# HG changeset patch # User Dan # Date 1246539689 14400 # Node ID 9e61f16a8e4717eac41292e7575832c947e3a3dd # Parent 8a4b75e7313755d0c76f7418d86cb55a20d48f7f Login and sessions: fixed some improper handling of the config for lockout logic diff -r 8a4b75e73137 -r 9e61f16a8e47 includes/sessions.php --- a/includes/sessions.php Thu Jul 02 09:00:52 2009 -0400 +++ b/includes/sessions.php Thu Jul 02 09:01:29 2009 -0400 @@ -658,7 +658,7 @@ if ( !defined('IN_ENANO_INSTALL') ) { - $locked_out = $this->get_lockout_info($lockout_data); + $lockout_data = $this->get_lockout_info($lockout_data); $captcha_good = false; if ( $lockout_data['lockout_policy'] == 'captcha' && $captcha_hash && $captcha_code ) @@ -1030,8 +1030,8 @@ $ipaddr = $db->escape($_SERVER['REMOTE_ADDR']); $timestamp_cutoff = time() - $duration; $q = $this->sql('SELECT timestamp FROM ' . table_prefix . 'lockout WHERE timestamp > ' . $timestamp_cutoff . ' AND ipaddr = \'' . $ipaddr . '\' ORDER BY timestamp DESC;'); - $fails = $db->numrows(); - $row = $db->fetchrow(); + $fails = $db->numrows($q); + $row = $db->fetchrow($q); $locked_out = ( $fails >= $threshold ); $lockdata = array( 'locked_out' => $locked_out, @@ -1045,7 +1045,20 @@ ); $db->free_result(); } - return $locked_out; + else + { + $lockdata = array( + 'locked_out' => false, + 'lockout_threshold' => $threshold, + 'lockout_duration' => ( $duration / 60 ), + 'lockout_fails' => 0, + 'lockout_policy' => $policy, + 'lockout_last_time' => 0, + 'time_rem' => 0, + 'captcha' => '' + ); + } + return $lockdata; } /** diff -r 8a4b75e73137 -r 9e61f16a8e47 language/english/user.json --- a/language/english/user.json Thu Jul 02 09:00:52 2009 -0400 +++ b/language/english/user.json Thu Jul 02 09:01:29 2009 -0400 @@ -85,6 +85,7 @@ err_dh_key_not_found: 'Enano couldn\'t retrieve the private key used for the high-strength encrypted logon. It is possible that the list of keys was cleared during your logon process as this happens approximately once every 72 hours. Please try logging in again; if you are still unable to log in, please contact the site administration.', err_dh_key_not_numeric: 'The Diffie-Hellman public key you sent through was not an arbitrary-precision decimal integer.', err_dh_hash_no_match: 'The Diffie-Hellman key was not calculated correctly by one of the parties (I got a different shared secret than you did).', + err_userinfo_decode_failed: 'An internal error occurred while decrypting the encrypted information packet.', err_key_wrong_length: 'The encryption key was the wrong length.', err_too_big_for_britches: 'You are trying to authenticate at a level that your user account does not permit.', err_invalid_credentials: 'You have entered an invalid username or password. Please enter your login details again.', diff -r 8a4b75e73137 -r 9e61f16a8e47 plugins/SpecialUserFuncs.php --- a/plugins/SpecialUserFuncs.php Thu Jul 02 09:00:52 2009 -0400 +++ b/plugins/SpecialUserFuncs.php Thu Jul 02 09:01:29 2009 -0400 @@ -171,11 +171,11 @@ break; case 'invalid_credentials': $errstring = $lang->get('user_err_invalid_credentials'); - if ( $__login_status['lockout_policy'] == 'lockout' ) + if ( getConfig('lockout_policy', 'lockout') == 'lockout' ) { - $errstring .= $lang->get('err_invalid_credentials_lockout', array('fails' => $__login_status['lockout_fails'])); + $errstring .= $lang->get('user_err_invalid_credentials_lockout', array('fails' => $__login_status['lockout_fails'])); } - else if ( $__login_status['lockout_policy'] == 'captcha' ) + else if ( getConfig('lockout_policy', 'lockout') == 'captcha' ) { $errstring .= $lang->get('user_err_invalid_credentials_lockout_captcha', array('fails' => $__login_status['lockout_fails'])); }