[DBTech] DragonByte Security

[DBTech] DragonByte Security [Paid] 4.7.0

No permission to buy ($14.95)
Overview Updates (45) Reviews (3) History Discussion
I do not normally do inactive promotions, but you would choose to use 'User has not visited for at least X days:', and I believe if they login they will return to the normal regular member group.
 
DragonByte Tech updated [DBTech] DragonByte Security with a new update entry:

4.6.8

Update highlights

This version fixes an issue where certain custom entries in the config.php file would produce a server error if the "Config Tamper" security watcher was enabled.


Complete Change Log

Fix: Fix Config Tamper watcher producing a server error when running on XenForo Cloud / with certain config.php additions
Click to expand...

Read the rest of this update entry...
 
Last stupid question for now (emphasizing "for now" :ROFLMAO:), I'm not finding where in the DragonByte Security options in the XF CP where exactly I set the requirements for password strength -- number of digits, special characters, all that. I know it's there, but I'm just not finding it. Can anyone point me there?

Thanks!
 
TimWilson said:
Last stupid question for now (emphasizing "for now" :ROFLMAO:), I'm not finding where in the DragonByte Security options in the XF CP where exactly I set the requirements for password strength -- number of digits, special characters, all that. I know it's there, but I'm just not finding it. Can anyone point me there?

Thanks!
Click to expand...
It's in the usergroup permission pages. (set per user group)

1704850642603.webp
 
Not seeing it in the overview info, so can I just check if the HIBP "Pwned Passwords" API is currently used by this addon? If so, does it happen on every login or just registration and/or password changes?
Thanks (y)
 
Bad behaviour was great. It's too bad Michael has not been able to update it.
Fortunately CloudFlare works well for challenging and blocking bad bots. I think that where possible, it's better to block bad traffic at WAF before it hits the server and impacts the site.
 
@DragonByte Tech Getting lot of Server error log about MySQL query error [1406]: Data too long for column 'dbtech_security_user_agent' at row 1

Code: 
XF\Db\Exception: MySQL query error [1406]: Data too long for column 'dbtech_security_user_agent' at row 1 src/XF/Db/AbstractStatement.php:230

Generated by: rana Chowdhury Feb 22, 2024 at 9:09 AM

Stack trace

INSERT  INTO `xf_user_remember` (`user_id`, `remember_key`, `expiry_date`, `dbtech_security_user_agent`, `remember_id`, `start_date`) VALUES (?, ?, ?, ?, ?, ?)
------------

#0 src/XF/Db/Mysqli/Statement.php(198): XF\Db\AbstractStatement->getException('MySQL query err...', 1406, '22001')
#1 src/XF/Db/Mysqli/Statement.php(78): XF\Db\Mysqli\Statement->getException('MySQL query err...', 1406, '22001')
#2 src/XF/Db/AbstractAdapter.php(96): XF\Db\Mysqli\Statement->execute()
#3 src/XF/Db/AbstractAdapter.php(219): XF\Db\AbstractAdapter->query('INSERT  INTO `x...', Array)
#4 src/XF/Mvc/Entity/Entity.php(1526): XF\Db\AbstractAdapter->insert('xf_user_remembe...', Array, false)
#5 src/XF/Mvc/Entity/Entity.php(1258): XF\Mvc\Entity\Entity->_saveToSource()
#6 src/XF/Repository/UserRemember.php(17): XF\Mvc\Entity\Entity->save()
#7 src/XF/ControllerPlugin/Login.php(282): XF\Repository\UserRemember->createRememberRecord(47396)
#8 src/XF/Pub/Controller/Register.php(487): XF\ControllerPlugin\Login->createVisitorRememberKey()
#9 src/XF/Pub/Controller/Register.php(437): XF\Pub\Controller\Register->finalizeRegistration(Object(OzzModz\EmailWhitelist\XF\Entity\User))
#10 src/addons/AddonFlare/PaidRegistrations/XF/Pub/Controller/Register.php(263): XF\Pub\Controller\Register->actionRegister()
#11 src/XF/Mvc/Dispatcher.php(352): AddonFlare\PaidRegistrations\XF\Pub\Controller\Register->actionRegister(Object(XF\Mvc\ParameterBag))
#12 src/XF/Mvc/Dispatcher.php(258): XF\Mvc\Dispatcher->dispatchClass('XF:Register', 'Register', Object(XF\Mvc\RouteMatch), Object(AddonFlare\PaidRegistrations\XF\Pub\Controller\Register), NULL)
#13 src/XF/Mvc/Dispatcher.php(115): XF\Mvc\Dispatcher->dispatchFromMatch(Object(XF\Mvc\RouteMatch), Object(AddonFlare\PaidRegistrations\XF\Pub\Controller\Register), NULL)
#14 src/XF/Mvc/Dispatcher.php(57): XF\Mvc\Dispatcher->dispatchLoop(Object(XF\Mvc\RouteMatch))
#15 src/XF/App.php(2487): XF\Mvc\Dispatcher->run()
#16 src/XF.php(524): XF\App->run()
#17 index.php(20): XF::runApp('XF\\Pub\\App')
#18 {main}

