Aussieveedubbers - Powered by GaiaBB

Administrivia: Password resets and password improvements

vanderaj - June 21st, 2009 at 08:34 PM

Hi there,

I've been working on our getting password resets to work better.

Password Resets - What changed

I have made a small number of changes to make our mail setup to be very precise about which IP addresses it sends mail from, got a reverse DNS pointer for that IP address, and updated our MX and SPF records to point at the correct IP address. These things now allow us to send mail to Hotmail (verified) and Optus (unverified, but the mail was delivered).

Testers Needed

I need a few volunteers on a couple of different ISPs.

The problematic ISPs in the past have been

BigPond
Optus
TPG
Hotmail

I can test Hotmail as I have a Hotmail account. I need help with the other ISPs.

If you use one of these ISPs and want to help you, please PM me with your Skype, MSN, Google Talk, or AIM (iChat) username so we can talk in real time whilst we test the password reset mechanism.

What will happen?

I will add you to my chatting software so we can chat in real time. Once we're talking, I will get you to do a password reset or to change your e-mail address. If you don't receive an e-mail in the next five minutes, I will know if things are working or not.

No matter what, I will make sure you have access to your account before we finish talking - either by me resetting your password for you or you using the password reset feature to do it yourself.

Internet Explorer Login Woes - Changes Coming

In the next few weeks, I will be making small changes to help IE 7/8 users with logging onto the forum. I think I know what's happening here, but again need volunteers to make sure I have it working properly - and so I don't break the forum for Firefox / Safari / Chrome / Opera users.

I don't think you'll need to log on again for these changes, but if you're paranoid, you might see a Set-Cookie2: cookie (rarely used in real life), which has a version record. Version one records will continue to work, but if your browser supports Set-Cookie2, you will be a great deal safer from session hijacking attempts.

Username Rules

Lastly, for those of you still to register, I will be utterly relaxing the rules on user names within two months as we'll be moving to UID based prepared statements for all member record access. This not only will speed up the forum, it will make it less "hackable" and improve the choice of usernames. At that time, I will let a small number of users know that they may need to choose a new username as their username is the same as another user's due to capitalization reasons. To be fair and even with all of the affected users, the person with the lower user ID will win this battle - as they had the username first.

thanks,
Andrew

eraser - June 22nd, 2009 at 07:13 AM

changes I can help with the IE7 / 8 issue testing. I use chrome but i do have 7 and 8 and ff. Is this the issue where you login it tells you don't have permission to do that?

-M

vanderaj - June 22nd, 2009 at 09:38 AM

The IE issue is where you log on (correctly) and then you are returned to the main index... but are not logged in.

The other issue is one where the anti-CSRF token is not accepted for some reason. I think it's because it changes too frequently. I will work on reducing that.

thanks,
Andrew

vanderaj - June 22nd, 2009 at 08:47 PM

I'm still after folks to test the password reset scheme on OptusNet (who I know has a problem with getting mail from us), and TPG.

thanks,
Andrew

h - September 22nd, 2009 at 08:50 AM

hey andrew
did you get any peeps to help you out?
id be happy to help but am on useless iinet and not sure if thats what your chasing?
hopefully the log in issue will be resolved soon enuff
if i can help let us know
c'mon guys if you can help out leave a msg
taa pauly

kieran9961 - June 17th, 2010 at 12:30 PM

ye i can do optus if you tell me how

cesiumfrog - June 17th, 2010 at 02:56 PM

i'm tpg if it helps...but mac/safari not IE

cesiumfrog - June 17th, 2010 at 02:58 PM

hmmm..just looked at the date?! :crazy:

shtinkingroovin - April 25th, 2011 at 05:17 PM

aaarrrrhhh

Paulc1964au - April 25th, 2011 at 05:20 PM

Why is it I get 3 emails when someone replies to my post?