[Plugin: User Locker] Bad attempts are not reset after valid login

  • Ov3rfly

    (@ov3rfly)


    13 years ago

    A very nice plugin, but it has a ‘logic’ bug.

    The bad attempts counter per user is not reset after a valid login or after a password-reset.

    The relevant function $this->unlock_user() is called in both cases:

    // Unlock account for given user
	function unlock_user( $user_id, $reason = false ) {
		$old_status = $this->is_user_locked( $user_id );

		// Update status
		if ( $old_status ) {
			update_user_option( $user_id, 'ul_bad_attempts', 0, false );
			update_user_option( $user_id, 'ul_locked', false, false );
		}

    Current situation: The field ‘ul_bad_attempts’ is only reset if the account was locked before ($old_status == TRUE).

    Expected situation: The field ‘ul_bad_attempts’ should be also reset after a valid login with the account not (yet) locked.

    Thanks for a fix.

    https://www.ads-software.com/extend/plugins/user-locker/

Viewing 1 replies (of 1 total)

  • I like this plugin too and encounter the same bug. A user, who is a good fellow, gets eventally locked because of some typos now and than. In my opinion an uncolicited ‘password reset’ or a successful ‘login’ should always reset the lock counter. I suggest the following patch:

    --- user-locker.php.orig        2011-10-24 21:22:38.000000000 +0200
+++ user-locker.php     2012-02-20 18:55:51.000000000 +0100
@@ -181,12 +181,14 @@                                                                                                                                                                                                                        

        // Reset account lock on pass reset
        function password_reset( $user ) {
+               update_user_option( $user->ID, 'ul_bad_attempts', 0, false );
                $this->unlock_user( $user->ID );
        }                                                                                                                                                                                                                                    

        // Reset account lock on valid login
        function wp_login( $username ) {
                $user = get_userdatabylogin( $username );
+               update_user_option( $user->ID, 'ul_bad_attempts', 0, false );
                $this->unlock_user( $user->ID );
        }

@@ -634,4 +636,4 @@

 } // END

-?>
\ No newline at end of file
+?>

    Regards!

Viewing 1 replies (of 1 total)
  • The topic ‘[Plugin: User Locker] Bad attempts are not reset after valid login’ is closed to new replies.