Request state

array(4) {
  ["url"] => string(18) "/register/register"
  ["referrer"] => string(46) "/register/?accountType=1"
  ["_GET"] => array(0) {
  }
  ["_POST"] => array(19) {
    ["_xfToken"] => string(8) "********"
    ["username"] => string(0) ""
    ["6acbc27b2b9b96f508a27c2783ccf149fec90acc"] => string(14) "rana Chowdhury"
    ["63bdb696a70153a965d2c3fd1d33e912b73a8389"] => string(0) ""
    ["dd037897442ffdebdb2847697deee15d39ca5fc5"] => string(18) "@gmail.com"
    ["61b27a1f0f368416dfaca81cfa2ab6a89ea6bab1"] => string(8) "********"
    ["dob_month"] => string(1) "4"
    ["dob_day"] => string(2) "20"
    ["dob_year"] => string(4) "1998"
    ["location"] => string(9) "Portugal "
    ["custom_fields"] => array(2) {
      ["gender"] => string(4) "male"
      ["siropu_referrer"] => string(9) "Rana11122"
    }
    ["cf-turnstile-response"] => string(538) "0.4RzX7aXOxyyYxR5vCuX-etJ5PKai1JLdwRMEXQy2mfqA1vEM0Ep5aSXmgL_ZgPgHFY1LCale5RjtG_cDfk1ByyVOB_RpMpjp4MGbiYAwzmAbu0Rv9KrZtJ0TX0tsuKgdrHu4FNJnfSJB4521S3ucn3FZ5PqQT1Bf9TocTVhZ4y17VnLL9Zv_aPfoFJSevh2xOJsnMKcvtNNx9qabIAqjgpY04COkvNboVHRk8CWeku5Im1BWtTmu44EtkY-2ymgkI-CCtf76lZbrw8rZBi8c-vBeaHcahaA0uOYQwoP5TG5STI9hpY7vBiSNW_I3rrz3fiV_LJRXY5qVolyMmN1zxkSxjHpPNCnYMEdHVh2JjQVxqmWN30Zw5qWl-Pcprsy43sPzaougwLHdWaSnmkQlAsRJPSW31G7rCHO3exzmbOIX2fCixDcUlh1KZWAUsLTS.Hg9hSWv5mnggrzWWGE9ppg.16fc6f2b82aab26f3ac5f2dc9e4055d261e27369813eb674fcb1894861fba9f4"
    ["email_choice"] => string(1) "1"
    ["accept"] => string(1) "1"
    ["reg_key"] => string(16) "G99QRUPNq61NSGHh"
    ["2eaa121e225ceac3620f8ec00d05ac5423ff6656"] => string(13) "Europe/London"
    ["_xfRequestUri"] => string(24) "/register/?accountType=1"
    ["_xfWithData"] => string(1) "1"
    ["_xfResponseType"] => string(4) "json"
  }
}
 
