Announcement

#1 2015-08-07 07:12:28

Sandshark
Member
2015-08-03
16

Registration email notices issues

OK, I've been playing around with user registrations, and have a couple of questions.

First:  The registration emails sent (standard one and one from UserAdvManager) seem to grab the URL to be included from the address bar, maybe via a cookie.  So, if I've logged on locally, it's http://192.168.0.xxx/.... and if I'm logged on via dynamic DNS redirect, it's http://my.current.public.ip/....., but that could change before the user responds.  I tried using $conf['gallery_url'] = 'http://my.piwigo.url.com' in local files editor and, while that changed the "Home" link on the web pages, it did nothing for the email notices.  I saw in previous messages (before v2.7), that this was supposed to be the fix.  I see no other URL's I can input or any way to directly change the text of the standard email or the link in the UserAdvManager one.  Is there something else I now need to do to get this working, or is this a bug?  It seems to be an issue only if it is running it via a dynamic IP redirector.  I tried cloaking the IP address via the redirector, and that made the situation worse.  Not only did the email still contain the current redirected IP address instead of the URL I put in with the local files editor, the UserAdvManager message about not being registered stopped displaying because it couldn't add "/?UAM_message=rejected" to the address, apparently doing so before it gets re-cloaked.

Second question:  How can I get the standard registration information email to not include the user's password or to send it obfuscated.  It's just plain bad form to send a password by email in the clear, and what if they type in the wrong email address and it goes to the wrong person?  Then, the mistaken addressee can hijack the account.

Piwigo version: 2.7.4
Still experimenting, not live.

Offline

 

#2 2015-08-09 20:37:23

Sandshark
Member
2015-08-03
16

Re: Registration email notices issues

Well, I've never programmed in PHP, but I did some digging anyway with Google as my friend for PHP commands.  The problem seems to be in the use of get_absolute_root_url() and get_gallery_home_url() functions, unless I don't understand the reason for get_absolute_root_url() and they should (but currently do not) return the same result when gallery_url is set.  When simply used in text, one can easily be substituted for the other.  But what about when used in other functions?

The registration email uses get_absolute_root_url() for the "Link: http://......" line in the email.  I believe it should use get_gallery_home_url().

UserAdvManagement must also do something similar.  I think it's here:

Code:

$content_info = (isset($infos1) ? $infos1_perso.l10n_args($infos1)
   ."\n\n" : "").(isset($infos2) ? $infos2_perso.l10n_args($infos2)
   ."\n\n" : "").get_absolute_root_url();

but I'm not completely sure.  I suppose I can try it and see.  But maybe somebody who's more familiar with PHP and Piwigo can confirm or deny.

Of course, this makes me wonder if there are other places where a programmer does not understand how these interact differently when there is not a fixed IP address.

Is there a proper way to implement such changes rather than edit the code?  Obviously any code editing will be lost on an update.

Offline

 

#3 2015-08-12 21:38:41

Sandshark
Member
2015-08-03
16

Re: Registration email notices issues

As I dig in farther, I get smarter on the cause, but not the real solution.

What is the intended use of get_gallery_home_url() vs. get_absolute_root_url()?  It may be strictly because I have a dynamic IP address and am using a URL and port 80 redirector (No-IP.com), but it appears to me that the latter is often used where the former is correct.  These emails are an example.  When I change get_absolute_root_url() to get_gallery_home_url(), everything seems to work and send the link the way I think it should.  But changing the code directly is not the right way to do this.

If I do not set gallery_url in config_default.inc.php, then both of these functions return the same thing:  My public IP and port (i.e http://111.222.333.444:5555) when logged in via the web and to my local IP (http://192.168.0.123:5555) when logged in locally.  Nobody but me will log in locally, so that's no issue.  But that public IP is dynamic, and may change tomorrow. So it should not be used for anything that isn't immediate.  Setting gallery_url to my host name makes get_gallery_home_url() return that host name (http://myhostisnotyetlive.com), which is good since it is fixed rather than dynamic.  It must be why this option is available  It does nothing to get_absolute_root_url(), which is clearly the intent and there must be a reason.  But what reason?

I see get_absolute_root_url() being used for such things as these emails to users where get_gallery_home_url() would seem to be the correct funtion to use.  For those with a fixed IP, it probably makes little difference if an email contains the host name or IP address, so any testing done under conditions with a fixed IP would not show this flaw.  But for those of us with a dynamic IP, the difference is important.

