterwards I was able to think hard on my sign-in info and found it, so here I am reporting this issue.

The CAPCHA images are broken for both registering, and for retrieving lost passwords. Is there anyway one of your technical admins (if you guys have any) or administrators can look into this?

Thank you.

 

[Fangu]

Ah, the CAPCHA's might have broken when the forum was upgraded. Images were shuffled around.

Yop, now that vB has been upgraded to 3.8, is there any chance we might be able to fix the SMTP problems we've been having for way too long? It really is a major flaw that users can't retrieve their passwords. (Edit: Or wait. Didn't I find out this is an issue that needs to be resolved with your host?)

Thanks for this post. This is something that really needs focus but never gets it because already established members know how to fix their passwords issues (contacting an Admin). We just got a new email address ([email protected] iirc) which REALLY needs to go on the "Contact" page. As is right now, the only way to contact us is through the Chat, and the web browser version of the Chat is often broken.

 

[Lex]

I've added the email and a link to the IRC on the contact page.

 

[Telcontar]

Wait. RETRIEVE passwords?

This is a bigger problem imo.

 

[Fangu]

Nono, not retrieve; reset. My bad. MySQL encrypts.

 

[Telcontar]

Phew!

 

[Cthulhu]

We already were on 3.8; since our previous version, nothing has changed there. However, I googled and wondered if vB 4 or 5 has anything, and uh... as it turns out, we can actually just use an external SMTP server instead of the internal mailer which I failed to set up. Why did I not know this? Why didn't anyone tell me?

I'll go fill in that data, so the forum will use gmail's smtp server to send emails. Password recovery and shit should work again by then.

As for the registration issues / captcha stuff, I'll have to take a look at that. That might be another reason to upgrade to vB 4/5, better captcha / human verification and shit.

Edit: The captchas may be b0rken due to a missing image library after the update; let me check.

 

[Cthulhu]

edit: alright, I replaced the captcha for the password recovery with reCAPTCHa; I think I'll do that for registration as well, I gathered that some of the images were broken in the past too and some of the kids these days haven't played FFVII, . The previous version of the captcha was broken due to our current installation of php not having the right libraries compiled in.

I'm gonna fiddle with email next; it should've sent me a mail already, but nothing yet. PHP will need SSL compiled in though, I'll have to check if that's the case, if not I'll have to add that.

 

[Cthulhu]

Faux edit, alright, it should work but it doesn't. I got an error on the front page, and I think our account was suspended or marked as suspect - I think because it was sending a lot of registration emails to spambots that tried to register on the front page, but whose e-mail addresses did not exist or something. I should tweak the settings there a bit, or disable email confirmation (because TBH that's kinda silly nowadays). Email might be a bit broken for a while.

Edit: Actually IDK how to deal with this; we're probably sending too much short same-ish looking registration emails from Wordpress due to all the spambots. Actually I'm seeing about ten 'delivery failure' notifications a day, IDK if that's all of the emails though, I would expect more.

Edit: error is still there, "SMTP Error: data not accepted.". Might be our account got blocked, either permanently or temporarily :/. I'm gonna wait it out for a bit, maybe it gets lifted again. But we'll seriously have to do something about it - hack Wordpress so it doesn't send passwords via e-mail for example (which is the stupidiest thing ever, IDK if they fixed it for WP 4.0 which we should probably also update to)

As an alternative, I could use Amazon Simple Email Service (https://aws.amazon.com/ses/), which should be a bit less about spam prevention and give us more control than Gmail's stuff. Actually I have an AWS account, let me just give it a go.

 

[Fangu]

Does that mean our new gmail address is temporarily suspended?

 

[Cthulhu]

No, it doesn't look like it, but it is probably flagged as an account that sends spam e-mail.

Also! I just set up Amazon SMS, and I'm getting emails from both the forums and front page now, w00t \o/. Now I just have to fill in some forms to get it out of sandbox mode, probably do some verification about our domain and suchlike. I had to change the 'webmaster' e-mail address in vB first, since SMS blacklists everything by default (spam, you know). I'll go fiddle with that some more.

Edit: done, but it is a support e-mail though, so it might take a business day to process.

edit: Also, installed php5-gd, which makes the registration images work again. I've also just tried the password recovery which uses reCAPTCHA, and that (at least for my whitelisted e-mail address) works as well. Sweet.

Asdfhijkl, why did I not know or manage to find out vB supports SMTP two+ years ago, -___-. Anyway, I just looked up pricing and shit, Amazon SES will cost us $0.10 per 1000 emails, plus data (which should be very low), so it definitely won't break the bank or anything. Unless we get a billion spambots a day, then we'll have to take some measures. But, I get a dashboard for viewing how many emails get sent and such, so it's monitorable.

 

[Lex]

Thanks for taking care of this Yop <3

 

[Fangu]

Third party solutions ftw.

I'm glad you figured out a monitorable solution for this, awesome.

 

[Cthulhu]

Should be more reliable than Google's, anyway. I'm just bummed that I never found out that vB has SMTP settings, :/. Would've saved a fuckton of issues.

 

[Colours]

Thanks for those who looked into this. I saw someone mentioned somewhere that announcing this on your guys' Facebook with a fix, and I agree it's a really good idea to promote things like these to social media.

Thankfully everything works again and I'm glad I was able to think of my info and report the issue!

 

[Cthulhu]

We got approval and such from Amazon, so it should work peachy now - can people just randomly have themselves sent a password recovery email plz? There will be a link in that email, if you don't click it your password won't reset. You may have to log out or open an anonymous browser window to get access to the password reset business.

(18 emails have been sent out so far, )

I've also added some information to our DNS records to verify emails from our domain, although we don't actually send emails from our domain. Should look into that; maybe Google for Business works for that, then we can have official @thelifestream.net email addresses. We'll need some way to manage those though.