Early Bird Registration for DrupalCon Portland 2024 is open! Register by 23:59 PST on 31 March 2024, to get $100 off your ticket.
Hi,
I have login security set to block the user after 3 attempts, but it actually blocks it after 4. A user can give three bad passwords and then a good password and get it. This code seems to be at fault (line 190):
if ($variables['%user_current_count'] > $variables['%user_block_attempts']) {
I suspect the ">" should be a ">=". The code at line 149 seems to have the same issue for notifications:
if ($variables['%tracking_current_count'] > $variables['%activity_threshold'] ) {
fyi.
thanks!
Joseph Cheek
ed.gov Drupal architect
Comment | File | Size | Author |
---|---|---|---|
#2 | login_security-856618-2.patch | 2.2 KB | ilo |
Comments
Comment #1
josephcheek"get in", not "get it", above.
Comment #2
ilo CreditAttribution: ilo commentedDeekayen, just rtbc or commit to this little change in the >= if you wish.. actually, the test case was wrong, it was limiting the login attempt to 2 and checking three login attempts before blocking.
I've tested manually and it is also working.
Comment #3
ilo CreditAttribution: ilo commentedMarking as rtbc, tested and verified.
Comment #4
ilo CreditAttribution: ilo commentedMarking as rtbc, tested and verified.
Comment #5
deekayen CreditAttribution: deekayen commented