diff options
author | Ted Trask <ttrask01@yahoo.com> | 2010-10-29 10:16:15 +0000 |
---|---|---|
committer | Ted Trask <ttrask01@yahoo.com> | 2010-10-29 10:16:15 +0000 |
commit | 39ca0e42d28efe74e2046fc282eed9b7bfe15cb0 (patch) | |
tree | 565d9a952ffa696a819d16db903aa1d8d86ebf05 /app | |
parent | 5148a9dd902ff96559c7df1915dae512a275147c (diff) | |
download | acf-core-39ca0e42d28efe74e2046fc282eed9b7bfe15cb0.tar.bz2 acf-core-39ca0e42d28efe74e2046fc282eed9b7bfe15cb0.tar.xz |
Fix two bugs related to session lockout.
Parse the lockevent filename, was seeing user locked out because username was substring of another username.
All active sessions were killed whenever anyone got locked out because of error with username processing.
Diffstat (limited to 'app')
-rw-r--r-- | app/acf_www-controller.lua | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/app/acf_www-controller.lua b/app/acf_www-controller.lua index 8878a8b..ee41bb9 100644 --- a/app/acf_www-controller.lua +++ b/app/acf_www-controller.lua @@ -281,7 +281,7 @@ mvc.on_load = function (self, parent) else --logevent("Found session") -- We read in a valid session, check if it's ok - if sessionlib.count_events(self.conf.sessiondir,self.conf.userid or "", sessionlib.hash_ip_addr(self.conf.clientip), self.conf.lockouttime, self.conf.lockouteventlimit) then + if self.sessiondata.userinfo and self.sessiondata.userinfo.userid and sessionlib.count_events(self.conf.sessiondir, self.sessiondata.userinfo.userid, sessionlib.hash_ip_addr(self.conf.clientip), self.conf.lockouttime, self.conf.lockouteventlimit) then --logevent("Bad session, erasing") -- Too many events on this id / ip, kill the session sessionlib.unlink_session(self.conf.sessiondir, self.clientdata.sessionid) |