summaryrefslogtreecommitdiffstats
path: root/lib/session.lua
diff options
context:
space:
mode:
authorTed Trask <ttrask01@yahoo.com>2010-10-29 10:16:15 +0000
committerTed Trask <ttrask01@yahoo.com>2010-10-29 10:16:15 +0000
commit39ca0e42d28efe74e2046fc282eed9b7bfe15cb0 (patch)
tree565d9a952ffa696a819d16db903aa1d8d86ebf05 /lib/session.lua
parent5148a9dd902ff96559c7df1915dae512a275147c (diff)
downloadacf-core-39ca0e42d28efe74e2046fc282eed9b7bfe15cb0.tar.bz2
acf-core-39ca0e42d28efe74e2046fc282eed9b7bfe15cb0.tar.xz
Fix two bugs related to session lockout.
Parse the lockevent filename, was seeing user locked out because username was substring of another username. All active sessions were killed whenever anyone got locked out because of error with username processing.
Diffstat (limited to 'lib/session.lua')
-rw-r--r--lib/session.lua5
1 files changed, 3 insertions, 2 deletions
diff --git a/lib/session.lua b/lib/session.lua
index f55f2bf..146c0e9 100644
--- a/lib/session.lua
+++ b/lib/session.lua
@@ -208,9 +208,10 @@ count_events = function (sessionpath, id_user, ipaddr, minutes, limit)
return false
else
local count = 0
- for a,b in pairs(t) do
+ for a,b in pairs(t) do
if posix.stat(b,"mtime") > minutes_ago then
- if string.match(b,id_user) or string.match(b,ipaddr) then
+ local user, ip = string.match(b, "/lockevent%.([^.]*)%.([^.]*)%.")
+ if id_user == user or ipaddr == ip then
count = count + 1
end
end