From 1d7230e9ca20c87fbaea40616b386f9dc039776a Mon Sep 17 00:00:00 2001 From: Jonathan Date: Tue, 7 Feb 2023 17:24:40 +0100 Subject: [PATCH 1/3] #10294 error login no user register attemps --- pandora_console/general/login_page.php | 27 ++++++++++++++++++++++---- 1 file changed, 23 insertions(+), 4 deletions(-) diff --git a/pandora_console/general/login_page.php b/pandora_console/general/login_page.php index bb9fa19185..586e6d9dfa 100755 --- a/pandora_console/general/login_page.php +++ b/pandora_console/general/login_page.php @@ -481,9 +481,29 @@ if (isset($correct_reset_pass_process)) { } if (isset($login_failed)) { - $nick = get_parameter_post('nick'); + $nick = io_safe_input(get_parameter_post('nick')); $fails = db_get_value('failed_attempt', 'tusuario', 'id_user', $nick); + + // If user not exist, and attempts its enable, lets make array and fails attemps. + if ($fails == false && $config['enable_pass_policy']) { + $nick_array_error = json_decode(base64_decode($config['nicks_error']), true); + + if (isset($nick_array_error[$nick]) !== false) { + $nick_array_error[$nick] += 1; + } else { + $nick_array_error[$nick] = 1; + } + + $fails = $nick_array_error[$nick]; + if ($config['nicks_error']) { + config_update_value('nicks_error', base64_encode(json_encode($nick_array_error))); + } else { + config_create_value('nicks_error', base64_encode(json_encode($nick_array_error))); + } + } + $attemps = ($config['number_attempts'] - $fails); + $attemps = ($attemps < 0) ? 0 : $attemps; echo '
'; echo '
'; echo '
'; @@ -787,8 +807,8 @@ html_print_div(['id' => 'forced_title_layer', 'class' => 'forced_title_layer', ' resizable: true, draggable: true, modal: true, - height: 220, - width: 528, + height: 230, + width: 530, overlay: { opacity: 0.5, background: "black" @@ -801,7 +821,6 @@ html_print_div(['id' => 'forced_title_layer', 'class' => 'forced_title_layer', ' $("#login_correct_pass").dialog('close'); }); }); - $('#nick').focus(); break; } From d190c36a9e87f6a762f28fd9e1eff9b983f729fa Mon Sep 17 00:00:00 2001 From: Jonathan Date: Wed, 8 Feb 2023 11:59:20 +0100 Subject: [PATCH 2/3] #10294 login user bloqued and attempts --- pandora_console/general/login_page.php | 22 ++++++++++++++----- pandora_console/mobile/include/ui.class.php | 2 +- pandora_console/mobile/include/user.class.php | 6 +---- 3 files changed, 19 insertions(+), 11 deletions(-) diff --git a/pandora_console/general/login_page.php b/pandora_console/general/login_page.php index 586e6d9dfa..d55808b09b 100755 --- a/pandora_console/general/login_page.php +++ b/pandora_console/general/login_page.php @@ -482,12 +482,16 @@ if (isset($correct_reset_pass_process)) { if (isset($login_failed)) { $nick = io_safe_input(get_parameter_post('nick')); - $fails = db_get_value('failed_attempt', 'tusuario', 'id_user', $nick); - + $user_in_db = db_get_row_filter( + 'tusuario', + ['id_user' => $nick], + '*' + ); + $fails = $user_in_db['failed_attempt']; // If user not exist, and attempts its enable, lets make array and fails attemps. - if ($fails == false && $config['enable_pass_policy']) { + if ($fails == false && $config['enable_pass_policy'] && $user_in_db === false) { $nick_array_error = json_decode(base64_decode($config['nicks_error']), true); - + $nick = strtolower($nick); if (isset($nick_array_error[$nick]) !== false) { $nick_array_error[$nick] += 1; } else { @@ -495,11 +499,14 @@ if (isset($login_failed)) { } $fails = $nick_array_error[$nick]; + // Save or update the array. if ($config['nicks_error']) { config_update_value('nicks_error', base64_encode(json_encode($nick_array_error))); } else { config_create_value('nicks_error', base64_encode(json_encode($nick_array_error))); } + } else { + $fails = ++$fails; } $attemps = ($config['number_attempts'] - $fails); @@ -516,7 +523,12 @@ if (isset($login_failed)) { echo '
'; if ($config['enable_pass_policy']) { echo '
'; - echo '

Remaining attempts: '.$attemps.'

'; + if ($attemps !== 0 && $user_in_db['login_blocked'] == 0) { + echo '

'.__('Remaining attempts: ').$attemps.'

'; + } else { + echo '

'.__('User is blocked').'

'; + } + echo '
'; } diff --git a/pandora_console/mobile/include/ui.class.php b/pandora_console/mobile/include/ui.class.php index af9f4d7a95..3d330994cf 100755 --- a/pandora_console/mobile/include/ui.class.php +++ b/pandora_console/mobile/include/ui.class.php @@ -744,7 +744,7 @@ class Ui $dialogHtml .= "
\n"; $dialogHtml .= $content_text; if ($button_close) { - $dialogHtml .= ""; + $dialogHtml .= ""; if (empty($button_text)) { $dialogHtml .= __('Close'); } else { diff --git a/pandora_console/mobile/include/user.class.php b/pandora_console/mobile/include/user.class.php index ec2cf56910..787cfc3c78 100644 --- a/pandora_console/mobile/include/user.class.php +++ b/pandora_console/mobile/include/user.class.php @@ -349,11 +349,7 @@ class User if ($this->errorLogin) { $options['type'] = 'onStart'; $options['title_text'] = __('Login Failed'); - if ($this->errorLogin !== false) { - $options['content_text'] = $this->errorLogin; - } else { - $options['content_text'] = __('User not found in database or incorrect password.'); - } + $options['content_text'] = __('User not found in database or incorrect password.'); $ui->addDialog($options); } From d892a0d7590691a51a175f7c7715a7dbc5b3de01 Mon Sep 17 00:00:00 2001 From: Jonathan Date: Mon, 6 Mar 2023 08:57:47 +0100 Subject: [PATCH 3/3] Password mobile required --- pandora_console/mobile/include/user.class.php | 1 + 1 file changed, 1 insertion(+) diff --git a/pandora_console/mobile/include/user.class.php b/pandora_console/mobile/include/user.class.php index 787cfc3c78..6e932366c8 100644 --- a/pandora_console/mobile/include/user.class.php +++ b/pandora_console/mobile/include/user.class.php @@ -397,6 +397,7 @@ class User 'value' => '', 'placeholder' => __('password'), 'label' => __('Password'), + 'required' => 'required', ]; $ui->formAddInputPassword($options); $options = [