Author Topic: Bug: Excessive Invalid Logins (Read 12532 times)

Nick · « **on:** January 06, 2012, 03:00:27 PM »

Problem Summary: User encounters page "Excessive Invalid Logins" after visiting a registered page more than 5 times.

WebsiteBaker Version: 2.8.2 SP2

Recommended Fix: Under Framework/class.login.php Line 110 replace $this->increase_attemps(); to $this->display_login();

AND/OR add a link on the Invalid Login Attempts page to return user to the home page.

Notes: Inside the Class Login PHP file there is an increase attempt whenever a user enters a blank username and password. I assume this is for security reasons, but if both the username and password are blank should this count as an attempt? Please note that a registered page in Website Baker triggers a function in the login class. When a user stumbles across a registered page 5 times the Maximum Invalid Attempts page triggers. If you can include my suggested changes or perhaps your own on the next release of website baker I give my thanks!

Luisehahne · « **Reply #1 on:** January 06, 2012, 04:28:44 PM »

in WB Versions 2.8.x it's not possible to set a backlink by core. Do it forself in the warning.html

Dietmar

Nick · « **Reply #2 on:** January 06, 2012, 08:23:25 PM »

Quote from: Luisehahne on January 06, 2012, 04:28:44 PM

in WB Versions 2.8.x it's not possible to set a backlink by core. Do it forself in the warning.html

Dietmar

I can change the warning.html to include the backlink, however the Argos_theme and wb_theme are included with the core which will require manual implementation each time a new version of the WebsiteBaker core is released.

The second fix is not as important as the first one. Inside the core of WebsiteBaker 2.8.x the login class is called when a user visits a registered page without placing in their username and password. Each time the login class is called the failed attempts trigger because the username and password is left blank.

Luisehahne · « **Reply #3 on:** January 06, 2012, 10:36:54 PM »

do your changes, backup your files. If you upgrade the core you can overwrite this files with your own.

Dietmar

Luisehahne · « **Reply #4 on:** January 07, 2012, 03:04:35 AM »

Hi Nick,

like i see it's line 97 not line 110

Code: [Select]


95:	} elseif($this->username == '' AND $this->password == '') {
96:		$this->message = $MESSAGE['LOGIN']['BOTH_BLANK'];
97:		$this->display_login();
98:	} elseif($this->username == '') {

Dietmar

Nick · « **Reply #5 on:** January 11, 2012, 10:46:28 PM »

Yes that is correct.

Sorry if I had the line number wrong, could have sworn I did a clean install of WB 2.8.2 SP2

Would it be possible to have this included in future versions of WebsiteBaker?

Luisehahne · « **Reply #6 on:** January 11, 2012, 11:35:01 PM »

Quote

Would it be possible to have this included in future versions of WebsiteBaker?

yes, in wb 2.8.3 we fixed it

Dietmar

News

Support WebsiteBaker

Your donations will help to:

You can donate by clicking on the button below.

Author Topic: Bug: Excessive Invalid Logins (Read 12532 times)

Nick

Bug: Excessive Invalid Logins

Luisehahne

Re: Bug: Excessive Invalid Logins

Nick

Re: Bug: Excessive Invalid Logins

Luisehahne

Re: Bug: Excessive Invalid Logins

Luisehahne

Re: Bug: Excessive Invalid Logins

Nick

Re: Bug: Excessive Invalid Logins

Luisehahne

Re: Bug: Excessive Invalid Logins