search

emreakay / CodeIgniter-Aauth

Authorization, Authentication and User Management library for Codeigniter 2.x and 3.x to make easy user management and permission operations
http://emreakay.com
GNU Lesser General Public License v3.0
394 stars 235 forks source link

Is this come with auto ban user?? #12

Closed satyajit98300 closed 10 years ago

satyajit98300 commented 10 years ago

Hi, I just want to know , is this possible to ban a user after some login failed ???

Because when i m trying to login with wrong login details, its not changing the status of banned flag in database

emreakay commented 10 years ago

it is not possible to ban after login failed but you can limit the login attempts in one minute.

from /config/Aauth.php file you can change the lines 54-59

// it limits login attempts
'dos_protection' => true,

// login attempts time interval
// default 10 times in one minute
'try' => 10,
emreakay commented 10 years ago

if you want this feture i can maybe add it to version 2

satyajit98300 commented 10 years ago

It would be very good , if u can add this feture

satyajit98300 commented 10 years ago

If i limit login, what will it show?? also please tell me , for how much time it will limit the user to be logged in ?

emreakay commented 10 years ago

it is up to you.

limit time algorihm works by this formula.

30 sec * try

emreakay commented 10 years ago

ok. i will add ban feature soon.

satyajit98300 commented 10 years ago

But its still showing error. login attempt is not working will, also i have tried with $this->aauth->_reset_login_attempts(1); but no help. :(

satyajit98300 commented 10 years ago

get_login_attempts is missing. not working

Also in line number 527 $data['last_login_attempts'] = null; need to be $data['last_login_attempt'] = null;

satyajit98300 commented 10 years ago

A PHP Error was encountered

Severity: Notice

Message: Undefined property: Aauth::$create_user

Filename: controllers/login.php

Line Number: 49

Fatal error: Call to a member function get_errors() on a non-object in C:\EasyPHP-DevServe\data\localweb\service\application\controllers\login.php on line 49

satyajit98300 commented 10 years ago

Need ur help pleaseeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee

emreakay commented 10 years ago

Bro. I'm now out of my home. I will try to find a solution when I get back to home.

jacobtomlinson commented 10 years ago

I'll try and have a look if I get time too.

But I would suggest that instead of 30 sec * try it should be 30 sec ** try. e.g to the power of instead of times. That way the more times you try the longer and longer it takes. That's the best way to defeat a brute force attack. Perhaps not straight away though so maybe it would be better to be 30 sec ** (try - 5) but if try - 5 is less then 1 then just count it as 1.

So for example: 1 try = 30 seconds 2 tries = 30 seconds 3 tries = 30 seconds 4 tries = 30 seconds 5 tries = 30 seconds 6 tries = 15 minutes 7 tries = 7.5 hours 8 tries = 9.375 days