Bug Invalid do=authorise action

Status
Not open for further replies.
F

FrontierDev

Customer
Hi,

We've recently applied vbSecurity to our vB 4.2.3 forum. Whenever one of our forum members receives the email message about a new IP that needs to be authorised, if they click on the authorise link in the email they get an "Invalid action" message back from our forum.

This email is the one from the phrase "dbtech_vbsecurity_access_new_ip_frontend_message"

"vBSecurity just detected that someone attempted to access your account at $info[bbtitle], using the following IP Address: $info[ipaddress]
You can check your current IP Address here: What Is My IP - The IP Address Experts Since 1999 - WhatIsMyIP.com ®

If this account access attempt was not you, please run a full anti-virus scan of your computer immediately, and also change your forum password.

If you recognise this IP address and would like to add it to the whitelist, please click here: $info[bburl]/vbsecurity.php?$info[sessionurl]do=authorise&authhash=$info[hash]"

When clicking on the link for "do=authorise" this returns the "Invalid action" message.

Is the file /dbtech/vbsecurity/actions/authorise.php missing?

Cheers
David F.
 
Hmm, I tested this locally and did not run into this issue. I've tried moving the code that handles that check around a bit, can you re-download v2.1.0 and re-upload all files and see if this resolves it for you?

Do note that if someone tries to click that link a second time after their IP has already been verified, it will still say Invalid Action - it'll only redirect to forum.php if they currently have a pending verification for their current IP address.
 
Hi Fillip,

Thanks for the reply, we've uploaded 2.1.0 but this hasn't changed anything. The repro steps are

* User logs into the forums
* User goes to their Settings [ /profile.php?do=editoptions ]
* User scrolls down to the My Settings -> My Account -> General Settings
* User checks/ticks the "Enable IP Verification" box.
* User saves said settings.
* Next page ends up being this error:

Your IP Address (x.y.z.w) is currently awaiting authorisation to be enabled for the user bctrainers.
Please check the email address associated with your account and click the authorisation link.

The user will then get an email that looks like this...

"
Greetings, trainers,

vBSecurity just detected that someone attempted to access your account at Frontier Forums, using the following IP Address: x.y.z.w
You can check your current IP Address here: What Is My IP - The IP Address Experts Since 1999 - WhatIsMyIP.com ®

If this account access attempt was not you, please run a full anti-virus scan of your computer immediately, and also change your forum password.

If you recognise this IP address and would like to add it to the whitelist, please click here:
https://forums.frontier.co.uk/vbsecurity.php?do=authorise&authhash=dac18b5c416e8c9d7654e367bec8bf03
"

* User then clicks the whitelist URL...
* User then sees this error: https://i.imgur.com/6khO95K.png - HTTP 500 error
* NOTE: If a remote user tries to use the URL, the forums vbulletin error message will activate with the error of: Invalid Action.

Hope that helps at all.

Cheers
David F.
 
I believe I discovered the cause behind the 500 ISE - your server is configured to treat PHP warnings as an Internal Server Error. If you re-download v2.1.0 and re-upload all files, I believe it should be fixed now :)

The fact that a remote user sees Invalid Action is working as intended - the link should only work when the user whose IP is being authorised clicks it.
 
Hi Fillip,

We've now applied the updated 2.1.0 to the our forums and that appears to be working correctly now.
Thanks for doing the update, appreciated.

The only visual minor bug we see is that the headers/navbits, anything with CSS elements, become broken on the "waiting for authorisation" page, which is kinda expected.

Cheers
David F.
 
Hey FrontierDev, sorry for the delay in responding to this :(

I'd like to see the issue in action, so I've registered an account but it seems like my account has been restricted. Would it be possible for you to bump my account up to a full member so I can access the IP Verification setting?

My username @ your forum is Fillip H.

Thanks!
 
Status
Not open for further replies.

Similar threads

Eden
  • Locked
  • Support ticket
Bug Not receiving the email to whitelist my IP
Replies
2
Views
1K
DragonByte Technologies
DragonByte Technologies
Nirjonadda
  • Locked
  • Support ticket
Bug Invalid Action Go Back
Replies
2
Views
605
Fillip H.
Fillip H.
B
  • Locked
  • Support ticket
Bug Lite version missing ipcheck files
Tags
$action file file_existsdir include
Replies
4
Views
2K
Fillip H.
Fillip H.
H
  • Locked
  • Support ticket
Question Password Reset Functionality
Tags
email password passwords reset users
Replies
2
Views
1K
DragonByte Technologies
DragonByte Technologies
Nirjonadda
  • Locked
  • Support ticket
Question Email confirmation For IP addresses
Replies
5
Views
621
Fillip H.
Fillip H.

Legacy vBSecurity

vBulletin 3.8.x vBulletin 4.x.x
Seller
DragonByte Technologies
Release date
Last update
Total downloads
813
Customer rating
0.00 star(s) 0 ratings
Back
Top