<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
color:black;
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
color:black;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman",serif;
color:black;}
span.EmailStyle18
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;
color:black;
mso-fareast-language:EN-US;}
span.EmailStyle21
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body bgcolor="white" lang="EN-GB" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal"><span style="color:windowtext">Thanks Jules<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:windowtext"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:windowtext">FYI – the lack of an SPF record for the zend.to domain is causing messages posted to this mailing list to fail if the sending domain has implemented DMARC. If you add an SPF record to zend.to showing where
mail can be sent from there should be no more problems.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:windowtext"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:windowtext">Also, did you see my other message about an XSS vulnerability?<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:windowtext"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:windowtext">Thanks,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:windowtext">Stewart.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:windowtext"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:windowtext"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span lang="EN-US" style="color:windowtext;mso-fareast-language:EN-GB">From:</span></b><span lang="EN-US" style="color:windowtext;mso-fareast-language:EN-GB"> zendto-bounces@zend.to [mailto:zendto-bounces@zend.to]
<b>On Behalf Of </b>Jules<br>
<b>Sent:</b> 19 August 2016 17:14<br>
<b>To:</b> ZendTo Users <zendto@zend.to><br>
<b>Subject:</b> Re: [ZendTo] Username Locked Out Forever<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:12.0pt">Stewart,<br>
<br>
Oops! I'll take a look into this one as soon as I can. I suspect you're right, but I want to walk it through the code manually to confirm.<br>
<br>
Thanks!<br>
Jules.<br>
<br>
<span style="font-size:12.0pt;mso-fareast-language:EN-GB"><o:p></o:p></span></p>
<div>
<p class="MsoNormal">On 19/08/2016 16:41, Stewart Campbell wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">In MySQL->DBLoginlogLength we have the following query<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">$query = sprintf("SELECT count(*) FROM loginlog<o:p></o:p></p>
<p class="MsoNormal"> WHERE username = '%s' AND created > '%u'",<o:p></o:p></p>
<p class="MsoNormal"> $this->database->real_escape_string(strtolower($user)),<o:p></o:p></p>
<p class="MsoNormal"> $since);<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">The trouble is, $since is passed (in NSSDropbox->userFromAuthentication at least) from the preferences.php file which in my config is set to 86400. So we are basically saying where the username is in the loginlog table from 1970.<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">I think this needs to be changed to (time() - $since). I see the same function in SQLLite & SQLLite3.php files. Not sure if this is a similar problem.<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman",serif;mso-fareast-language:EN-GB"><br>
<br>
<br>
<o:p></o:p></span></p>
<pre>_______________________________________________<o:p></o:p></pre>
<pre>ZendTo mailing list<o:p></o:p></pre>
<pre><a href="mailto:ZendTo@zend.to">ZendTo@zend.to</a><o:p></o:p></pre>
<pre><a href="http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto">http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto</a><o:p></o:p></pre>
</blockquote>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman",serif;mso-fareast-language:EN-GB"><br>
<br>
<o:p></o:p></span></p>
<pre>Jules<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>-- <o:p></o:p></pre>
<pre>Julian Field MEng MBCS CITP CEng<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>'Give a man a fish, and you feed him for a day.<o:p></o:p></pre>
<pre> Teach a man to fish, and he'll sit in a boat and drink beer all day.'<o:p></o:p></pre>
<pre> - Anon<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre><a href="http://www.Zend.To">www.Zend.To</a><o:p></o:p></pre>
<pre>Twitter: @JulesFM<o:p></o:p></pre>
<pre>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654<o:p></o:p></pre>
</div>
</body>
</html>