* If someone exceeds the maximum login attempts (enters an incorrect password multiple times), gets prompt #538 (if the e-mail reset feature has been enabled) and then hangs up at that prompt, Mystic appears to
send the password reset e-mail despite the fact that the user hung up --
* If a user attempts to deselect a (single) message base from new scans
or QWK new scans, which has New Scan: Forced or QWK Scan: Forced,
prompts #302/#406 do not seem to be shown any longer. (I know these
* If someone exceeds the maximum login attempts, gets prompt #538, denies e-mail reset, gets prompt #475, chooses to send a password inquiry to the SysOp and then aborts the message from within the full screen editor, the recipient of the automatic hackwarn message appears to be set to be the SysOp rather than the potentially hacked user.
* If someone exceeds the maximum login attempts (enters an incorrect password multiple times), gets prompt #538 (if the e-mail reset featu has been enabled) and then hangs up at that prompt, Mystic appears to send the password reset e-mail despite the fact that the user hung up
I have cleaned this up so it will simply shut down the node and do nothing, since the user never actually asked for the e-mail.
* If someone exceeds the maximum login attempts (enters an incor password multiple times), gets prompt #538 (if the e-mail reset has been enabled) and then hangs up at that prompt, Mystic appea send the password reset e-mail despite the fact that the user hu
I have cleaned this up so it will simply shut down the node and do nothing, since the user never actually asked for the e-mail.
Thanks! But it will send a hackwarn message to the user before shutting down, right? As otherwise someone can repeatedly hang up at the password reset prompt and the user will never know about the failed login attempts...
Yes, it should still send the hackwarn notification before shutting
down. If it doesn't let me know! :)
(Please let me know once the next build with all those fixes has been published, and I'll be happy to test all the password reset/e-mail validation stuff again!)
published, and I'll be happy to test all the password reset/e-mail validation stuff again!)
There should be a new build up now for you to try!
However, it appears to send the entire file instead of only the text in the [Text] stanza. (I have textmci = true if that would make any difference.) Same thing for both pwreset.ini and emailval.ini.
However, it appears to send the entire file instead of only the text the [Text] stanza. (I have textmci = true if that would make any
Thats pretty funny.
Okay thanks I will check into that and get it fixed up!
However, it appears to send the entire file instead of only the the [Text] stanza. (I have textmci = true if that would make any
Thats pretty funny.
Okay thanks I will check into that and get it fixed up!
Thanks a lot! It is much appreciated!
Thanks! The logic for sending hackwarn messages seems to be working just fine now! I think I tried all possible combinations of yes/no, correct/incorrect answers and hanging up at different points. :)
However, it appears to send the entire file instead of onlyThats pretty funny.
Okay thanks I will check into that and get it fixed up!
Thanks a lot! It is much appreciated!
OK, so this might be more or less harmless, but...
If the user correctly enters the password reset code (prompt #542) and hangs up during the actual password change (at prompt #543 or #544), a hackwarn message is sent to the user.
It would be nice if the hackwarn sending gets disabled as soon as the
user has entered the correct password reset code (I think).
It would be nice if the hackwarn sending gets disabled as soon as the user has entered the correct password reset code (I think).
I will change this in the next build. Please give it a test when you
can!
Sysop: | Eric Oulashin |
---|---|
Location: | Beaverton, Oregon, USA |
Users: | 98 |
Nodes: | 16 (0 / 16) |
Uptime: | 06:09:38 |
Calls: | 3,547 |
Calls today: | 4 |
Files: | 8,461 |
Messages: | 338,284 |
Posted today: | 3 |