XenForo: When logging in with Firefox on an Android phone, it's difficult to access the lower parts of the login screen.


Status
Not open for further replies.

BarryMinion

Member
Feb 10, 2019
6
0
I can't seem to scroll the login popup down as swiping instead scrolls the background page, but I can tap in a white space area (outside of entry fields) and get the keyboard to disappear. This allows me to access the "Stay logged in " checkbox and use the other buttons. However, the login screen is slightly larger than my screen, so the lack of scrolling ability means that it's difficult to access the "Microsoft" button near the bottom. I don't know why anyone would /use/ those buttons <g>, but this "fixed" login popup does pose access issues nonetheless, at least in my case.

Note also that logging in with a traditional username/password will "push" the password box below the (default) keyboard on my Pixel 1. I can scroll the login screen up /just/ enough to see the password box, but only because the initial swipe pushes the browser's URL bar upward off the screen. After that, the login box cannot be moved further as it's fixed.

I'm not sure if this is a "problem" or not, but it is an issue that will probably affect other users. I do understand that this is not an issue with SQRL, but with XenForo. Should I report this to XenForo instead of here?

I also find that there's no obvious notice (anywhere I've looked) that this forum runs on XenForo or which version it is. It's good that the software doesn't blast itself into the face of forum users who don't care and don't need to know, but it would seem that /somewhere/ would display the name of the software and perhaps a link to a website. Apologies if I'm overlooking some small print somewhere. No one /needs/ this feature; I'm just noting that I didn't find it.
 

Vela Nanashi

Well-known member
May 19, 2018
720
124
I think it might be a good idea to try to make the mobile version of the forum login box a bit easier to deal with and more compact, but I am not sure how easy changing that would be.

It may be good to not flash what software and version the forum runs though, not that it really stops hackers, but it might delay them a few seconds.

Edit: If nowhere else, the source of the pages contain xenforo as a folder for styles at least, did not bother looking very deeply.
 

PHolder

Well-known member
May 19, 2018
1,223
204
would seem that /somewhere/ would display the name of the software and perhaps a link to a website
Why would this seem obvious? From a security perspective, hiding info is a good thing because attackers may want to find specific out of date (i.e. vulnerable) software. Also, I don't understand why anyone even cares... or how it's relevant info. If you need forum software, one assumes you will do your research or ask other forum operators... they don't need any extra free advertising IMHO.
 
  • Like
Reactions: NeoXander

RalleTest2

New member
Feb 13, 2019
1
1
I'm not sure if this is a "problem" or not, but it is an issue that will probably affect other users. I do understand that this is not an issue with SQRL, but with XenForo. Should I report this to XenForo instead of here?
Could be an issue with the theme too. I guess you could register on the XenForo website and see if their theme (the default) has the same problem. Otherwise you’d want to go to ThemeHouse and report it for their theme.
 
  • Like
Reactions: BarryMinion

BarryMinion

Member
Feb 10, 2019
6
0
Why would this seem obvious? From a security perspective, hiding info is a good thing because attackers may want to find specific out of date (i.e. vulnerable) software. Also, I don't understand why anyone even cares... or how it's relevant info. If you need forum software, one assumes you will do your research or ask other forum operators... they don't need any extra free advertising IMHO.
As I stated in the OP, no one needs this feature and it's a good thing there's no branding. It's just something I noticed by its absence when trying to report my usability concern.

I doubt that this adds any degree of security through obscurity, however. No viable threats will be thwarted or slowed and most attack vectors will be automated. A quick look at a few of the other forums I participate in suggests that this information is visible on about half of them, so it's good that this has changed over the years; forum branding was once rather loud and intrusive.

I notice that vBulletin continues to include an entire footer with its gory details at the bottom of every single page, but that's an old, obsolete platform that's just "always done it that way". It's ugly and unnecessary.
 
Last edited:

BarryMinion

Member
Feb 10, 2019
6
0
The XenForo Community site has a login popup that scrolls wonderfully, so it's not a standard XenForo issue.

The UI.X demo at ThemeHouse indeed has the non-scrollable login popup. It behaves exactly like the SQRL login, but the ThemeHouse demo popup is so small that it doesn't cause a problem, even with the keyboard active. The issue arises when you add a lot of login options to that non-scrollable window and we certainly have a lot of stuff crammed into our popup here ;).

It appears that the issue is caused by having the wrong area targeted by scroll actions on the mobile site (Firefox in Android 9). When the popup appears, it should move the "scroll focus" to itself and does not. I'm not a developer and may not be using the right language, but when try to scroll you can see the background page scrolling instead of the login popup.

I did not open a ticket about this at ThemeHouse as they accept them only from customers.
 

PHolder

Well-known member
May 19, 2018
1,223
204
security through obscurity
It's kind of a form of least privilege... i.e. don't give info to a stranger they have no need of... whether it's useful or not... and then they can't use it against you. There are databases out there that scrape version info against IP address and store it away for searching later when an attack becomes known... which is, for example, one use case for https://www.shodan.io/ .
 
Status
Not open for further replies.