Hi there,

with enabled logging for all error levels, a deprecation notice is thrown in DragonByte Security (4.6.8):

Code: 
An exception occurred: [ErrorException] [E_DEPRECATED] Use of "parent" in callables is deprecated in src/addons/DBTech/Security/XF/Pub/View/Login/Form.php on line 23#0 [internal function]: XF::handlePhpError(8192, '[E_DEPRECATED] ...', 'src/...', 23)
#1 src/addons/DBTech/Security/XF/Pub/View/Login/Form.php(23): is_callable('parent::renderJ...')
#2 src/XF/Mvc/Renderer/AbstractRenderer.php(91): DBTech\Security\XF\Pub\View\Login\Form->renderJson()
#3 src/XF/Mvc/Renderer/Json.php(65): XF\Mvc\Renderer\AbstractRenderer->renderViewObject('XF:Login\\Form', 'public:login', Array)
#4 src/XF/Mvc/Dispatcher.php(460): XF\Mvc\Renderer\Json->renderView('XF:Login\\Form', 'public:login', Array)
#5 src/XF/Mvc/Dispatcher.php(442): XF\Mvc\Dispatcher->renderView(Object(XF\Mvc\Renderer\Json), Object(XF\Mvc\Reply\View))
#6 src/XF/Mvc/Dispatcher.php(402): XF\Mvc\Dispatcher->renderReply(Object(XF\Mvc\Renderer\Json), Object(XF\Mvc\Reply\View))
#7 src/XF/Mvc/Dispatcher.php(60): XF\Mvc\Dispatcher->render(Object(XF\Mvc\Reply\View), 'json')
#8 src/XF/App.php(2487): XF\Mvc\Dispatcher->run()
#9 src/XF.php(524): XF\App->run()
#10 index.php(20): XF::runApp('XF\\Pub\\App')
#11 {main}

Use of "parent" in callables was deprecated in PHP 8.2 (here is the RFC).

Fix:
PHP: 
// old:
if (is_callable('parent::renderHtml')) {
    // ...
}

// new:
if (is_callable(parent::class . '::renderHtml')) {
    // ...
}
 
Hi,

me again.

After logging in, the second step for 2FA ist presented, also with a deprecation notice:

Code: 
Template public:login_two_step: [E_DEPRECATED] Return type of Ramsey\Uuid\Uuid::jsonSerialize() should either be compatible with JsonSerializable::jsonSerialize(): mixed, or the #[\ReturnTypeWillChange] attribute should be used to temporarily suppress the notice (src/addons/DBTech/Security/vendor/ramsey/uuid/src/Uuid.php:215)

Template public:login_two_step: [E_DEPRECATED] Ramsey\Uuid\Uuid implements the Serializable interface, which is deprecated. Implement __serialize() and __unserialize() instead (or in addition, if support for old PHP versions is necessary) (src/addons/DBTech/Security/vendor/ramsey/uuid/src/Uuid.php:42)

Upgrading ramsey/uuid from 3.9.3 to 3.9.7 will fix this (Changelog)
 
rik said:
Hi there,

with enabled logging for all error levels, a deprecation notice is thrown in DragonByte Security (4.6.8):

