Author Topic: Increase the count for login attemps  (Read 170 times)

Offline Vasiliy

  • Posts: 35
  • Gender: Male
Increase the count for login attemps
« on: September 26, 2018, 09:48:09 AM »
Hello!

I'm doing the site on WebsiteBaker.
During the check, I noticed that count for login attemps is not considered.
The session does not increase.

I am open file: Login.php
and found function increase_attemps():

// Increase the count for login attemps
    protected function increase_attemps()
    {
        $_SESSION['ATTEMPS'] = (isset($_SESSION['ATTEMPS']) ? $_SESSION['ATTEMPS']++ : 0);       
        $this->display_login();
    }

I am change function:

// Increase the count for login attemps
    protected function increase_attemps()
    {
        $_SESSION['ATTEMPS'] = (isset($_SESSION['ATTEMPS']) ? $_SESSION['ATTEMPS']=$_SESSION['ATTEMPS']+1 : 0);
       
echo '$_SESSION: ';
        echo $this->get_session('ATTEMPS').'<br>';
        print_r($_SESSION);
        exit(0);
       
        $this->display_login();
    }

and the function began to work.
Is this a bug in the code?
Or is my server not properly configured?

Offline dbs

  • Betatester
  • **
  • Posts: 7553
  • Gender: Male
  • tioz4ever
    • WebsiteBaker - jQuery-Plugins - Module - Droplets - Tests
Re: Increase the count for login attemps
« Reply #1 on: September 26, 2018, 11:23:11 AM »
Hello. seems you're right, it works not.
The developer will have a look. Thanks for reporting.  (Y)

Offline DarkViper

  • Forum administrator
  • *****
  • Posts: 2976
  • Gender: Female
Re: Increase the count for login attemps
« Reply #2 on: September 28, 2018, 02:53:13 AM »
It's a really unsure thing to calculate directly with global session variables or also with global vars.  8-)

Look at this both kind of calculation:
// version 1 <original>
    $_SESSION['ATTEMPS'] = (isset($_SESSION['ATTEMPS']) ? $_SESSION['ATTEMPS']++ : 0);

// version 2 <your variation> (I've commented out really superfluous code here. Why??  See here)
//    $_SESSION['ATTEMPS'] = (isset($_SESSION['ATTEMPS']) ? $_SESSION['ATTEMPS']=$_SESSION['ATTEMPS']+1 : 0);
    $_SESSION['ATTEMPS'] = (isset($_SESSION['ATTEMPS']) ? $_SESSION['ATTEMPS']+0);

In a clearly defined environment ($_SESSION['ATTEMPS'] is not set or it contains an integer value) both statements give exactly the same result.
(But try to preset the variable by null or empty string or something else… you will get curious results… in both versions! :roll: )
Don't worry, it is possible to catch all of these oddities..

Use of the core method $this->get_session('ATTEMPS')  solves some of.
The method returns the value or NULL if the variable is not set. Now a simply intval(); will sanitize the result:
An integer value (0 to n) passes through  and a NULL or an empty string or a string of chars will all result in an integer 0...  that's all.

// version for PHP-5.6 and up
protected $iAttemps 0// local storage

protected function increase_attemps()
{
    
// get the session var, sanitize it and store it into local storage
    
$this->iAttemps intval($this->get_session('ATTEMPS'));
    
// increment the local storage and assign the result to the session var
    
$_SESSION['ATTEMPS'] = ++$this->iAttemps;
    
$this->display_login();
}

protected function 
display_login()
{
    [
]
    
// if local storage is greater then max_attemps.. then fire a warning
    
if ($this->iAttemps $this->max_attemps) {
        
$this->warn();
    }
    [
]
}

In that way the session var only one time was read.. and after processing one time it's written. (With regards from IPO or in German: EVA)
Any access to a session variable that has not been executed helps to avoid problems. And by the way, the code is getting easier and much faster. ;-)

Manuela
Der blaue Planet - er ist nicht unser Eigentum - wir haben ihn nur von unseren Nachkommen geliehen

"You have to take the men as they are… but you can not leave them like that !" :-P
Das tägliche Stoßgebet: Oh Herr, wirf ihnen Hirn vom Himmel !

Offline Vasiliy

  • Posts: 35
  • Gender: Male
Re: Increase the count for login attemps
« Reply #3 on: September 28, 2018, 09:17:40 AM »
Thanks for the comments.
good comments.
While on my website I will do so:
Quote
$_SESSION['ATTEMPS'] = (isset($_SESSION['ATTEMPS']) ? $_SESSION['ATTEMPS']+1 : 0);
I think need to do a new WebsiteBaker update.

 

postern-length