# HG changeset patch # User Dan # Date 1247865069 14400 # Node ID 18d013f98fd0620165ce6049070c48b0096b5608 # Parent c4b057708436d4ca0b88f3df0cd528d7ca81dc59 AJAX Login: Fixed all known issues with lockout (and some unknown ones) diff -r c4b057708436 -r 18d013f98fd0 includes/clientside/static/login.js --- a/includes/clientside/static/login.js Fri Jul 17 09:07:50 2009 -0400 +++ b/includes/clientside/static/login.js Fri Jul 17 17:11:09 2009 -0400 @@ -512,7 +512,7 @@ var div = document.createElement('div'); div.id = 'ajax_login_form'; - var show_captcha = ( data.locked_out && data.lockout_info.lockout_policy == 'captcha' ) ? data.lockout_info.captcha : false; + var show_captcha = ( data.locked_out.locked_out && data.locked_out.lockout_policy == 'captcha' ) ? data.locked_out.captcha : false; // text displayed on re-auth if ( logindata.user_level > USER_LEVEL_MEMBER ) @@ -761,7 +761,7 @@ logindata.loggedin_username = data.username // Are we locked out? If so simulate an error and disable the controls - if ( data.lockout_info.lockout_policy == 'lockout' && data.locked_out ) + if ( data.lockout_info.lockout_policy == 'lockout' && data.locked_out.locked_out ) { f_username.setAttribute('disabled', 'disabled'); f_password.setAttribute('disabled', 'disabled'); diff -r c4b057708436 -r 18d013f98fd0 includes/sessions.php --- a/includes/sessions.php Fri Jul 17 09:07:50 2009 -0400 +++ b/includes/sessions.php Fri Jul 17 17:11:09 2009 -0400 @@ -656,6 +656,7 @@ return $this->login_compat($username, md5($password), $level); } + // Lockout check if ( !defined('IN_ENANO_INSTALL') ) { $lockout_data = $this->get_lockout_info($lockout_data); @@ -675,8 +676,6 @@ if ( $lockout_data['lockout_fails'] >= $lockout_data['lockout_threshold'] ) { // ooh boy, somebody's in trouble ;-) - $row = $db->fetchrow(); - $db->free_result(); return array( 'success' => false, 'error' => 'locked_out', @@ -684,12 +683,11 @@ 'lockout_duration' => ( $lockout_data['lockout_duration'] ), 'lockout_fails' => $lockout_data['lockout_fails'], 'lockout_policy' => $lockout_data['lockout_policy'], - 'time_rem' => $lockout_data['lockout_time_rem'], + 'time_rem' => $lockout_data['time_rem'], 'lockout_last_time' => $lockout_data['lockout_last_time'] ); } } - $db->free_result(); } // Instanciate the Rijndael encryption object @@ -1022,11 +1020,13 @@ $locked_out = false; $threshold = ( $_ = getConfig('lockout_threshold') ) ? intval($_) : 5; $duration = ( $_ = getConfig('lockout_duration') ) ? intval($_) : 15; - // convert to minutes + // convert to seconds $duration = $duration * 60; + // decide on policy $policy = ( $x = getConfig('lockout_policy') && in_array(getConfig('lockout_policy'), array('lockout', 'disable', 'captcha')) ) ? getConfig('lockout_policy') : 'lockout'; if ( $policy != 'disable' ) { + // enabled; make decision $ipaddr = $db->escape($_SERVER['REMOTE_ADDR']); $timestamp_cutoff = time() - $duration; $q = $this->sql('SELECT timestamp FROM ' . table_prefix . 'lockout WHERE timestamp > ' . $timestamp_cutoff . ' AND ipaddr = \'' . $ipaddr . '\' ORDER BY timestamp DESC;'); @@ -1040,13 +1040,14 @@ 'lockout_fails' => $fails, 'lockout_policy' => $policy, 'lockout_last_time' => $row['timestamp'], - 'time_rem' => ( $duration / 60 ) - round( ( time() - $row['timestamp'] ) / 60 ), + 'time_rem' => $locked_out ? ( $duration / 60 ) - round( ( time() - $row['timestamp'] ) / 60 ) : 0, 'captcha' => '' ); $db->free_result(); } else { + // disabled; send back default dataset $lockdata = array( 'locked_out' => false, 'lockout_threshold' => $threshold, @@ -4024,6 +4025,7 @@ */ $code = $plugins->setHook('login_process_userdata_json', true); + foreach ( $code as $cmd ) { $result = eval($cmd);