-
Bug
-
Resolution: Fixed
-
Minor
-
3.0.9-RC1
-
None
With the new IP limit feature, the captcha is not displayed when someone is trying to login with a account that doesnt exists, while he is over the maximum attempts configured. Once he tries to login with a account that exists, he get the Captcha.
The reason for this is the code in includes/auth_db.php:
if (!$row)
|
{
|
return array(
|
'status' => LOGIN_ERROR_USERNAME,
|
'error_msg' => 'LOGIN_ERROR_USERNAME',
|
'user_row' => array('user_id' => ANONYMOUS),
|
);
|
}
|
|
|
$show_captcha = ($config['max_login_attempts'] && $row['user_login_attempts'] >= $config['max_login_attempts']) ||
|
($config['ip_login_limit_max'] && $attempts >= $config['ip_login_limit_max']);
|
|
|
// If there are too much login attempts, we need to check for an confirm image
|
// Every auth module is able to define what to do by itself...
|
if ($show_captcha)
|
{
|
// Visual Confirmation handling
|
if (!class_exists('phpbb_captcha_factory'))
|
{
|
global $phpbb_root_path, $phpEx;
|
include ($phpbb_root_path . 'includes/captcha/captcha_factory.' . $phpEx);
|
}
|
|
|
$captcha =& phpbb_captcha_factory::get_instance($config['captcha_plugin']);
|
$captcha->init(CONFIRM_LOGIN);
|
$vc_response = $captcha->validate($row);
|
if ($vc_response)
|
{
|
return array(
|
'status' => LOGIN_ERROR_ATTEMPTS,
|
'error_msg' => 'LOGIN_ERROR_ATTEMPTS',
|
'user_row' => $row,
|
);
|
}
|
else
|
{
|
$captcha->reset();
|
}
|
|
|
}
|
|