diff options
author | Ted Trask <ttrask01@yahoo.com> | 2010-10-29 10:16:15 +0000 |
---|---|---|
committer | Ted Trask <ttrask01@yahoo.com> | 2010-10-29 10:16:15 +0000 |
commit | 39ca0e42d28efe74e2046fc282eed9b7bfe15cb0 (patch) | |
tree | 565d9a952ffa696a819d16db903aa1d8d86ebf05 /lib/session.lua | |
parent | 5148a9dd902ff96559c7df1915dae512a275147c (diff) | |
download | acf-core-39ca0e42d28efe74e2046fc282eed9b7bfe15cb0.tar.bz2 acf-core-39ca0e42d28efe74e2046fc282eed9b7bfe15cb0.tar.xz |
Fix two bugs related to session lockout.
Parse the lockevent filename, was seeing user locked out because username was substring of another username.
All active sessions were killed whenever anyone got locked out because of error with username processing.
Diffstat (limited to 'lib/session.lua')
-rw-r--r-- | lib/session.lua | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/lib/session.lua b/lib/session.lua index f55f2bf..146c0e9 100644 --- a/lib/session.lua +++ b/lib/session.lua @@ -208,9 +208,10 @@ count_events = function (sessionpath, id_user, ipaddr, minutes, limit) return false else local count = 0 - for a,b in pairs(t) do + for a,b in pairs(t) do if posix.stat(b,"mtime") > minutes_ago then - if string.match(b,id_user) or string.match(b,ipaddr) then + local user, ip = string.match(b, "/lockevent%.([^.]*)%.([^.]*)%.") + if id_user == user or ipaddr == ip then count = count + 1 end end |