diff options
author | Ted Trask <ttrask01@yahoo.com> | 2010-03-10 14:49:39 +0000 |
---|---|---|
committer | Ted Trask <ttrask01@yahoo.com> | 2010-03-10 14:49:39 +0000 |
commit | b432c381028ed2db46a2c960b57db9efbc220093 (patch) | |
tree | d616021d0491dd49eea351ab1a093021a3c23f19 /app | |
parent | 762b02aad14e43aaabf6705099e2a878058cd6cd (diff) | |
download | acf-core-b432c381028ed2db46a2c960b57db9efbc220093.tar.bz2 acf-core-b432c381028ed2db46a2c960b57db9efbc220093.tar.xz |
Added sessiontimeout, lockouttime, and lockouteventlimit parameters to acf.conf.
Diffstat (limited to 'app')
-rw-r--r-- | app/acf-util/logon-model.lua | 2 | ||||
-rw-r--r-- | app/acf_www-controller.lua | 4 |
2 files changed, 3 insertions, 3 deletions
diff --git a/app/acf-util/logon-model.lua b/app/acf-util/logon-model.lua index c110ee6..d84e5e9 100644 --- a/app/acf-util/logon-model.lua +++ b/app/acf-util/logon-model.lua @@ -25,7 +25,7 @@ end -- if we fail, we leave the session alone (don't log out) logon = function (self, userid, password, ip_addr, sessiondir, sessiondata) -- Check to see if we can login this user id / ip addr - local countevent = session.count_events(sessiondir, userid, session.hash_ip_addr(ip_addr)) + local countevent = session.count_events(sessiondir, userid, session.hash_ip_addr(ip_addr), self.conf.lockouttime, self.conf.lockouteventlimit) if countevent then session.record_event(sessiondir, userid, session.hash_ip_addr(ip_addr)) end diff --git a/app/acf_www-controller.lua b/app/acf_www-controller.lua index e99ffa5..7d9d2d5 100644 --- a/app/acf_www-controller.lua +++ b/app/acf_www-controller.lua @@ -261,7 +261,7 @@ mvc.on_load = function (self, parent) -- before we look at sessions, remove old sessions and events -- this prevents us from giving a "session timeout" message, but I'm ok with that - sessionlib.expired_events(self.conf.sessiondir) + sessionlib.expired_events(self.conf.sessiondir, self.conf.sessiontimeout) -- Load the session data self.sessiondata = nil @@ -281,7 +281,7 @@ mvc.on_load = function (self, parent) else --logevent("Found session") -- We read in a valid session, check if it's ok - if sessionlib.count_events(self.conf.sessiondir,self.conf.userid or "", sessionlib.hash_ip_addr(self.conf.clientip)) then + if sessionlib.count_events(self.conf.sessiondir,self.conf.userid or "", sessionlib.hash_ip_addr(self.conf.clientip), self.conf.lockouttime, self.conf.lockouteventlimit) then --logevent("Bad session, erasing") -- Too many events on this id / ip, kill the session sessionlib.unlink_session(self.conf.sessiondir, self.clientdata.sessionid) |