View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0014387 | mantisbt | bugtracker | public | 2012-06-12 18:58 | 2014-09-23 18:05 |
Reporter | Cryas | Assigned To | dregad | ||
Priority | normal | Severity | minor | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Product Version | 1.2.10 | ||||
Target Version | 1.2.12 | Fixed in Version | 1.2.12 | ||
Summary | 0014387: $g_max_failed_login_count Enabled Prevents User from logging after passwd reset | ||||
Description | Myself and customer of mine had this issue. I enabled $g_max_failed_login_count and all appeared well, however a customer of mine required a passwd reset. Once done the email was received, followed, and the new passwd created. But when he attempted to use it the site disabled the login. I set $g_max_failed_login_count = OFF; and everything worked properly again. I tried this myself, no failed passwd attempts, and got the same result. | ||||
Steps To Reproduce | $g_max_failed_login_count = ON; // If not enabled already Logout. | ||||
Tags | No tags attached. | ||||
The described behavior can be reproduced in current 1.2.x dev head. Apparently the account verification code is resetting the failed login count to 1 instead of zero. Please note that $g_max_failed_login_count should be either OFF, or a numeric value indicating how many failed attempts are authorized. If you set it to ON as in your example, you are effectively allowing a single error before disabling the account. So as a workaround, I suggest you set it to 2 or more. |
|
Marking as 'acknowledged' not resolved/closed to track that change gets ported to master-2.0.x branch |
|
MantisBT: master c10e49b8 2012-06-12 22:45 Details Diff |
Fix verify.php bumping failed count instead of login count This prevented admins to unlock a user's account by resetting their password when $g_max_failed_login_count = 1. See commit d306af51746bdb781d3a721d7af718eae34ffe5d Fixes 0014387 |
Affected Issues 0014387 |
|
mod - verify.php | Diff File | ||
MantisBT: master-1.2.x f921d55d 2012-06-12 22:45 Details Diff |
Fix verify.php bumping failed count instead of login count This prevented admins to unlock a user's account by resetting their password when $g_max_failed_login_count = 1. See commit d306af51746bdb781d3a721d7af718eae34ffe5d Fixes 0014387 |
Affected Issues 0014387 |
|
mod - verify.php | Diff File |