Welcome to My iptv forum

  • Everyone is invited! My iptv forum is for everyone, new and advanced user alike!
  • Searching is key! Before you post a question, use the forum search feature to determine whether your topic has already been covered.
  • Do not start flame wars! If someone has engaged in behavior that is detrimental to the discussion -- spamming, harassment, etc -- report the post and we'll take a look.
  • Resource icon
    xF2 Add-on
    • Add "Force password reset on compromised password" option
      • This option is likely overkill for most sites, and is not generally recommended
    • Fix changing user entity while a write is pending in some cases
    • Add "Use rejected password fragments in password meter" option (default disabled).
      Take rejected password fragments into consideration when showing the password strength meter to the user.
      Security note: this makes the full list of rejected password fragments visible to end users; ensure that there aren't any sensitive password fragments before enabling.
    • Fix "Minimum time between triggering compromised password alerts on login" operating in seconds instead of hours
    • Fix cases where email 2fa would not be forced enabled on the first login request after a password is discovered as compromised
    • Rename various options to be better searchable
    • Adjust various option defaults to be more robust.
      • 'Minimum password length' from 8 => 10 characters
      • 'Minimum password strength' from 'very weak' to 'weak'
      • 'Pwned password minimum count (soft)' from 1 to 0
      • 'Pwned password minimum count (hard)' from 2 to 1
      • 'Pwned password cache time' from 7 to 3 days
    • Improve detection of admin/automated edits for the "Enforce password complexity for admins" feature.
    • Require XenForo 2.2+, drop XF2.1 support
    • Actually implement cron to prune the pwned password hash cache. Old entries where already being ignored, so this will hopefully just reduce MySQL table bloat
    • Fix denial of service attack by preventing too long password which can trigger factorial number of brute force password checks when using Zxcvbn
      • Update new install option defaults to more recommend values:
      • Enforce password complexity for admins
      • Enable "Length check by default, and set the "Minimum length" to 8
      • Enable "Pwned password password validation" by default
    • Switch back to upstream bjeavons/zxcvbn-php library as it should be fully php 8.1 compatible.
    • More 32bit php fixes, Thanks to @NamePros
    • Fix edge case where 32bit php would incorrectly report a very strong password was weak due to bad float to integer truncation.
    • Recommend ext-gmp (aka php-gmp) for optimized binomial calculations, which requires php 7.3+
    • Dramatically reduce redistributable size by trimming unneeded files
    • php 8.1 compatibility fix
    • Reduce queries when triggering forced email 2fa
    • Prevent rare DuplicateKeyException when forcing email 2fa and multiple tabs are being used
    Thanks to @NamePros for sponsoring this update.
    • Update compromised password alert text to be less awkward
    • On updating passwords, remove any compromised password alerts to avoid user confusion
    • Add "Force email two factor authentication on compromised password" option (default disabled)
    • Add "Pwned password minimum count (soft)" option.
      This allows a user to change a password to a known compromised value which is under a given number of known hits. This still generates compromised password alerts
    18,036Threads
    63,152Messages
    62,350Members
    rogerrickLatest member
    Top