Login and sessions: fixed some improper handling of the config for lockout logic
authorDan
Thu, 02 Jul 2009 09:01:29 -0400
changeset 1032 9e61f16a8e47
parent 1031 8a4b75e73137
child 1033 99bff0df45fa
Login and sessions: fixed some improper handling of the config for lockout logic
includes/sessions.php
language/english/user.json
plugins/SpecialUserFuncs.php
--- a/includes/sessions.php	Thu Jul 02 09:00:52 2009 -0400
+++ b/includes/sessions.php	Thu Jul 02 09:01:29 2009 -0400
@@ -658,7 +658,7 @@
     
     if ( !defined('IN_ENANO_INSTALL') )
     {
-      $locked_out = $this->get_lockout_info($lockout_data);
+      $lockout_data = $this->get_lockout_info($lockout_data);
       
       $captcha_good = false;
       if ( $lockout_data['lockout_policy'] == 'captcha' && $captcha_hash && $captcha_code )
@@ -1030,8 +1030,8 @@
       $ipaddr = $db->escape($_SERVER['REMOTE_ADDR']);
       $timestamp_cutoff = time() - $duration;
       $q = $this->sql('SELECT timestamp FROM ' . table_prefix . 'lockout WHERE timestamp > ' . $timestamp_cutoff . ' AND ipaddr = \'' . $ipaddr . '\' ORDER BY timestamp DESC;');
-      $fails = $db->numrows();
-      $row = $db->fetchrow();
+      $fails = $db->numrows($q);
+      $row = $db->fetchrow($q);
       $locked_out = ( $fails >= $threshold );
       $lockdata = array(
           'locked_out' => $locked_out,
@@ -1045,7 +1045,20 @@
         );
       $db->free_result();
     }
-    return $locked_out;
+    else
+    {
+      $lockdata = array(
+        'locked_out' => false,
+        'lockout_threshold' => $threshold,
+        'lockout_duration' => ( $duration / 60 ),
+        'lockout_fails' => 0,
+        'lockout_policy' => $policy,
+        'lockout_last_time' => 0,
+        'time_rem' => 0,
+        'captcha' => ''
+      );
+    }
+    return $lockdata;
   }
   
   /**
--- a/language/english/user.json	Thu Jul 02 09:00:52 2009 -0400
+++ b/language/english/user.json	Thu Jul 02 09:01:29 2009 -0400
@@ -85,6 +85,7 @@
       err_dh_key_not_found: 'Enano couldn\'t retrieve the private key used for the high-strength encrypted logon. It is possible that the list of keys was cleared during your logon process as this happens approximately once every 72 hours. Please try logging in again; if you are still unable to log in, please contact the site administration.',
       err_dh_key_not_numeric: 'The Diffie-Hellman public key you sent through was not an arbitrary-precision decimal integer.',
       err_dh_hash_no_match: 'The Diffie-Hellman key was not calculated correctly by one of the parties (I got a different shared secret than you did).',
+      err_userinfo_decode_failed: 'An internal error occurred while decrypting the encrypted information packet.',
       err_key_wrong_length: 'The encryption key was the wrong length.',
       err_too_big_for_britches: 'You are trying to authenticate at a level that your user account does not permit.',
       err_invalid_credentials: 'You have entered an invalid username or password. Please enter your login details again.',
--- a/plugins/SpecialUserFuncs.php	Thu Jul 02 09:00:52 2009 -0400
+++ b/plugins/SpecialUserFuncs.php	Thu Jul 02 09:01:29 2009 -0400
@@ -171,11 +171,11 @@
         break;
       case 'invalid_credentials':
         $errstring = $lang->get('user_err_invalid_credentials');
-        if ( $__login_status['lockout_policy'] == 'lockout' )
+        if ( getConfig('lockout_policy', 'lockout') == 'lockout' )
         {
-          $errstring .= $lang->get('err_invalid_credentials_lockout', array('fails' => $__login_status['lockout_fails']));
+          $errstring .= $lang->get('user_err_invalid_credentials_lockout', array('fails' => $__login_status['lockout_fails']));
         }
-        else if ( $__login_status['lockout_policy'] == 'captcha' )
+        else if ( getConfig('lockout_policy', 'lockout') == 'captcha' )
         {
           $errstring .= $lang->get('user_err_invalid_credentials_lockout_captcha', array('fails' => $__login_status['lockout_fails']));
         }