Something about mail authentication

Found an issue with the phpBB system here at NESdev? Use this forum to report problems.

Moderator: Moderators

Post Reply
tepples
Posts: 22705
Joined: Sun Sep 19, 2004 11:12 pm
Location: NE Indiana, USA (NTSC)
Contact:

Something about mail authentication

Post by tepples »

I posted a comment, and I got an error about sending mail, but the comment went through anyway. I'll try to save the exact error text next time.

EDIT: I posted a comment here, and I got no error. It might happen only when someone has chosen to "Notify me when a reply is posted".
User avatar
koitsu
Posts: 4201
Joined: Sun Sep 19, 2004 9:28 pm
Location: A world gone mad

Post by koitsu »

The phpBB software appears to have a bug -- or probably "a feature" that they thought was clever but is actually quite stupid.

If you save your forum login/password credentials in your browser, then go to the phpBB configuration screen (for the entire forum), at the very bottom you'll find SMTP configuration details. Defined there is a mail server, SMTP username (if needed), and SMTP password (if needed).

The mail server is "localhost" (as it should be), but -- and here's the bug -- the username/password are auto-populated with your forum login/password values. Yeah well, there is no SMTP user named "koitsu" with my password, so I imagine any mail

This is probably happening because the phpBB people are re-using the same HTML form input field name as what's used in the login page. The browser has no way to differentiate the two when it comes to storing login/password features.

Why it was working previously but not now:

Last night (after dealing with the nesdev wiki archival stuff), I noticed that the default timezone on the forum was still set to UTC-8 (we're in PDT right now, which is UTC-7, and this version of phpBB doesn't have DST support). That option is stored in the same configuration page as the above SMTP details. I changed it to UTC-7, clicked Submit, and thought nothing of it. This obviously turned on SMTP authentication (with my forum credentials, which as I said have nothing to do with SMTP AUTH).

So basically every time someone modifies something in the forum configuration section, they have to remember to clear the SMTP username and password fields before clicking Submit.

I've gone ahead and done this, so mail notifications should work again. But what a stupid, stupid, *stupid* bug.
Post Reply