User Lockout after one attempt | ww.wp.xz.cn

cwisdo
(@cwisdo)

9 years, 7 months ago

I found a bug in the way that the plugin counts bad login attempts. The timeframe for counting bad login attempts is not being respected because of an error in the SQL.

User’s were repeatedly being locked out after only one attempt.

The fix as follows:

In class-itsec-lockout.php

This line:

“SELECT COUNT(*) FROM " . $wpdb->base_prefix . "itsec_temp WHERE temp_date_gmt > ‘%s’ AND temp_username=’%s’ OR temp_user=%s;”,

Should be:

“SELECT COUNT(*) FROM " . $wpdb->base_prefix . "itsec_temp WHERE temp_date_gmt > ‘%s’ AND (temp_username=’%s’ OR temp_user=%s);”,

The topic ‘User Lockout after one attempt’ is closed to new replies.

Tags

0 replies
1 participant
Last reply from: cwisdo
Last activity: 9 years, 7 months ago
Status: not resolved