AJAX Login: Fixed all known issues with lockout (and some unknown ones)
authorDan
Fri, 17 Jul 2009 17:11:09 -0400
changeset 1065 18d013f98fd0
parent 1058 c4b057708436
child 1066 bead71f28f63
AJAX Login: Fixed all known issues with lockout (and some unknown ones)
includes/clientside/static/login.js
includes/sessions.php
--- a/includes/clientside/static/login.js	Fri Jul 17 09:07:50 2009 -0400
+++ b/includes/clientside/static/login.js	Fri Jul 17 17:11:09 2009 -0400
@@ -512,7 +512,7 @@
   var div = document.createElement('div');
   div.id = 'ajax_login_form';
   
-  var show_captcha = ( data.locked_out && data.lockout_info.lockout_policy == 'captcha' ) ? data.lockout_info.captcha : false;
+  var show_captcha = ( data.locked_out.locked_out && data.locked_out.lockout_policy == 'captcha' ) ? data.locked_out.captcha : false;
   
   // text displayed on re-auth
   if ( logindata.user_level > USER_LEVEL_MEMBER )
@@ -761,7 +761,7 @@
   logindata.loggedin_username = data.username
   
   // Are we locked out? If so simulate an error and disable the controls
-  if ( data.lockout_info.lockout_policy == 'lockout' && data.locked_out )
+  if ( data.lockout_info.lockout_policy == 'lockout' && data.locked_out.locked_out )
   {
     f_username.setAttribute('disabled', 'disabled');
     f_password.setAttribute('disabled', 'disabled');
--- a/includes/sessions.php	Fri Jul 17 09:07:50 2009 -0400
+++ b/includes/sessions.php	Fri Jul 17 17:11:09 2009 -0400
@@ -656,6 +656,7 @@
       return $this->login_compat($username, md5($password), $level);
     }
     
+    // Lockout check
     if ( !defined('IN_ENANO_INSTALL') )
     {
       $lockout_data = $this->get_lockout_info($lockout_data);
@@ -675,8 +676,6 @@
         if ( $lockout_data['lockout_fails'] >= $lockout_data['lockout_threshold'] )
         {
           // ooh boy, somebody's in trouble ;-)
-          $row = $db->fetchrow();
-          $db->free_result();
           return array(
               'success' => false,
               'error' => 'locked_out',
@@ -684,12 +683,11 @@
               'lockout_duration' => ( $lockout_data['lockout_duration'] ),
               'lockout_fails' => $lockout_data['lockout_fails'],
               'lockout_policy' => $lockout_data['lockout_policy'],
-              'time_rem' => $lockout_data['lockout_time_rem'],
+              'time_rem' => $lockout_data['time_rem'],
               'lockout_last_time' => $lockout_data['lockout_last_time']
             );
         }
       }
-      $db->free_result();
     }
     
     // Instanciate the Rijndael encryption object
@@ -1022,11 +1020,13 @@
     $locked_out = false;
     $threshold = ( $_ = getConfig('lockout_threshold') ) ? intval($_) : 5;
     $duration  = ( $_ = getConfig('lockout_duration') ) ? intval($_) : 15;
-    // convert to minutes
+    // convert to seconds
     $duration  = $duration * 60;
+    // decide on policy
     $policy = ( $x = getConfig('lockout_policy') && in_array(getConfig('lockout_policy'), array('lockout', 'disable', 'captcha')) ) ? getConfig('lockout_policy') : 'lockout';
     if ( $policy != 'disable' )
     {
+      // enabled; make decision
       $ipaddr = $db->escape($_SERVER['REMOTE_ADDR']);
       $timestamp_cutoff = time() - $duration;
       $q = $this->sql('SELECT timestamp FROM ' . table_prefix . 'lockout WHERE timestamp > ' . $timestamp_cutoff . ' AND ipaddr = \'' . $ipaddr . '\' ORDER BY timestamp DESC;');
@@ -1040,13 +1040,14 @@
           'lockout_fails' => $fails,
           'lockout_policy' => $policy,
           'lockout_last_time' => $row['timestamp'],
-          'time_rem' => ( $duration / 60 ) - round( ( time() - $row['timestamp'] ) / 60 ),
+          'time_rem' => $locked_out ? ( $duration / 60 ) - round( ( time() - $row['timestamp'] ) / 60 ) : 0,
           'captcha' => ''
         );
       $db->free_result();
     }
     else
     {
+      // disabled; send back default dataset
       $lockdata = array(
         'locked_out' => false,
         'lockout_threshold' => $threshold,
@@ -4024,6 +4025,7 @@
          */
         
         $code = $plugins->setHook('login_process_userdata_json', true);
+        
         foreach ( $code as $cmd )
         {
           $result = eval($cmd);