Jump to content
CarloC

SessionLoginThrottle number of attempts

Recommended Posts

I'm using the LoginRegister module and I'm getting an internal server error when I try to login with a wrong password more than one time.
I've found that the error comes from the SessionLoginThrottle.module, because, for security reasons, is better to prevent too many failed logins.

Ok, good. But, am I wrong if I think it's too bad to show an Internal server error to the user instead of a simple error in template saying the user to wait X seconds to retry to login?
Is there a way to do that? It would be great if I could get the error string and style it in the page the way I like.

And in the SessionLoginThrottle admin configuration, I think that could be a good idea to be able to change the maximum number of login attempts before the error is shown.

Share this post


Link to post
Share on other sites

You got an HTTP 500 error? I don't think that's expected behaviour...

Is your site live? Is $config->debug set to true? What if you change it to false?

Share this post


Link to post
Share on other sites

@CarloC

try {
	$session->login($username, $pass);
} catch (WireException $e) {
	$loginError = "Too many failed login attempts.<br>" . $e->getMessage();
}

Share this post


Link to post
Share on other sites

Thank you for your answers

How should I use try and catch with the LoginRegister module? Or better where I should put that code? Because it's the module that handles the session login and I only use the $loginRegister->execute method in my template like in the module guide.

As soon as possible I will paste here my template code to give you a better idea of my situation.

Thank you

Share this post


Link to post
Share on other sites

@CarloC

try {
	echo $modules->get('LoginRegister')->execute();
} catch (WireException $e) {
	echo "Too many failed login attempts.<br>" . $e->getMessage();
}
  • Like 3
  • Thanks 1

Share this post


Link to post
Share on other sites

Hi,

I've found this topic due a hint from @Robin S here: 

One question is open to me: I'm wondering if it's possible to "manually create" an error in order to test if the code is running fine and everything works as expected? Could someone please give me a hint how to force the LoginRegister module to throw an error.

Many greets!

 

Share this post


Link to post
Share on other sites
1 hour ago, DV-JF said:

Could someone please give me a hint how to force the LoginRegister module to throw an error.

Attempt to log in via the LoginRegister module several times in short period of time using an incorrect password.

  • Like 2

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By franciccio-ITALIANO
      Hi, I need to provide a quite complex user registration form: description, subdescription, drop-down lists etc. 
      Through this registration, users will be able to access and comment.
      If someone responds to their comments, I would like a NOTIFICATION to appear when accessing their panel.
      My social interaction project is just that, it seems simple, I don't need more.
      Now I am undecided whether to use buddypress, elgg, or a native processwire system.
      What do you recommend? 
      If you recommend processwire, which modules should I install?
      Do they work or is processwire too immature for that?
      Translated with www.DeepL.com/Translator (free version)
    • By abdulqayyum
      Dear processwire community,
      i have a problem in loginRegister module, i could not add custom field in login and register page.
      i read from plugin documentation. they are saying.
      " By default, the email and password fields are required for both forms. You may want to add more fields. To do this, you’ll need to add fields to your “user” template. You can add fields to your user template in the admin by going to “Setup > Templates > Show system templates > user”.

      but i could not find similar scenario like “Setup > Templates > Show system templates > user”
      i can see just "Setup > Templates" not seeing "Show system templates > user" in my admin panel.

      Please help me in this case that how i can add custom field in these two page.
      Regards AbdulQayyum

    • By Anton
      Hi there,
      I'm working with Processwire 3. Before summer I had issues to load to my backend. I finally managed to connect thanks to this : 
      $admin = wire('users')->get('admin');
      $admin->setOutputFormatting(false);
      $admin->set('pass', 'yo12345ZZ')
      $admin->save('pass');
      But later, the problem evolved: when I logged in to the site, the login page redirected me to the home. I didn't find any information about it on the web.
      But recently, the redirection has changed, now it is the login page that reloads when you connect. 
      I don't know where to start to fix this. It looks like sorcery.
      Thank you for all the help you can give me.
       
    • By angelo, italy
      Hi guys,
      I've always used WP but I want to swtich to PW. I'm not sure ....
      I'd like to know if it's possible to create a website for an online photo contest.
      The participants of the competition could create their own account, in which they upload their photos. The photos uploaded remain visible only to themselves and the judges.
      From their account they can make the "entrance fee" payment.
      The judges of the competition can create their own account... entering they see the photos of the participants and vote photos
      At the main page I imagine the title of the competition, a button to read the regulation, and a button to register.
      The website should be in Italian and English.
      Thank you!!
       
       
    • By Peter Knight
      I have a demo site which I moved to a new VPS for client testing
      We noticed that leaving a page open and then revisiting the site can result in a 25 second(ish) to load time and will then throw a 500 Error.
      The hosting guys had a look and confirmed that the server is fine but the issue could be related to authentication or sessions.
      We are running Page Protector and ProCache so I wondered if there were any known bugs here and any recommended actions.
      My actual PW log doesn't show anything but the server log has plenty of these
       
      2018-12-06 08:14:00 Error xxx.141.1x.101 500 POST /who-we-are/ HTTP/1.0     1.58 K Apache access 2018-12-06 08:14:45 Warning xxx.141.1x.131   mod_fcgid: read data timeout in 45 seconds, referer: http://demo.abc.not/who-we-are/       Apache error 2018-12-06 08:14:45 Error xxx.141.1x.131   End of script output before headers: index.php, referer: http://demo.abc.not/who-we-are/       Apache error 2018-12-06 09:03:18 Error xxx.141.1x.131   2614#0: *667 recv() failed (104: Connection reset by peer) while reading response header from upstream       nginx error Thanks
      P
×
×
  • Create New...