Bug: Excessive Invalid Logins

[Nick]

Problem Summary: User encounters page "Excessive Invalid Logins" after visiting a registered page more than 5 times.

WebsiteBaker Version: 2.8.2 SP2

Recommended Fix: Under Framework/class.login.php Line 110 replace $this->increase_attemps(); to $this->display_login();

AND/OR add a link on the Invalid Login Attempts page to return user to the home page.

Notes: Inside the Class Login PHP file there is an increase attempt whenever a user enters a blank username and password. I assume this is for security reasons, but if both the username and password are blank should this count as an attempt? Please note that a registered page in Website Baker triggers a function in the login class. When a user stumbles across a registered page 5 times the Maximum Invalid Attempts page triggers. If you can include my suggested changes or perhaps your own on the next release of website baker I give my thanks!

[Luisehahne]

in WB Versions 2.8.x it's not possible to set a backlink by core. Do it forself in the warning.html

Dietmar

[Nick]

in WB Versions 2.8.x it's not possible to set a backlink by core. Do it forself in the warning.html

Dietmar

I can change the warning.html to include the backlink, however the Argos_theme and wb_theme are included with the core which will require manual implementation each time a new version of the WebsiteBaker core is released.

The second fix is not as important as the first one. Inside the core of WebsiteBaker 2.8.x the login class is called when a user visits a registered page without placing in their username and password. Each time the login class is called the failed attempts trigger because the username and password is left blank.

[Luisehahne]

do your changes, backup your files. If you upgrade the core you can overwrite this files with your own.

Dietmar

[Luisehahne]

Hi Nick,

like i see it's line 97 not line 110

Code: [Select]


95: } elseif($this->username == '' AND $this->password == '') {
96: $this->message = $MESSAGE['LOGIN']['BOTH_BLANK'];
97: $this->display_login();
98: } elseif($this->username == '') {


Dietmar

[Nick]

Yes that is correct.

Sorry if I had the line number wrong, could have sworn I did a clean install of WB 2.8.2 SP2

Would it be possible to have this included in future versions of WebsiteBaker?

[Luisehahne]

Would it be possible to have this included in future versions of WebsiteBaker?

yes, in wb 2.8.3 we fixed it

Dietmar