Bug: Excessive Invalid Logins

Print
Go Down Pages1
User actions

Luisehahne

#7
January 11, 2012, 11:35:01 PM
QuoteWould it be possible to have this included in future versions of WebsiteBaker?

yes, in wb 2.8.3 we fixed it

Dietmar
Note: Once the code has been generated, it is easy to debug. It's not a bug, it's a feature!

Nick

#6
January 11, 2012, 10:46:28 PM Last Edit: January 11, 2012, 10:54:34 PM by Nick
Yes that is correct.

Sorry if I had the line number wrong, could have sworn I did a clean install of WB 2.8.2 SP2

Would it be possible to have this included in future versions of WebsiteBaker?

Luisehahne

#5
January 07, 2012, 03:04:35 AM
Hi Nick,

like i see it's line 97 not line 110

Code Select


95: } elseif($this->username == '' AND $this->password == '') {
96: $this->message = $MESSAGE['LOGIN']['BOTH_BLANK'];
97: $this->display_login();
98: } elseif($this->username == '') {



Dietmar
Note: Once the code has been generated, it is easy to debug. It's not a bug, it's a feature!

Luisehahne

#4
January 06, 2012, 10:36:54 PM
do your changes, backup your files. If you upgrade the core you can overwrite this files with your own.

Dietmar
Note: Once the code has been generated, it is easy to debug. It's not a bug, it's a feature!

Nick

#3
January 06, 2012, 08:23:25 PM
Quote from: Luisehahne on January 06, 2012, 04:28:44 PM
in WB Versions 2.8.x it's not possible to set a backlink by core. Do it forself in the warning.html

Dietmar

I can change the warning.html to include the backlink, however the Argos_theme and wb_theme are included with the core which will require manual implementation each time a new version of the WebsiteBaker core is released.

The second fix is not as important as the first one. Inside the core of WebsiteBaker 2.8.x the login class is called when a user visits a registered page without placing in their username and password. Each time the login class is called the failed attempts trigger because the username and password is left blank.

Luisehahne

#2
January 06, 2012, 04:28:44 PM
in WB Versions 2.8.x it's not possible to set a backlink by core. Do it forself in the warning.html

Dietmar
Note: Once the code has been generated, it is easy to debug. It's not a bug, it's a feature!

Nick

#1
January 06, 2012, 03:00:27 PM
Problem Summary: User encounters page "Excessive Invalid Logins" after visiting a registered page more than 5 times.

WebsiteBaker Version: 2.8.2 SP2

Recommended Fix: Under Framework/class.login.php Line 110 replace $this->increase_attemps(); to $this->display_login();

AND/OR add a link on the Invalid Login Attempts page to return user to the home page.

Notes: Inside the Class Login PHP file there is an increase attempt whenever a user enters a blank username and password. I assume this is for security reasons, but if both the username and password are blank should this count as an attempt? Please note that a registered page in Website Baker triggers a function in the login class. When a user stumbles across a registered page 5 times the Maximum Invalid Attempts page triggers. If you can include my suggested changes or perhaps your own on the next release of website baker I give my thanks!
Print
Go Up Pages1
User actions
SMF 2.1.4 © 2023, Simple Machines
ProCurve Theme Made By : TwitchisMental