the idea is base on wordpress plugin 'limit login attempts', that i want to
achieve it using web2py.
first i want to start from simple, just record the attempted times in
database table,
after that, banned ip user for several time (minutes or hours) if the
failed login is reached max retries t
the idea is taken from wordpress plugin 'limit login attempts' that i want
to achieve using web2py.
first, create record in database table, when user login failed.
after that, banned the ip address user for several time (e.g. 1 min) if the
user attempt login is reached the limit (e.g. 3 times) du
Why are you bothering with the cache given that you're already tracking
login attempts in the auth_user table?
On Wednesday, April 22, 2015 at 9:52:34 PM UTC-4, 黄祥 wrote:
>
> pardon me, still not understood what do you mean with the cache. on my
> example above yet, i still not sure which one to
pardon me, still not understood what do you mean with the cache. on my
example above yet, i still not sure which one to use, yet your hints, quite
clear about database. thank you anthony.
*e.g. work fine*
*models/db.py*
auth = Auth(db)
auth.settings.extra_fields['auth_user']= [
Field('Attempts
You can't simply reset a global variable as you are doing in the first
example, as it will be reset on every request. Also, I'm not sure what
you're trying to achieve with the cache example, but that code won't force
a redirect for 5 seconds (and you don't want to have just a single cache
key -
when solved, can you please post the entire solution in an easy-to-copy
format?
thanks
Alex Glaros
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You
thank you so much, anthony, the session is not counted anymore when refresh
the login page.
i want to lock failed user login which tried 3 times, redirect to another
pages for several times (5 sec in example below), after that time is
fulfilled reset the counted login attempt. tried using variab
You shouldn't be calling the callback function when setting the callback --
just put the function itself in the list -- web2py will call it at the
appropriate point. Also, like the other Auth callback settings,
login_onfail is a list, so you should append to it.
Instead of:
auth.settings.login
it seems that the refresh login page, is count as login_onfail and
login_onvalidation in web2py default user login form.
e.g.
*models/db.py*
def login_attempts():
session.login_attempts = (session.login_attempts or 0) + 1
if session.login_attempts >= 3 :
#cache.ram('login_attempts', lambda: sessio
i'm tried to do the same thing, but with no luck
e.g.
def login_attempts():
a = request.vars.username
b = db((db.auth_user.username == str(a))).select().first()
#login_attempts = 0
if b is not None:
#login_attempts += 1
session.login_attempts = (session.login_attempts or 0) + 1
#if login_attempts >
This last suggestion by Anthony of limiting to 15-30 minutes is also easy
enough to do if you store the attempt numbers in cache then you can use
cache expiration time to limit its effects.
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web
>
> def checkuser():
a = request.vars.username
> b = db((db.auth_user.username==str(a))).select().first()
> if b is not None:
> b.update_record(Attempts=b.Attempts + 1)
>
Note, you don't need to bother first checking for the record, so you can
save a query by just doing the
12 matches
Mail list logo
