[ZendTo] Username Locked Out Forever
Stewart Campbell
Stewart.Campbell at pulsion.co.uk
Thu Nov 3 11:03:42 GMT 2016
Agreed. Not sure why I got confused there!
From: zendto-bounces at zend.to [mailto:zendto-bounces at zend.to] On Behalf Of Jules
Sent: 02 November 2016 15:21
To: ZendTo Users <zendto at zend.to>
Subject: Re: [ZendTo] Username Locked Out Forever
Stewart,
I disagree on this one. In the call in NSSDropbox.php, the time value passed is
time()-$this->_loginFailTime
so the "created > '%u'" test is what I wanted to do.
Agreed? :)
Cheers,
Jules.
On 19/08/2016 16:41, Stewart Campbell wrote:
In MySQL->DBLoginlogLength we have the following query
$query = sprintf("SELECT count(*) FROM loginlog
WHERE username = '%s' AND created > '%u'",
$this->database->real_escape_string(strtolower($user)),
$since);
The trouble is, $since is passed (in NSSDropbox->userFromAuthentication at least) from the preferences.php file which in my config is set to 86400. So we are basically saying where the username is in the loginlog table from 1970.
I think this needs to be changed to (time() - $since). I see the same function in SQLLite & SQLLite3.php files. Not sure if this is a similar problem.
_______________________________________________
ZendTo mailing list
ZendTo at zend.to<mailto:ZendTo at zend.to>
http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto
Jules
--
Julian Field MEng MBCS CITP CEng
'I never saw a wild thing
Sorry for itself.' - D.H. Lawrence
www.Zend.To<http://www.Zend.To>
Twitter: @JulesFM
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ecs.soton.ac.uk/pipermail/zendto/attachments/20161103/3b9fb63e/attachment.html
More information about the ZendTo
mailing list