cpu usage 100% when logging (screencast)

eEight

Hi,

Just installed nodebb and imported +- 5k users. When login to nodebb, the cpu usage of my server hits 100% for almost 4 secs. Here's a screencast: https://dl.dropboxusercontent.com/u/1455235/nodebbcpu.webm

What can be the cause of this spike? Why it's taking so long to login a user, how can I troubleshoot this issue?

Thanks!

baris

Pretty sure its the bcryptjs module that we use. It takes a while to compare the passwords and it is considerably slower than the native version which requires compiling.

julian

@eEight What kind of hardware is your NodeBB running on? You may have better luck by lowering the # of bcrypt rounds used to encrypt passwords. I don't know what'll happen when you change the # of rounds, but you might end up accidentally locking yourself out, so YMMV...

eEight

@julian said:

What kind of hardware is your NodeBB running on?

Pentium 4 - 2.66 Ghz single-core (Ubuntu Server)

change the # of rounds

That really helped! (modifying config.json "bcrypt_rounds": 4).

nodebb use base64 right? Would it be doable (and not too much complicated) to change the authentification method to md5 so that my users can keep their actual password (from the importation)?

a_5mith

@eEight said:

md5

For the safety of your users, don't use this. You may as well store them in plain text if you're using MD5. What software are you coming from that's still using such a broken encryption method?

You can google an md5 hash and it will pretty much give you the password back. (Assuming it's in one of the many rainbow tables)

eEight

@a_5mith said:

What software are you coming from that's still using such a broken encryption method?

Punbb (very very old version of it)...

Thanks for the advice, now this bring my last question about login my old users:

• I have imported my users (with blank password - (not specifying the password))
• I have installed an emailer plugin

What would be the procedure (is there any admin / email to user plugin) to tell all my users about the new forum and how they will change their password?

Thanks for all the help so far, will release my plugin (based on https://github.com/akhoury/nodebb-plugin-import-ubb) for importing from punbb.

a_5mith

@eEight The way I did it was to create a custom show once widget with "Welcome to the new forum, if you already have an account, you will need to reset your password."

Quote me to see what that hyperlink looks like, just do the same on your site, your user enters the email they used, the emailer sends the reset email, they click it, enter a new password, done.

If your emailer is something like mandrill, you can export all your users information into a CSV file and send out an email that way. But do it in batches, and remove any email addresses that definitely won't go anywhere or be read. For each email that's undelivered, it drops your "can send per hour" limit down slightly. Also make sure you're allowed to send the emails, EU laws ban the sending of unsolicited email unless it's opt in, as do Canada now, but stricter.

EDIT: Here:

If you already have an account here, you will need to <a href="/reset">reset your password</a> before logging in for the first time. <br/><br/> <strong id="dismiss">Click to dismiss!</strong>
 <script>
if (!localStorage.getItem('dismissible')) {
$('#dismissible').removeClass('hide');
}
$('#dismiss').on('click', function() {
localStorage.setItem('dismissible', true);
$('#dismissible').hide();
});
</script>

Then put this into the Container

<div class="panel panel-primary hide" id="dismissible"><div class="panel-heading">{title}</div><div class="panel-body">{body}</div></div>

Copy that into an HTML widget in your Admin Control Panel. You could probably change the strong dismiss for a button if you preferred, as long as it has the same ID.

eEight

Would it possible to send an email to all users with the reset link already included in the email? Something like:

---

Hi everyone,

We switched to nodebb! You will need to reset your password before being able to use the forum.
Click here to reset your password

---

(I am not able to view the action / api that is called when using /reset)...

Thanks

a_5mith

@eEight I've not looked to be honest, I don't think so. You'd have to wait for the football to finish before you get an answer out of @julian

julian

Football finished

The reset link is coded to the account itself, so you'll have to generate a reset link for every user. It does expire (after 2 hours or something), so it's best to just send users to /reset. People in the past have tried pre-generating reset links and sending them out, but because of the expiration, you end up with a bunch of users who try clicking the link after it times out, which obviously doesn't work.

I believe in the ACP, you can export users as CSV. You can use that file to import your userbase into MailChimp (or Mandrill, as @a_5mith suggests), to send the welcome email to your users.

eEight

@julian said:

People in the past have tried pre-generating reset links and sending them out, but because of the expiration, you end up with a bunch of users who try clicking the link after it times out, which obviously doesn't work.

I would be interested to know how they did it!
I guess it is possible to change the 2 hours expiration?

Any hints?