Jump to content

Recommended Posts

So far most of this code works. Only issue I'm having is that my max_attempts that is setup in my config file is 5.  So the issue I'm having is that after the fifth failed attempt it still says incorrect username and password and then the attempt after it then says the the account is locked. Any ideas how to make it work on the 5th failed attempt.

 

/**
     * Submits the form. 
     * 
     * @return array for json to handle back to jQuery.
     */
    public function submit()
    {
        $this->form_validation->set_rules('username', 'Username', 'trim|required|xss_clean|strtolower');
        $this->form_validation->set_rules('password', 'Password', 'trim|required|xss_clean');
        
        if ($this->form_validation->run())
        {
            $post_username = $this->input->post('username');
            $post_password = $this->input->post('password');
            
            $user_data = $this->users_model->get_user_data($post_username);
            
            if ( !is_null($user_data))
            {
                if ($user_data->lock_date !== '0000-00-00 00:00:00')
                {
                    if(strtotime($user_data->lock_date) > time())
                    {
                        $output_array = array('error' => TRUE, 'message' => 'Your account is currently locked, we appologize for the inconvienence. You must wait 30 minutes before you can login again! An email was sent to the owner of this account! Forgotten your username or password? <a href="forgotusername">Forgot Username</a> or <a href="forgotpassword">Forgot Password</a>');
                    }
                    else
                    {
                        $this->users_model->unlock_user($user_id);
                    }
                }
                
                if ($user_data->user_status_id == '2')
                {
                    $regenerated_post_password = $this->functions_model->regenerate_password_hash($post_password, $user_data->password_hash);
                    $failed_logins = $this->session->userdata('failed_logins');
                    if ($regenerated_post_password == $user_data->password)
                    {
                        $profile_data = $this->users_model->get_profile_data($user_data->user_id);
                        $this->session->set_userdata(array('xtr' => 'yes', 'user_id'  => $user_data->user_id, 'username' => $user_data->username, 'role' => $user_data->user_roles_id, 'default_roster_id' => $profile_data->default_roster_id));
                        $this->users_model->insert_session($this->session->userdata('session_id'), $user_data->username, $this->input->ip_address(), $this->session->userdata('user_agent'));
                        $this->session->unset_userdata('failed_logins');
                        $output_array = array('error' => FALSE, 'message' => 'Successful login! Going to the dashboard!');
                    }
                    else if (is_numeric($failed_logins) && $failed_logins == (int)$this->config->item('failed_login_limit'))
                    {
                        $this->email->from('[email protected]', 'KOW Management Team');
                        $this->email->to($user_data->email_address);
                        $this->email->subject('KOW Manager Max Login Attempts');
                        $this->email->message('Hello '.$user_data->first_name.' '.$user_data->last_name.',<br /><br />We would like to inform you that you or someone else is trying to access your account. They have failed at 5 attempts with your username and password that we have on file. If this is you, you may wait the 30 minutes needed to try again or you may fill out either the forgot username or forgot password forms. Those links are in this email. If this was not you please send an email to the KOW Management Team.<br /><br /><a href="forgotusername">Forgot Username</a><br /><a href="forgotpassword">Forgot Password</a>');
                        $this->email->send();
                        $this->users_model->lock_out_user($post_username, date('Y-m-d H:i:s', $this->config->item('wait_time')));
                        $output_array = array('error' => TRUE, 'message' => 'Your account is currently locked, we appologize for the inconvienence. You must wait 30 minutes before you can login again! An email was sent to the owner of this account! Forgotten your username or password? <a href="forgotusername">Forgot Username</a> or <a href="forgotpassword">Forgot Password</a>');
                    }
                    else
                    {
                        if (!is_numeric($failed_logins))
                        {
                            $this->session->set_userdata('failed_logins', '1');     
                        }
                        else
                        {
                            $failed_logins++;
                            $this->session->set_userdata('failed_logins', $failed_logins);  
                        }
                        $this->users_model->increase_login_attempt($this->input->ip_address(), $post_username);
                        $output_array = array('error' => TRUE, 'message' => 'Incorrect username and password combination!');  
                    }
                }
                else
                {
                    switch ($user_data->user_status_id)
                    {
                        case 1:
                            $message = 'Sorry you must verify your account before logging in!';
                            break;
                        case 3:
                            $message = 'Your account has been suspended!';
                            break;
                        case 4:
                            $message = 'Your account is currently banned!';  
                            break;
                        case 5:
                            $message = 'Your account has been deleted!'; 
                            break;
                    }
                    $output_array = array('error' => TRUE, 'message' => $message);        
                }
            }
            else
            {
                $output_array = array('error' => TRUE, 'message' => 'User was not found in the database!'); 
            }
        }
        else
        {
            $output_array = array('error' => TRUE, 'message' => validation_errors());
        }   
        echo json_encode($output_array); 
    }

Link to comment
https://forums.phpfreaks.com/topic/267641-not-showing-message-at-correct-time/
Share on other sites

The reason for that is quite logical, and very easy to spot if you read what the code does. As I read it, you're checking if the account has been locked, before you do check the credentials. So of course it'll show the message on the sixth attempt, because the account isn't locked yet when you get to that step on the fifth attempt.

Lines 55-71

else
                    {
                        if (!is_numeric($failed_logins))
                        {
                            $this->session->set_userdata('failed_logins', '1');     
                        }
                        else
                        {
                            $failed_logins++;
                            $this->session->set_userdata('failed_logins', $failed_logins);  
                        }
                        $this->users_model->increase_login_attempt($this->input->ip_address(), $post_username);
                        $output_array = array('error' => TRUE, 'message' => 'Incorrect username and password combination!');
                        if($failed_logins == (int)$this->config->item('failed_login_limit')){
                        	$output_array = array('error' => TRUE, 'message' => 'Your account is currently locked, we appologize for the inconvienence. You must wait 30 minutes before you can login again! An email was sent to the owner of this account! Forgotten your username or password? <a href="forgotusername">Forgot Username</a> or <a href="forgotpassword">Forgot Password</a>');
                        }
                    }

 

This is the quick/dirty way to fix it IMO. Not tested.

I'd suggest turning those error messages into variables or using a templating system.

Change:

$output_array = array('error' => TRUE, 'message' => 'Incorrect username and password combination!');

 

To:

$output_array = array('error' => TRUE, 'message' => 'Incorrect username and password combination! This was attempt number: '.$failed_logins.' out of '.(int)$this->config->item('failed_login_limit'));

 

And see if you're getting the right number by your count.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.