Logging on from another machine

[NotionCommotion]

Hi,  Tried to log on with another machine yesterday and was unsuccessful.  Didn't know I had an unused  email linked to phpfreaks and while the new machine authentication screen didn't say an email was sent, expect/hope that was the case.  The "other authentication" methods also seem to go no where.  Pretty much one of the worst ux I've seen for this type of thing and recommend trying it out so you see yourself.  Thanks

[requinix]

PM me some details and I'll look into it.

[NotionCommotion]

The following is what I see when I try to log on from another device.  Should I have received a code?  Don't think I did.  Messed around with Google authenticator but no success.   Requested an email but didn't get one.

While I still have some access to the email associated with my account, my wife stole it and I use a different email.  On the machine I am using now, tried to change it but get these same prompts.

Thanks

 

 

 

[kicken]

The code it's asking for would be from Google Authenticator.  You would have set this up previously at some point and should have an entry in the Google Authenticator app providing the code.  If you no longer have the Google Authenticator setup you'd have to use one of the other methods I guess.

I got the same screen when going to the page to change my password.  Entering the code from my Google Authenticator worked fine.  I agree the UI for this is kind of crap though.   Maybe some template work could help, dunno how hard that'd be to do.

[NotionCommotion]

Google Authenticator being a phone app?  Maybe on a phone long ago.  Installed it on my current phone and it is asking for a QR code or that I manually enter a setup key.  Is this key a phpfreaks thing?  Tried the other methods but none worked, and will try again later.  Thanks

[kicken]

Yes, it's a phone app.  You scan a QR code and it saves a secret key which the phone then uses to generate codes that the server can verify.  It's an implementation of Time-based One Time Password which a lot of places use for Two-factor authentication.  Unlike a lot of google stuff, this information isn't backed up to a google account so if you didn't take steps to back it up and move it to a new phone then you've lost the secret key and will no longer be able to generate the needed codes.

[NotionCommotion]

Finally was able to retrieve an authentication email sent my wife's email address (for unknown reasons, took a long time to be delivered).  Emailed back to my primary use PC which is the only one I was able to logon to phpfreaks, and clicked the link.  Then went to change my email but this time a QR code was displayed when being prompted for a code, and was able to change it.  Then went to disable the f'ing authenticator and at first didn't realize which link should be used, and of course had to repeat the authenticator process each time but finally got it disable.

[requinix]

On 7/20/2021 at 10:53 AM, kicken said:

I agree the UI for this is kind of crap though.   Maybe some template work could help, dunno how hard that'd be to do.

Don't know either. I saw this a while back myself too and assumed that IPB would fix it themselves at some point, but obviously they have not.

Looking at the template, it seems like the MFA screens were designed before a recent theme overhaul. Namely, they use a "ipsModal" CSS scheme when it seems they need to move to "ipsDialog". It's also missing out on color changes as the popup on dark theme isn't using the correct background colors (but it's still fine).
I've made that change for the authentication popup: it's still rather wide but I think it's definitely better now.

Edited July 21, 2021 by requinix

[kicken]

Much better.  As a testament to how bad it was before I didn't even notice it actually had some header text explaining what the input was for before.  I thought it was just a completely unlabeled input and submit button and wondered how the f* such a bad UI was ever released lol.