1. Janos SUTO Avatar Janos SUTO
  2. Piler
  3. piler
  4. Issues

Cr code

Issue #410 resolved
edenilson amaral created an issue

Janos dear.

I'm having trouble using the QR code. Already I enabled the code for admin as you can see:

| username | pagelen | theme | lang | ga_enabled | ga_secret | +-------------+---------+---------+------+------------+------------------+ | admin@local | 20 | default | en | 1 | KGA7WF67ZZS4M5H3 | +-------------+---------+---------+------+------------+------------------+

When I inform the pin code when prompted, returns as invalid.

I need some additional configuration?

piler 1.1.0, build 884, Janos SUTO sj@acts.hu

Build Date: Tue Aug 19 09:14:15 CEST 2014 ldd version: ldd (Debian EGLIBC 2.13-38+deb7u3) 2.13 gcc version: gcc version 4.7.2 (Debian 4.7.2-5) Configure command: ./configure --localstatedir=/var --enable-starttls --enable-tcpwrappers --with-database=mysql

Thank you.

Comments (7)

  1. Janos SUTO repo owner

    Check the time on both your smartphone and the server, they must be the same (though a few seconds skew is usually ok). If you manage to fix it, be sure to generate a new QR code for yourself, since you've just revealed your secret.

  2. edenilson amaral reporter

    pin_code.jpeg

    Hi Janos, in fact the problem is the validation Pin Code as show in the snapshot attached.

    Is always invalidated.

    Thank you.

  3. Janos SUTO repo owner

    Have you checked the time on both your mobile phone and the server? Are they the same?

  4. edenilson amaral reporter

    Janos Sorry, I was unclear. The time of the two are identical.

    However I only need to use the password generated by QR that is stored in user_settings to strengthen the security of the browser login.

    I have no need to scan the QR code at the time.

    Is it possible?

    Thank you.

  5. Janos SUTO repo owner

    I'm not sure if I got it, but the QR code is actually not a password, rather it's a secret or seed (sort of) used to determine the current GA code. So without scanning the QR code, and configuring the Google Authenticator you can't really use this feature. If you don't want to bother with the GA code, you may still strengthen the login security by allowing captcha after 5 invalid login attempts.

    To do so, edit config-site.php, and set the following:

    $config['CAPTCHA_FAILED_LOGIN_COUNT'] = 5;
  6. edenilson amaral reporter

    Janos perfect.

    Understand the function of the GA, the captcha will serve well for this.

    Thank you!

  8. Log in to comment
Assignee
Type
bug
Priority
major
Status
resolved
Votes
0
Watchers
2
Jira: the preferred issue tracker for Bitbucket. Join the team!