Uploaded image for project: 'phpBB3'
  1. phpBB3
  2. PHPBB3-9752

Misleading text when using Q&A CAPTCHA

    Details

    • Type: Bug
    • Status: Unverified Fix
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 3.0.7-PL1
    • Fix Version/s: 3.0.8-RC1
    • Component/s: Language pack
    • Labels:
      None

      Description

      When we are using the built in Q&A CAPTCHA these two lines (common.php) are misleading
      'LOGIN_CONFIRM_EXPLAIN' => 'To prevent brute forcing accounts the board requires you to enter a confirmation code after a maximum amount of failed logins. The code is displayed in the image you should see below. If you are visually impaired or cannot otherwise read this code please contact the %sBoard Administrator%s.',
      'LOGIN_ERROR_ATTEMPT => 'You exceeded the maximum allowed number of login attempts. In addition to your username and password you now also have to enter the confirm code from the image you see below.',
      I think we must add " or answer a question" or something similar to cover both scenerios.

        Issue Links

          Activity

          Hide
          callum95 callum95 added a comment -

          To prevent brute forcing accounts the board requires you to prove that you are human after a maximum amount of failed logins. The code is displayed in the image you should see below. If you are visually impaired or cannot otherwise read this code please contact the %sBoard Administrator%s.
          You exceeded the maximum allowed number of login attempts. In addition to your username and password you now also have to prove that you're human, by answering the following.

          Wouldn't that be enough?

          Show
          callum95 callum95 added a comment - To prevent brute forcing accounts the board requires you to prove that you are human after a maximum amount of failed logins. The code is displayed in the image you should see below. If you are visually impaired or cannot otherwise read this code please contact the %sBoard Administrator%s. You exceeded the maximum allowed number of login attempts. In addition to your username and password you now also have to prove that you're human, by answering the following. Wouldn't that be enough?
          Hide
          narqelion narqelion [X] (Inactive) added a comment -

          This patch removes 'LOGIN_CONFIRM_EXPLAIN' (as I could not find it being called anywhere ...if somebody knows why a language variable that isn't used exists I would be interested to know why) and changes 'LOGIN_ERROR_ATTEMPTS' to

          You exceeded the maximum allowed number of login attempts. In addition to your username and password you now also have to solve the CAPTCHA below.'

          Show
          narqelion narqelion [X] (Inactive) added a comment - This patch removes 'LOGIN_CONFIRM_EXPLAIN' (as I could not find it being called anywhere ...if somebody knows why a language variable that isn't used exists I would be interested to know why) and changes 'LOGIN_ERROR_ATTEMPTS' to You exceeded the maximum allowed number of login attempts. In addition to your username and password you now also have to solve the CAPTCHA below.'

            People

            • Assignee:
              naderman Nils Adermann
              Reporter:
              jask Jan Skovsgaard
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development