mahara-contributors team mailing list archive

Thread
Date

[Bug 1719987] Re: Blocked account after entering the wrong password

To: mahara-contributors@xxxxxxxxxxxxxxxxxxx
From: Robert Lyon <robertl@xxxxxxxxxxxxxxx>
Date: Thu, 28 Sep 2017 01:15:56 -0000
Reply-to: Bug 1719987 <1719987@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

The 'logintries' should be updated in database via the cron job
'user_login_tries_to_zero' that should run every 5 minutes.

Is your cron running correctly?

Doing a: select * from config where field like '\_%';
should show you if any cron locks have got stuck

You can clear them out with:
delete from config where field like '\_%';


** Changed in: mahara
       Status: New => Invalid

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it!
https://bugs.launchpad.net/bugs/1719987

Title:
   Blocked account after entering the wrong password

Status in Mahara:
  Invalid

Bug description:
  
  After entering five incorrect passwords, the account is reportedly blocked for five minutes.
  In fact, after five minutes, the account is still blocked.

  
  I found two solutions

  1.Change variable MAXLOGINTRIES; from 5 to (for example) 10 in htdocs/auth/user.php
  define('MAXLOGINTRIES', 10);

  2.Change variable LOGINTRIES in database; from 5 to 0.

  But apparently it should not work this way.
  Can I change or add something in user.php or somewhere else?

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1719987/+subscriptions

References

[Bug 1719987] [NEW] Blocked account after entering the wrong password
From: Dominika Czyszczoń, 2017-09-27