Max Invalid Password Attempts Bug

This forum is only for questions or discussions about working with the mojoPortal source code in Visual Studio, obtaining the source code from the repository, developing custom features, etc. If your question is not along these lines this is not the right forum. Please try to post your question in the appropriate forum.

Please do not post questions about design, CSS, or skinning here. Use the Help With Skins Forum for those questions.

This forum is for discussing mojoPortal development

This forum is only for questions or discussions about working with the mojoPortal source code in Visual Studio, obtaining the source code from the repository, developing custom features, etc. If your question is not along these lines this is not the right forum. Please try to post your question in the appropriate forum.

You can monitor commits to the repository from this page. We also recommend developers to subscribe to email notifications in the developer forum as occasionally important things are announced.

Before posting questions here you might want to review the developer documentation.

Do not post questions about design, CSS, or skinning here. Use the Help With Skins Forum for those questions.
This thread is closed to new posts. You must sign in to post in the forums.
7/11/2011 1:42:26 AM
Princesse
Gravatar
Total Posts 70
View Posts

Max Invalid Password Attempts Bug

Hi Joe,

I noticed when I set and tested Max Invalid Password Attempts = 3 and Password Attempt Windows in

Minutes =1.

Nothing happened when I try to login more than 3x in 1 minute.

How come it does not display that the user is Lock out after 3 or more attempts? I'm using the mojo

 2.3.6.5 version

 

You help is greatly appreciated.

 

Thanks.

9/13/2011 10:08:59 PM
Princesse
Gravatar
Total Posts 70
View Posts

Re: Max Invalid Password Attempts Bug

Hi Joe, 

What can be the caused or did I miss out a setting to be set? The maximum invalid password attempts did not work. I set the max invalid attempt to 3 and windows in minutes 1. I am currently using mojoportal 2.3.6.5 version.

 

thanks.

 

 

9/14/2011 6:31:55 AM
Joe Audette
Gravatar
Total Posts 18439
View Posts

Re: Max Invalid Password Attempts Bug

Hi,

I did find and fix a bug, it seems to have been introduced during some work on support for fallback to database authentication when using LDAP. The changes was causing it to fail to increment the failed password attempt count.

If you look in Web/Components/mojoMembershipProvider.cs in the ValidateUser method, find this code:

string user;
if (!siteSettings.UseLdapAuth || (siteSettings.UseLdapAuth && WebConfigSettings.UseLDAPFallbackAuthentication))
{
user = SiteUser.Login(siteSettings, userName, encPassword);
if ((user != null) && (user != String.Empty))
{
  result = true;
  siteUser = new SiteUser(siteSettings, userName);
}
}

and change it like this:

string user;
if (!siteSettings.UseLdapAuth || (siteSettings.UseLdapAuth && WebConfigSettings.UseLDAPFallbackAuthentication))
{
user = SiteUser.Login(siteSettings, userName, encPassword);
if ((user != null) && (user != String.Empty))
{
  result = true;
  siteUser = new SiteUser(siteSettings, userName);
}
else if (!siteSettings.UseLdapAuth)
{
  // need to create the user here so we can increment the failed password attmpt count below
  siteUser = new SiteUser(siteSettings, userName);
}
}

Hope that helps,

Joe

9/15/2011 1:33:25 AM
Princesse
Gravatar
Total Posts 70
View Posts

Re: Max Invalid Password Attempts Bug

Joe,

 

I change the portion of the code where you instructed me to change it.

Build the solution and it succeeded.

What files I'm going to update on my deployment files, so that I may test the changes I made?

 

Thanks.

 

 

9/15/2011 5:56:05 AM
Joe Audette
Gravatar
Total Posts 18439
View Posts

Re: Max Invalid Password Attempts Bug

That file gets compiled into mojoPortal.Web.dll

9/16/2011 1:32:53 AM
Princesse
Gravatar
Total Posts 70
View Posts

Re: Max Invalid Password Attempts Bug

Hi Joe,

These are the steps I perform but no luck of getting it work.

 

I open the mojoPortal.net35.sln

Edited  the file under mojoPortal.Web.net35\Components\mojoMembbershipProvider.cs  based on the solution you have given me.

Build the solution, Succeeded.

Get the file from mojoPortal.Web.net35\bin\mojoPortal.Web.dll

Updated my bin\ folder on deployment files

Encounter an error -Could not load type mojoPortal.Businee.SystemLog from assembly 'mojoPortal.Business.Version=1.0.4122.13508, Culture=neutrl, PublicKeyToken=null'.

Get the file from mojoPortal.Web.net35\bin\mojoPortal.Business.dll

Updated my bin\ folder on deployment files

Encounter an error -Method not found:'Boolean mojoPortal.Web.Framework.StringHelper.ConstrainsCaseSensitive(System.String, System.String)'

Get the file from mojoPortal.Web.net35\bin\mojoPortalWeb.Framework.dll

Updated my bin\ folder on deployment files

Probing system...
File system permissions problems found.MSSQL database connection ok.database permissions are sufficient to alter schema.database initial schema already exists.database core schema is up to date.3 site(s) found.

The setup halted it suppose to continue on configuring the features...

Base on the errors that I presented to you. Did I update the correct dlls?

 

Thanks.

Your great help is appreciated.

 

 

9/16/2011 5:47:01 AM
Joe Audette
Gravatar
Total Posts 18439
View Posts

Re: Max Invalid Password Attempts Bug

you can't just update specific files unless your source code corresponds exactly to compiled files you have deployed, then you could make a small change and just deploy the changed file but you obviously have a different version deployed than what you have for source code so deploying just one file will break things because it is a version mismatch and not compatible. You need to either use source code that corresponds to your current deployment or you need to deploy everything to make a full deployment package. See Packaging and Deployment for steps I use to make a deployment package.

9/19/2011 4:55:14 AM
Princesse
Gravatar
Total Posts 70
View Posts

Re: Max Invalid Password Attempts Bug

Joe,

 

use source code that corresponds to my current deployment  2.3.6.5  at this link

http://mojoportal.codeplex.com/SourceControl/changeset/changes/b780b0d4afb9

and follow your instructions max invalid password attempt is working now.

 

thank you and your help is greatly appreciated.

 

 

9/19/2011 8:57:51 AM
Joe Audette
Gravatar
Total Posts 18439
View Posts

Re: Max Invalid Password Attempts Bug

those changeset download links are not a reliable way to get the source code, the correct way is to use TortoiseHG

if you clone the repository using TortoiseHG, in the clone Options choose Clone to revision and enter 1664 as the revision number then you will have a correct local copy of the source code for version 2.3.6.5

Hope that helps,

Joe

You must sign in to post in the forums. This thread is closed to new posts.