Hiya,

I've searched the forum and the net but haven't found really what I'm looking for.

Before I start to dig into the coding and develop a plugin myself, I'd like to ask, if there's anyone knowing anything about a plugin that does the following:

During the login it should check the number of failed logins and blocks the user when the number reaches a predefined number, at the best with sending a mail notice to the admin account. After a successfull login the number is set to zero.

If anybody knows a plugin for this feature, please let me know!

Kind regards
Christian

I saw something like this yesterday. I was searching on www.joomlaresource.com and www.mamboportal.com I'm about 95% sure it was at one of those sites.

I just tried to find it but couldn't. I don't remember if it was a component or a module.

Sorry

Post edited by: andyahoo, at: 2006/02/13 19:15

Thanks for the info... I also found... nothing

I'm just trying to get a plugin to work. But I'm kinda lost in the API description... I cannot get the event to trigger.

Anyways, for this to work an additional line with a new event has to be inserted in the Community Builder coding. There is actually no event triggered at the moment, where failed logins are handled. There is a "before" and "after" login event, but this happens, when the checks are already done

I wonder why this features hasn't been implemented already. Any login scenario of any popular software has a variety of login blocking after failed password checks.

I continue trying to get this to work and probably will contact the developers afterwards for a release check of the plugin... if I'm sometimes somehow successful

You could write a plugin that recorded the login attempt for each 'onBeforeLogin' then at 'onAfterLogin' you could remove the previously recorded attempt. As this only seems to get triggered when a successful login occurs

Then as part of your onBeforeLogin it could check to see what the login count is and disable/block or disable after so many failed attempts. You could also write a time of when the user is blocked and reallow after a specific time if desired.

Should not be too difficult and should be capable within CB's current triggers.

Here are some plugin basics
In the main file for your plugin make sure and have your declarations (make sure your function and class names are correct). These should be outside of the class ('your_getTab' for this example).

[code:1]<?php
// Declarations for triggers
$_PLUGINS->registerFunction( 'onBeforeLogin', 'your_onBeforeLogin', 'your_getTab' );
$_PLUGINS->registerFunction( 'onAfterLogin', 'your_onAfterLogin', 'your_getTab' );

// Define your class with the same name...
// make sure and have a constructor function
// with the same name that calls cbTabHandler
// The constructor may not be required if not showing a user profile tab... Ask Beat
// May also not need to extend cbTabHandler if not showing a user profile tab... Again ask beat
class your_getTab extends cbTabHandler {

function your_getTab() {
$this->cbTabHandler();
}

function your_onBeforeLogin ($username, $passwd2) {
// $username and $passwd2 are unencrypted here
// Do something here
}

function your_onAfterLogin ($row, $var1) {
// $row is a database return of the jos_users table
// you can get any of the fields from that table by the following code
// $value = $row->field;
// Do something here
}


} //end of class
?>[/code:1]

In CB1 Final (not sure if same as CB1 RC2) the following fields are available from $row:
[code:1]id
name
username
email
password
usertype
block
sendEmail
gid
registerDate
lastvisitDate
activation
params
user_id
firstname
middlename
lastname
hits
avatar
avatarapproved
approved
confirmed
lastupdatedate
banned
banneddate
bannedby
bannedreason
acceptedterms[/code:1]

Don't forget to write your install XML. More help can be found in the API document that Beat has prepared.

Hope this helps,
Greg

Wow! Thanks alot for these informations! It will help me getting started ways better

Regarding the onBeforeLogin, if I read the coding right, it will not work...

On line 874 of comprofiler.php (1.0 RC2), there is the SELECT with username and password, on line 906 there's a exit of the function when the SELECT has no result (i.e. username and password combination does not match) ... therefore the onBeforeLogin trigger is not reached.

I think you are correct... I will make sure and log it as an issue with CB 1.0 Final and make sure Beat is aware... I think the onBeforeLogin should be moved to around line 870 before the first check of complete data... if not there then aleast before the the SQL statement you are referring to...

Thanks,
Greg