Since get_gallery_home_url() is at the bottom of functions_url.inc.php, maybe it's a newer addition and developers have just not gotten used to using it instead of get_absolute_root_url()?

Last edited by Sandshark (2015-08-14 06:43:48)

Offline

 

#4 2015-08-14 00:55:25

pbrownll
Member
2015-08-02
5

Re: Registration email notices issues

I also have a website sitting behind a semi-static IP address.  I use ddclient and a script, but not dyndns.  You have to access my site as xxxx.yyyyy.com, but that's simply a redirect - you can't do any sub-pages from that address.

Anyhow, there are numerous places where piwigo and associated plugins get things wrong:

- UserAdvManager: The registration link and the link to the gallery on the bottom banner of emails uses the static IP which is invalid.  Worse the link to validate a registration embeds the static IP address and there is no way to get to it directly from my external URL.

- Protect Notification plugin tries to mask email addresses with the static IP.  This creates an ill-formed mail address and my MTA (at least) rejects all emails sent from piwigo.  I had to disable that plugin.

I think there were other places that I either ignored or worked around, but not sure.

Offline

 

#5 2015-08-14 07:25:08

Sandshark
Member
2015-08-03
16

Re: Registration email notices issues

pbrownll wrote:

I also have a website sitting behind a semi-static IP address.  I use ddclient and a script, but not dyndns.  You have to access my site as xxxx.yyyyy.com, but that's simply a redirect - you can't do any sub-pages from that address.

Anyhow, there are numerous places where piwigo and associated plugins get things wrong:

- UserAdvManager: The registration link and the link to the gallery on the bottom banner of emails uses the static IP which is invalid.  Worse the link to validate a registration embeds the static IP address and there is no way to get to it directly from my external URL.

- Protect Notification plugin tries to mask email addresses with the static IP.  This creates an ill-formed mail address and my MTA (at least) rejects all emails sent from piwigo.  I had to disable that plugin.

I think there were other places that I either ignored or worked around, but not sure.

The link at the bottom of the email can be fixed by setting $gallery_url= in config_default.inc.php with Local Files Editor.  Make sure that URL contains the http:// or https://, or it does strange things.  I don't use Protect Notification, so can't say about it.  From what I've been able to tell, all emails from UserAdvManager suffer from this problem (though, oddly, the link at the bottom seems to do it right when you set gallery_url).

After you have set gallery_url, keep track of any place you see this issue.  A second set of eyes will always help.  I'm on the verge of being able to fix this, I just need two things from someone in the know:

Most importantly, a proper way to implement such a fix, other than submitting a bug report and waiting for the author to fix it.

And, an explanation of why these two functions that seem to have similar (and confusing) use even co-exist, so I don't change some instances that need to remain unchanged for some specific reason.  I have an inkling that your inability to do sub-pages from your URL may be one of those reasons.  I don't have that limitation, so this is the first time I'm thinking about that as a factor.

I tried to send you an email via the board, but it says I don't have access.  I thought that you might want to help me test it once I get the solution.

Offline

 

#6 2015-08-14 19:20:16

Eric
Piwigo Team
VALENCE (FR)
2005-03-25
1768

Re: Registration email notices issues

Hi and sorry for late reply.

I don't remember why I coded get_absolute_root_url()  instead of get_gallery_home_url() in UAM. Maybe get_gallery_home_url() is a recent function in Piwigo ?

Any way, Sandshark, you're using a dynDNS and it seems you are the first one ;-)

I've a strong lack of time to perform all necessary tests but, if you are pretty sure using get_gallery_home_url() instead of get_absolute_root_url() will not arm other user's configuration, i'll fix it in UAM code and publish a new version as soon as possible.

Thank you very much for your interest in UserAdvManager !

[edit] Could you please add your issue in UAM's bugtraker : http://piwigo.org/bugs/my_view_page.php ? Thanks ![/edit]

Last edited by Eric (2015-08-14 19:22:20)

Offline

 

#7 2015-08-16 22:48:08

Sandshark
Member
2015-08-03
16

Re: Registration email notices issues

Thanks for the reply.  Unfortunately, I am not yet sure that changing get_absolute_root_url() to get_gallery_home_url() won't do any harm to someone else's configuration.  I'm very new to Piwigo and never programmed in PHP before, so I'm taking baby steps.  Before you make the change and publish it, I think there needs to be a few more who test it out in different configurations.  Especially both with and without $gallery_URL being set.

Offline

 

Board footer

Powered by FluxBB

github twitter newsletter Donate Piwigo.org © 2002-2022 · Contact