WordPress.org

Ready to get started?Download WordPress

Forums

User Locker
Bad attempts are not reset after valid login (2 posts)

  1. Ov3rfly
    Member
    Posted 2 years ago #

    A very nice plugin, but it has a 'logic' bug.

    The bad attempts counter per user is not reset after a valid login or after a password-reset.

    The relevant function $this->unlock_user() is called in both cases:

    // Unlock account for given user
    	function unlock_user( $user_id, $reason = false ) {
    		$old_status = $this->is_user_locked( $user_id );
    
    		// Update status
    		if ( $old_status ) {
    			update_user_option( $user_id, 'ul_bad_attempts', 0, false );
    			update_user_option( $user_id, 'ul_locked', false, false );
    		}
    Current situation: The field 'ul_bad_attempts' is only reset if the account was locked before ($old_status == TRUE).

    Expected situation: The field 'ul_bad_attempts' should be also reset after a valid login with the account not (yet) locked.

    Thanks for a fix.

    http://wordpress.org/extend/plugins/user-locker/

  2. chrwp
    Member
    Posted 2 years ago #

    I like this plugin too and encounter the same bug. A user, who is a good fellow, gets eventally locked because of some typos now and than. In my opinion an uncolicited 'password reset' or a successful 'login' should always reset the lock counter. I suggest the following patch:

    --- user-locker.php.orig        2011-10-24 21:22:38.000000000 +0200
    +++ user-locker.php     2012-02-20 18:55:51.000000000 +0100
    @@ -181,12 +181,14 @@                                                                                                                                                                                                                        
    
            // Reset account lock on pass reset
            function password_reset( $user ) {
    +               update_user_option( $user->ID, 'ul_bad_attempts', 0, false );
                    $this->unlock_user( $user->ID );
            }                                                                                                                                                                                                                                    
    
            // Reset account lock on valid login
            function wp_login( $username ) {
                    $user = get_userdatabylogin( $username );
    +               update_user_option( $user->ID, 'ul_bad_attempts', 0, false );
                    $this->unlock_user( $user->ID );
            }
    
    @@ -634,4 +636,4 @@
    
     } // END
    
    -?>
    \ No newline at end of file
    +?>

    Regards!

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic