Bugs Report BulletProof Plugin – QA2

Home Forums BulletProof Security Free Bugs Report BulletProof Plugin – QA2

This topic contains 5 replies, has 4 voices, and was last updated by  chuoiit30 2 hours, 50 minutes ago.

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • #35183

    Nam
    Participant

    Hi Team,

    First I want to say special thanks for your support about previous bugs that I’ve reported

    (https://forum.ait-pro.com/forums/forum/bulletproof-security-free/)

    But during I’m using the plugin (with the latest version is 2.8), I saw something error when login to my account is locked by the first time and everything is good and then the second login again after this account was locked, the number of remaining is displayed not like my expected before.

    For example:

    First time: My account is locked after trying login too many failed and locked out for 5 minutes.

    Second time: After 5 minutes, my account is unlocked and I’ve login again but for the first time the number remaining is -1, -2, -3, -4….. and always increase after although it should be the number that I’ve set in administrator function.

    Please help me to solve this issue. Many thanks again and I’ll be happy waiting for your support.

    #35186

    AITpro Admin
    Keymaster

    Ok we will test this and see what is going on.

    #35244

    AITpro Admin
    Keymaster

    This issue has been fixed in BPS 2.9 and BPS Pro 13.4.1.  There is an additional existing issue that is acceptable:  If someone has the Max Login Attempts option setting set to 5 login attempts then on first login attempts the Attempts Remaining option setting will display:  4, 3, 2, 1, 0.  After the lockout time expires and the user attempts to login again the Attempts Remaining option setting will display: 5, 4, 3, 2, 1, 0.  The user will get an additional login attempt.  This is necessary since the checking conditions are below.  Using >= is not an option with the existing BPS Login Security code since it would negate the user account lock when max logins is reached.

    Note: It would be possible to create separate primary conditional code for: failed_logins == $BPSoptions['bps_max_logins'] and $failed_logins > $BPSoptions['bps_max_logins'], but that would require significant additional coding work for something that is a very minor issue.

    if ( $failed_logins == $BPSoptions['bps_max_logins'] ) { $status = 'Locked'; }
    and
    if ( $failed_logins > $BPSoptions['bps_max_logins'] ) { $status = 'Not Locked'; }

    #35365

    jameshouston135
    Participant

    this is a very nice info thanks for sharing ….i think you guys have a very good technical expertise.

    #35546

    chuoiit30
    Participant

    , This is a great article. It gave me a lot of useful information. thank you very much. Link profile: http://phongkhamdakhoathegioi.vn/len-dinh-la-gi-bieu-hien-o-phu-nu-va-cach-lam-nang-cuc-khoai.html

    #35704

    chuoiit30
    Participant

    , This is a great article. It gave me a lot of useful information. thank you very much. Link profile: http://dakhoaauahcm.vn/viem-khop-vay-nen.html

Viewing 6 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.