WebsiteBaker Community Forum

General Community => Global WebsiteBaker 2.8.x discussion => Topic started by: Nick on January 06, 2012, 03:00:27 PM

Title: Bug: Excessive Invalid Logins
Post by: Nick on January 06, 2012, 03:00:27 PM

Problem Summary: User encounters page "Excessive Invalid Logins" after visiting a registered page more than 5 times.

WebsiteBaker Version: 2.8.2 SP2

Recommended Fix: Under Framework/class.login.php Line 110 replace $this->increase_attemps(); to $this->display_login();

AND/OR add a link on the Invalid Login Attempts page to return user to the home page.

Notes: Inside the Class Login PHP file there is an increase attempt whenever a user enters a blank username and password. I assume this is for security reasons, but if both the username and password are blank should this count as an attempt? Please note that a registered page in Website Baker triggers a function in the login class. When a user stumbles across a registered page 5 times the Maximum Invalid Attempts page triggers. If you can include my suggested changes or perhaps your own on the next release of website baker I give my thanks!

Title: Re: Bug: Excessive Invalid Logins
Post by: Luisehahne on January 06, 2012, 04:28:44 PM

in WB Versions 2.8.x it's not possible to set a backlink by core. Do it forself in the warning.html

Dietmar

Title: Re: Bug: Excessive Invalid Logins
Post by: Nick on January 06, 2012, 08:23:25 PM

Quote from: Luisehahne on January 06, 2012, 04:28:44 PM

in WB Versions 2.8.x it's not possible to set a backlink by core. Do it forself in the warning.html

Dietmar

I can change the warning.html to include the backlink, however the Argos_theme and wb_theme are included with the core which will require manual implementation each time a new version of the WebsiteBaker core is released.

The second fix is not as important as the first one. Inside the core of WebsiteBaker 2.8.x the login class is called when a user visits a registered page without placing in their username and password. Each time the login class is called the failed attempts trigger because the username and password is left blank.

Title: Re: Bug: Excessive Invalid Logins
Post by: Luisehahne on January 06, 2012, 10:36:54 PM

do your changes, backup your files. If you upgrade the core you can overwrite this files with your own.

Dietmar

Title: Re: Bug: Excessive Invalid Logins
Post by: Luisehahne on January 07, 2012, 03:04:35 AM

Hi Nick,

like i see it's line 97 not line 110

Code: [Select]


95: } elseif($this->username == '' AND $this->password == '') {
96: $this->message = $MESSAGE['LOGIN']['BOTH_BLANK'];
97: $this->display_login();
98: } elseif($this->username == '') {


Dietmar

Title: Re: Bug: Excessive Invalid Logins
Post by: Nick on January 11, 2012, 10:46:28 PM

Yes that is correct.

Sorry if I had the line number wrong, could have sworn I did a clean install of WB 2.8.2 SP2

Would it be possible to have this included in future versions of WebsiteBaker?

Title: Re: Bug: Excessive Invalid Logins
Post by: Luisehahne on January 11, 2012, 11:35:01 PM

Quote

Would it be possible to have this included in future versions of WebsiteBaker?

yes, in wb 2.8.3 we fixed it

Dietmar