Added sessiontimeout, lockouttime, and lockouteventlimit parameters to acf.conf.

2 files changed, 3 insertions, 3 deletions

diff --git a/app/acf-util/logon-model.lua b/app/acf-util/logon-model.lua
index c110ee6..d84e5e9 100644
--- a/app/acf-util/logon-model.lua
+++ b/app/acf-util/logon-model.lua
@@ -25,7 +25,7 @@ end
 -- if we fail, we leave the session alone (don't log out)
 logon = function (self, userid, password, ip_addr, sessiondir, sessiondata)
 	-- Check to see if we can login this user id / ip addr
-	local countevent = session.count_events(sessiondir, userid, session.hash_ip_addr(ip_addr))
+	local countevent = session.count_events(sessiondir, userid, session.hash_ip_addr(ip_addr), self.conf.lockouttime, self.conf.lockouteventlimit)
 	if countevent then
 		session.record_event(sessiondir, userid, session.hash_ip_addr(ip_addr))
 	end
diff --git a/app/acf_www-controller.lua b/app/acf_www-controller.lua
index e99ffa5..7d9d2d5 100644
--- a/app/acf_www-controller.lua
+++ b/app/acf_www-controller.lua
@@ -261,7 +261,7 @@ mvc.on_load = function (self, parent)
 
 	-- before we look at sessions, remove old sessions and events
 	-- this prevents us from giving a "session timeout" message, but I'm ok with that
-	sessionlib.expired_events(self.conf.sessiondir)
+	sessionlib.expired_events(self.conf.sessiondir, self.conf.sessiontimeout)
 
 	-- Load the session data
 	self.sessiondata = nil
@@ -281,7 +281,7 @@ mvc.on_load = function (self, parent)
 		else
 			--logevent("Found session")
 			-- We read in a valid session, check if it's ok
-			if sessionlib.count_events(self.conf.sessiondir,self.conf.userid or "", sessionlib.hash_ip_addr(self.conf.clientip)) then
+			if sessionlib.count_events(self.conf.sessiondir,self.conf.userid or "", sessionlib.hash_ip_addr(self.conf.clientip), self.conf.lockouttime, self.conf.lockouteventlimit) then
 				--logevent("Bad session, erasing")
 				-- Too many events on this id / ip, kill the session
 				sessionlib.unlink_session(self.conf.sessiondir, self.clientdata.sessionid)