Code: 
An exception occurred: [ErrorException] [E_DEPRECATED] Use of "parent" in callables is deprecated in src/addons/DBTech/Security/XF/Pub/View/Login/Form.php on line 23#0 [internal function]: XF::handlePhpError(8192, '[E_DEPRECATED] ...', 'src/...', 23)
#1 src/addons/DBTech/Security/XF/Pub/View/Login/Form.php(23): is_callable('parent::renderJ...')
#2 src/XF/Mvc/Renderer/AbstractRenderer.php(91): DBTech\Security\XF\Pub\View\Login\Form->renderJson()
#3 src/XF/Mvc/Renderer/Json.php(65): XF\Mvc\Renderer\AbstractRenderer->renderViewObject('XF:Login\\Form', 'public:login', Array)
#4 src/XF/Mvc/Dispatcher.php(460): XF\Mvc\Renderer\Json->renderView('XF:Login\\Form', 'public:login', Array)
#5 src/XF/Mvc/Dispatcher.php(442): XF\Mvc\Dispatcher->renderView(Object(XF\Mvc\Renderer\Json), Object(XF\Mvc\Reply\View))
#6 src/XF/Mvc/Dispatcher.php(402): XF\Mvc\Dispatcher->renderReply(Object(XF\Mvc\Renderer\Json), Object(XF\Mvc\Reply\View))
#7 src/XF/Mvc/Dispatcher.php(60): XF\Mvc\Dispatcher->render(Object(XF\Mvc\Reply\View), 'json')
#8 src/XF/App.php(2487): XF\Mvc\Dispatcher->run()
#9 src/XF.php(524): XF\App->run()
#10 index.php(20): XF::runApp('XF\\Pub\\App')
#11 {main}

Use of "parent" in callables was deprecated in PHP 8.2 (here is the RFC).

Fix:
PHP: 
// old:
if (is_callable('parent::renderHtml')) {
    // ...
}

// new:
if (is_callable(parent::class . '::renderHtml')) {
    // ...
}
Click to expand...

rik said:
Hi,

me again.

After logging in, the second step for 2FA ist presented, also with a deprecation notice:

Code: 
Template public:login_two_step: [E_DEPRECATED] Return type of Ramsey\Uuid\Uuid::jsonSerialize() should either be compatible with JsonSerializable::jsonSerialize(): mixed, or the #[\ReturnTypeWillChange] attribute should be used to temporarily suppress the notice (src/addons/DBTech/Security/vendor/ramsey/uuid/src/Uuid.php:215)

Template public:login_two_step: [E_DEPRECATED] Ramsey\Uuid\Uuid implements the Serializable interface, which is deprecated. Implement __serialize() and __unserialize() instead (or in addition, if support for old PHP versions is necessary) (src/addons/DBTech/Security/vendor/ramsey/uuid/src/Uuid.php:42)

Upgrading ramsey/uuid from 3.9.3 to 3.9.7 will fix this (Changelog)
Click to expand...
I'll release a new version soon™ with both of these fixes, I've updated all composer packages to the latest version(s) available for the target PHP version (7.2).

I'm gonna dogfood the build @ DBTech a little so I can check to (try to) ensure no regressions sneak in.

Thank you for the detailed report and the links to the relevant articles, I can comfortably say this has been the most enjoyable bug report I've received in my entire career :D
 
DragonByte Tech updated [DBTech] DragonByte Security with a new update entry:

4.7.0

Update highlights

!!!This version requires PHP 7.4+!!!

This version improves the display shown to users when reviewing their login sessions, as the user agent is now parsed to display more human-readable information such as browser/version and operating system.

There is also new options to exclude users with Two-Factor Authentication enabled when performing batch user update actions from DB Security.

This version also refactors some backend code and fixes a...
Click to expand...

Read the rest of this update entry...
 
You must log in or register to reply here.

Similar threads

DragonByte Tech
[DBTech] DragonByte Social Groups [Paid]
3 4 5
Replies
92
Views
5K
Chernabog
Chernabog
Painbaker
[OzzModz] Russian languge for [DBTech] DragonByte Security
Replies
2
Views
652
Ozzy47
Ozzy47
DragonByte Tech
[DBTech] DragonByte User Upgrade Coupons [Paid]
2 3 4
Replies
69
Views
5K
DragonByte Tech
DragonByte Tech
DragonByte Tech
[DBTech] DragonByte InfoPanels [Paid]
2
Replies
29
Views
2K
DragonByte Tech
DragonByte Tech
DragonByte Tech
[DBTech] DragonByte eCommerce: Tickets [Paid]
2
Replies
28
Views
3K
DragonByte Tech
DragonByte Tech
Top Bottom