Author Topic: Bug: Excessive Invalid Logins  (Read 6356 times)

Offline Nick

  • Posts: 9
Bug: Excessive Invalid Logins
« on: January 06, 2012, 03:00:27 PM »
Problem Summary: User encounters page "Excessive Invalid Logins" after visiting a registered page more than 5 times.

WebsiteBaker Version: 2.8.2 SP2

Recommended Fix: Under Framework/class.login.php Line 110 replace $this->increase_attemps(); to $this->display_login();

AND/OR add a link on the Invalid Login Attempts page to return user to the home page.

Notes: Inside the Class Login PHP file there is an increase attempt whenever a user enters a blank username and password. I assume this is for security reasons, but if both the username and password are blank should this count as an attempt? Please note that a registered page in Website Baker triggers a function in the login class. When a user stumbles across a registered page 5 times the Maximum Invalid Attempts page triggers. If you can include my suggested changes or perhaps your own on the next release of website baker I give my thanks!

Offline Luisehahne

  • WebsiteBaker Org e.V.
  • **
  • Posts: 4379
  • Gender: Male
    • Webdesign und Entwicklung WebsiteBaker
Re: Bug: Excessive Invalid Logins
« Reply #1 on: January 06, 2012, 04:28:44 PM »
in WB Versions 2.8.x it's not possible to set a backlink by core. Do it forself in the warning.html

Dietmar
Immer nur von der Zukunft reden, die Gegenwart vergessen und auf die Vergangenheit schimpfen
Neues Unwort: Schnappatmung

Offline Nick

  • Posts: 9
Re: Bug: Excessive Invalid Logins
« Reply #2 on: January 06, 2012, 08:23:25 PM »
in WB Versions 2.8.x it's not possible to set a backlink by core. Do it forself in the warning.html

Dietmar

I can change the warning.html to include the backlink, however the Argos_theme and wb_theme are included with the core which will require manual implementation each time a new version of the WebsiteBaker core is released.

The second fix is not as important as the first one. Inside the core of WebsiteBaker 2.8.x the login class is called when a user visits a registered page without placing in their username and password. Each time the login class is called the failed attempts trigger because the username and password is left blank.

Offline Luisehahne

  • WebsiteBaker Org e.V.
  • **
  • Posts: 4379
  • Gender: Male
    • Webdesign und Entwicklung WebsiteBaker
Re: Bug: Excessive Invalid Logins
« Reply #3 on: January 06, 2012, 10:36:54 PM »
do your changes, backup your files. If you upgrade the core you can overwrite this files with your own.

Dietmar
Immer nur von der Zukunft reden, die Gegenwart vergessen und auf die Vergangenheit schimpfen
Neues Unwort: Schnappatmung

Offline Luisehahne

  • WebsiteBaker Org e.V.
  • **
  • Posts: 4379
  • Gender: Male
    • Webdesign und Entwicklung WebsiteBaker
Re: Bug: Excessive Invalid Logins
« Reply #4 on: January 07, 2012, 03:04:35 AM »
Hi Nick,

like i see it's line 97 not line 110

Code: [Select]

95: } elseif($this->username == '' AND $this->password == '') {
96: $this->message = $MESSAGE['LOGIN']['BOTH_BLANK'];
97: $this->display_login();
98: } elseif($this->username == '') {


Dietmar
Immer nur von der Zukunft reden, die Gegenwart vergessen und auf die Vergangenheit schimpfen
Neues Unwort: Schnappatmung

Offline Nick

  • Posts: 9
Re: Bug: Excessive Invalid Logins
« Reply #5 on: January 11, 2012, 10:46:28 PM »
Yes that is correct.

Sorry if I had the line number wrong, could have sworn I did a clean install of WB 2.8.2 SP2

Would it be possible to have this included in future versions of WebsiteBaker?
« Last Edit: January 11, 2012, 10:54:34 PM by Nick »

Offline Luisehahne

  • WebsiteBaker Org e.V.
  • **
  • Posts: 4379
  • Gender: Male
    • Webdesign und Entwicklung WebsiteBaker
Re: Bug: Excessive Invalid Logins
« Reply #6 on: January 11, 2012, 11:35:01 PM »
Quote
Would it be possible to have this included in future versions of WebsiteBaker?

yes, in wb 2.8.3 we fixed it

Dietmar
Immer nur von der Zukunft reden, die Gegenwart vergessen und auf die Vergangenheit schimpfen
Neues Unwort: Schnappatmung