--- a/includes/clientside/static/login.js Fri Jul 17 09:07:50 2009 -0400
+++ b/includes/clientside/static/login.js Fri Jul 17 17:11:09 2009 -0400
@@ -512,7 +512,7 @@
var div = document.createElement('div');
div.id = 'ajax_login_form';
- var show_captcha = ( data.locked_out && data.lockout_info.lockout_policy == 'captcha' ) ? data.lockout_info.captcha : false;
+ var show_captcha = ( data.locked_out.locked_out && data.locked_out.lockout_policy == 'captcha' ) ? data.locked_out.captcha : false;
// text displayed on re-auth
if ( logindata.user_level > USER_LEVEL_MEMBER )
@@ -761,7 +761,7 @@
logindata.loggedin_username = data.username
// Are we locked out? If so simulate an error and disable the controls
- if ( data.lockout_info.lockout_policy == 'lockout' && data.locked_out )
+ if ( data.lockout_info.lockout_policy == 'lockout' && data.locked_out.locked_out )
{
f_username.setAttribute('disabled', 'disabled');
f_password.setAttribute('disabled', 'disabled');
--- a/includes/sessions.php Fri Jul 17 09:07:50 2009 -0400
+++ b/includes/sessions.php Fri Jul 17 17:11:09 2009 -0400
@@ -656,6 +656,7 @@
return $this->login_compat($username, md5($password), $level);
}
+ // Lockout check
if ( !defined('IN_ENANO_INSTALL') )
{
$lockout_data = $this->get_lockout_info($lockout_data);
@@ -675,8 +676,6 @@
if ( $lockout_data['lockout_fails'] >= $lockout_data['lockout_threshold'] )
{
// ooh boy, somebody's in trouble ;-)
- $row = $db->fetchrow();
- $db->free_result();
return array(
'success' => false,
'error' => 'locked_out',
@@ -684,12 +683,11 @@
'lockout_duration' => ( $lockout_data['lockout_duration'] ),
'lockout_fails' => $lockout_data['lockout_fails'],
'lockout_policy' => $lockout_data['lockout_policy'],
- 'time_rem' => $lockout_data['lockout_time_rem'],
+ 'time_rem' => $lockout_data['time_rem'],
'lockout_last_time' => $lockout_data['lockout_last_time']
);
}
}
- $db->free_result();
}
// Instanciate the Rijndael encryption object
@@ -1022,11 +1020,13 @@
$locked_out = false;
$threshold = ( $_ = getConfig('lockout_threshold') ) ? intval($_) : 5;
$duration = ( $_ = getConfig('lockout_duration') ) ? intval($_) : 15;
- // convert to minutes
+ // convert to seconds
$duration = $duration * 60;
+ // decide on policy
$policy = ( $x = getConfig('lockout_policy') && in_array(getConfig('lockout_policy'), array('lockout', 'disable', 'captcha')) ) ? getConfig('lockout_policy') : 'lockout';
if ( $policy != 'disable' )
{
+ // enabled; make decision
$ipaddr = $db->escape($_SERVER['REMOTE_ADDR']);
$timestamp_cutoff = time() - $duration;
$q = $this->sql('SELECT timestamp FROM ' . table_prefix . 'lockout WHERE timestamp > ' . $timestamp_cutoff . ' AND ipaddr = \'' . $ipaddr . '\' ORDER BY timestamp DESC;');
@@ -1040,13 +1040,14 @@
'lockout_fails' => $fails,
'lockout_policy' => $policy,
'lockout_last_time' => $row['timestamp'],
- 'time_rem' => ( $duration / 60 ) - round( ( time() - $row['timestamp'] ) / 60 ),
+ 'time_rem' => $locked_out ? ( $duration / 60 ) - round( ( time() - $row['timestamp'] ) / 60 ) : 0,
'captcha' => ''
);
$db->free_result();
}
else
{
+ // disabled; send back default dataset
$lockdata = array(
'locked_out' => false,
'lockout_threshold' => $threshold,
@@ -4024,6 +4025,7 @@
*/
$code = $plugins->setHook('login_process_userdata_json', true);
+
foreach ( $code as $cmd )
{
$result = eval($cmd);