• Content count

  • Joined

  • Last visited

  • Days Won


Milad last won the day on October 27 2016

Milad had the most liked content!

About Milad

  • Rank
  • Birthday 02/28/1983

IPS Marketplace

  • Resources Contributor
    Total file submissions: 2
  1. Well, it's worth posting an announcement. The app tries to draw users' attention (using the red icon), but it doesn't ask for OTP if it's not enabled.
  2. It should act the same way default IPS apps work. If the module permission overrides the group permission then we should go with that. But again, if we have module permission why would we use group permissions? Anyway, I recommend that you enable the module permission for all and use the group permissions because this is what really I built the app permissions around. The module permissions will only prevent members from login in. It depends on your use case. Some forums need extra security for admins, some of them need it for ordinary members. It depends on the purpose of your forums.
  3. You can disable this plugin until the next release. There is no way to transition users and I don't plan to implement it. Users will have to re-configure it. Would like to hear your feedback on this.
  4. So, the new version has been released. You can expect from me a new version of this product (in the upcoming days) that will change things. Those who paid for this product will not left unsatisfied.
  5. My product will continue to extend IPS and provide alternative settings and options for customers.
  6. Hello 1. There is no way that a password reset can bypass this. 5. Still the purpose of this app is not to protect from brute-force attacks. And all the websites, that I know, that use 2SA actually asks for the OTP after successful username and password combination. Regards
  7. 1. Have you test it? 2. Possibly in the future. 3. Not in the current version. But you can disable and re-enable the protection, this will create a new secret key. 4. Yes. 5. Yes, after successfully logged in. There is no fear of brute force attacks because IPS won't allow it in its stock software. There is a flood check.
  8. I see. This can't be bypassed in anyway. Just in case you can bypass it, please send it to me asap so I release an immediate fix. But I'm confident that it's not bypassable.
  9. I'm not sure how someone has your passwords. But if someone got your user table, then they have also the secret keys for 2-SA. I wrote in the app description: This app adds a security layer to your forums, but it doesn't replace the need to a secure server. I hope your problem is solved asap. Talk to your host to make sure they have all the software up to date, and mass-mail your members with links to change passwords. Regards
  10. Not now, but it's an idea I'll think about it.
  11. You can already force user groups to use the second authentication, check the group permissions. The acknowledgment is very specific use case here, so I don't think it can be part of the app. Regards
  12. Thanks, I'm hopeful to release it before December. This is just a hope not an ETA.
  13. I have tested it and confirmed that this is the reason. Is there any possibility that you remove this character until I release the next update? I can't release a fix right away because I'm working on the next release and it will be difficult to release it have the way.
  14. Can you please remove it temporarily to confirm? Regards
  15. I think the clock on your server is not correct, you need to make sure that your server's clock is correct. Try this: Make a php file, call it timetest.php, its content: <?php echo date('Y-M-d H:i:s', time()); Then compare the output with GMT time, they must be very close, if they are way different then this is the reason you code is not accepted by the server. Alternatively, the clock of your mobile could be wrong also.