Jump to content
CarloC

SessionLoginThrottle number of attempts

Recommended Posts

I'm using the LoginRegister module and I'm getting an internal server error when I try to login with a wrong password more than one time.
I've found that the error comes from the SessionLoginThrottle.module, because, for security reasons, is better to prevent too many failed logins.

Ok, good. But, am I wrong if I think it's too bad to show an Internal server error to the user instead of a simple error in template saying the user to wait X seconds to retry to login?
Is there a way to do that? It would be great if I could get the error string and style it in the page the way I like.

And in the SessionLoginThrottle admin configuration, I think that could be a good idea to be able to change the maximum number of login attempts before the error is shown.

Share this post


Link to post
Share on other sites

You got an HTTP 500 error? I don't think that's expected behaviour...

Is your site live? Is $config->debug set to true? What if you change it to false?

Share this post


Link to post
Share on other sites

@CarloC

try {
	$session->login($username, $pass);
} catch (WireException $e) {
	$loginError = "Too many failed login attempts.<br>" . $e->getMessage();
}

Share this post


Link to post
Share on other sites

Thank you for your answers

How should I use try and catch with the LoginRegister module? Or better where I should put that code? Because it's the module that handles the session login and I only use the $loginRegister->execute method in my template like in the module guide.

As soon as possible I will paste here my template code to give you a better idea of my situation.

Thank you

Share this post


Link to post
Share on other sites

@CarloC

try {
	echo $modules->get('LoginRegister')->execute();
} catch (WireException $e) {
	echo "Too many failed login attempts.<br>" . $e->getMessage();
}
  • Like 1

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By angelo, italy
      Hi guys,
      I've always used WP but I want to swtich to PW. I'm not sure ....
      I'd like to know if it's possible to create a website for an online photo contest.
      The participants of the competition could create their own account, in which they upload their photos. The photos uploaded remain visible only to themselves and the judges.
      From their account they can make the "entrance fee" payment.
      The judges of the competition can create their own account... entering they see the photos of the participants and vote photos
      At the main page I imagine the title of the competition, a button to read the regulation, and a button to register.
      The website should be in Italian and English.
      Thank you!!
       
       
    • By Peter Knight
      I have a demo site which I moved to a new VPS for client testing
      We noticed that leaving a page open and then revisiting the site can result in a 25 second(ish) to load time and will then throw a 500 Error.
      The hosting guys had a look and confirmed that the server is fine but the issue could be related to authentication or sessions.
      We are running Page Protector and ProCache so I wondered if there were any known bugs here and any recommended actions.
      My actual PW log doesn't show anything but the server log has plenty of these
       
      2018-12-06 08:14:00 Error xxx.141.1x.101 500 POST /who-we-are/ HTTP/1.0     1.58 K Apache access 2018-12-06 08:14:45 Warning xxx.141.1x.131   mod_fcgid: read data timeout in 45 seconds, referer: http://demo.abc.not/who-we-are/       Apache error 2018-12-06 08:14:45 Error xxx.141.1x.131   End of script output before headers: index.php, referer: http://demo.abc.not/who-we-are/       Apache error 2018-12-06 09:03:18 Error xxx.141.1x.131   2614#0: *667 recv() failed (104: Connection reset by peer) while reading response header from upstream       nginx error Thanks
      P
    • By Marcel
      Hey all,
      I want to customize the mywebsite/processwire/profile page. It's almost all good but I want to get rid of the sections 'Admin Theme' and 'Language' so that the user can just set a new password. (see image)
      Do I have to modify the admin template or how can I do that? Because when I go tree>Admin>Profile there are no fields to add or remove.
      Or where can I find the php file?
      I would appreciate your help.

    • By ridgedale
      Reference: PW 3.0.111 and uikit3 based site using the Regular-Master profile.
      I'm trying to automatically redirect a logged-in user to a custom profile page using $session->redirect() and need to add $user->name to the redirect path.
      All my attempts appear to have failed:
      $session->redirect('/user-profile/')->name; $session->redirect('/user-profile/')->$user->name; $session->redirect('/user-profile/' . get($user->name . '/')); $session->redirect('/user-profile/' & get($user->name)); Can anyone point out where I am going wrong?
    • By matsn0w
      Hey all,
      I am working on a website and I want to style the login page, but I'm a bit confused. 
      I want either the existing login page styled in my own way using some CSS (I guess I prefer that) or I want to create a custom page with a form to login. (Which I could style too).
      I used the code from Ryan and Renobird posted here - which works great - but that doesn't replace the original login page. 
      Is there a way to some sort of 'disable' the original login?
      I hope my question is clear and thanks in advance,
      matsn0w
×
×
  • Create New...