diff options
-rw-r--r-- | app/acf_www-controller.lua | 2 | ||||
-rw-r--r-- | lib/session.lua | 5 |
2 files changed, 4 insertions, 3 deletions
diff --git a/app/acf_www-controller.lua b/app/acf_www-controller.lua index 8878a8b..ee41bb9 100644 --- a/app/acf_www-controller.lua +++ b/app/acf_www-controller.lua @@ -281,7 +281,7 @@ mvc.on_load = function (self, parent) else --logevent("Found session") -- We read in a valid session, check if it's ok - if sessionlib.count_events(self.conf.sessiondir,self.conf.userid or "", sessionlib.hash_ip_addr(self.conf.clientip), self.conf.lockouttime, self.conf.lockouteventlimit) then + if self.sessiondata.userinfo and self.sessiondata.userinfo.userid and sessionlib.count_events(self.conf.sessiondir, self.sessiondata.userinfo.userid, sessionlib.hash_ip_addr(self.conf.clientip), self.conf.lockouttime, self.conf.lockouteventlimit) then --logevent("Bad session, erasing") -- Too many events on this id / ip, kill the session sessionlib.unlink_session(self.conf.sessiondir, self.clientdata.sessionid) diff --git a/lib/session.lua b/lib/session.lua index f55f2bf..146c0e9 100644 --- a/lib/session.lua +++ b/lib/session.lua @@ -208,9 +208,10 @@ count_events = function (sessionpath, id_user, ipaddr, minutes, limit) return false else local count = 0 - for a,b in pairs(t) do + for a,b in pairs(t) do if posix.stat(b,"mtime") > minutes_ago then - if string.match(b,id_user) or string.match(b,ipaddr) then + local user, ip = string.match(b, "/lockevent%.([^.]*)%.([^.]*)%.") + if id_user == user or ipaddr == ip then count = count + 1 end end |