Guest mfauveau Posted October 17, 2006 Share Posted October 17, 2006 Hi all, I have upgraded my modded store on ly local server with 3.0.13 changelog. I have been trying the blocker function with several false login attempt but as I kept receiving "Connection failed" instead of "you have been banned" i have taken a look in the database. What I saw is that all my login attempts have been inserted as a new record each time. From what i understand the blocker should update the first recorded attempt at each login attempt from the same ip and browser. Am I the only one having this problem ? Regards, Matt. Link to comment Share on other sites More sharing options...
Al Brookbanks Posted October 17, 2006 Share Posted October 17, 2006 (edited) Hi Matt, I tested the login blocker until I was blue in the face and it worked perfectly on the development server. I will have a quick look into this now. *EDIT* I just tested the blocker and it works on an upgraded 3.0.12 store. Please try it here: Front: http://office.devellion.com/CubeCart_3.0.1...x.php?act=login Back: http://office.devellion.com/CubeCart_3.0.12/upload/admin/ (Links only work if our office server is switched on.) Edited October 17, 2006 by Al Link to comment Share on other sites More sharing options...
Guest mfauveau Posted October 17, 2006 Share Posted October 17, 2006 Hi Matt, I tested the login blocker until I was blue in the face and it worked perfectly on the development server. I will have a quick look into this now. *EDIT* I just tested the blocker and it works on an upgraded 3.0.12 store. Please try it here: http://office.devellion.com/CubeCart_3.0.1...x.php?act=login (Link only works if our office server is switched on.) Hi Al, just tested on your link, keep having "Login failed" after at least 10 tries. It seems to be something related to my computer if it's working for you, we should have another person trying... Link to comment Share on other sites More sharing options...
Al Brookbanks Posted October 17, 2006 Share Posted October 17, 2006 It works with logging of browser and IP (level 1). I'll look in the DB to see what happens with your attempts. There are duplicate rows in the DB for your attempts but not mine! It should block after 5 failed attempts for 10 mins. This can be changed in the ini.inc.php file. See screenshots below: Link to comment Share on other sites More sharing options...
Al Brookbanks Posted October 17, 2006 Share Posted October 17, 2006 I've replicated the issue on the demo store. I don't see how this can be erratic. Local office server blocker works fine for me but not for mfauveau. Demo store with identical code doesn't work for me?!? There is no pattern. Link to comment Share on other sites More sharing options...
Guest Brivtech Posted October 17, 2006 Share Posted October 17, 2006 I think it likes me too much, I've logged in at least 10 times on both the front and back, and I just keep getting "login failed, please try again" instead of being blocked. Al, do you want me to set up a permanent testing server for you to use on my hosting? Link to comment Share on other sites More sharing options...
Guest mfauveau Posted October 17, 2006 Share Posted October 17, 2006 Could be something with the IP/Browser detection method. On the admin part i'm identified as IP 192.168.0.254 (this is my router) but the database show 192.168.0.2 (my ip on the network). Link to comment Share on other sites More sharing options...
Al Brookbanks Posted October 17, 2006 Share Posted October 17, 2006 Very kind of you Brivtech but there is no need. We can test the demo store. Ok I've made progress.... The SQL query looks for e.g: SELECT * FROM CubeCart_blocker WHERE `browser` = 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.7) Gecko/20060909 Firefox/1.5.0.7' AND `ip` = 'xxx.xxx.xxx.xxx' AND `loc`= 'f' The stupid thing is that it is returning zero results where there are rows that match!! Link to comment Share on other sites More sharing options...
Guest mfauveau Posted October 17, 2006 Share Posted October 17, 2006 I have although seen that. But can figure out why it's returning 0 result. At least we are on the same lead :) Link to comment Share on other sites More sharing options...
Guest mfauveau Posted October 17, 2006 Share Posted October 17, 2006 Al, in the function blocker in db.inc.php, I have altered : $query = "SELECT * FROM ".$glob['dbprefix']."CubeCart_blocker WHERE `browser` = ".$this->mySQLSafe($_SERVER['HTTP_USER_AGENT'])." AND `ip` = ".$this->mySQLSafe($_SERVER['REMOTE_ADDR'])." AND `loc`= '".$loc."'"; to print "SELECT * FROM ".$glob['dbprefix']."CubeCart_blocker WHERE `browser` = ".$this->mySQLSafe($_SERVER['HTTP_USER_AGENT'])." AND `ip` = ".$this->mySQLSafe($_SERVER['REMOTE_ADDR'])." AND `loc`= '".$loc."'"; and guess what it's showing : SELECT * FROM CubeCart_blocker WHERE browser = 'Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.8.0.7) Gecko/20060909 Firefox/1.5.0.7' AND ip = '[color=#FF0000]192.168.0.254[/color]' AND loc= 'b' but in the data base the ip is recorded as 192.168.0.2. So, I believe I have found the bug. It's the database structure : try change ip varchar(11) to varchar(15) and... it should work ! Link to comment Share on other sites More sharing options...
Al Brookbanks Posted October 17, 2006 Share Posted October 17, 2006 Looks like you are correct. I'll modify the download package now. And add a note. This makse sense as to why it worked on the development server and not live. The development IP address was 11 digits. Of course this silly mistake competely explains the issue. Thanks so much for your help and patience. Ok so if your store doesn't block the user after 5 failed login attempts run the following SQL comand: Replace {PREFIX} with your database prefix (if you have one). ALTER TABLE `{PREFIX}CubeCart_blocker` CHANGE `ip` `ip` VARCHAR( 15 ) NOT NULL Link to comment Share on other sites More sharing options...
Guest mfauveau Posted October 17, 2006 Share Posted October 17, 2006 You're welcome Al, you know i'm always glad to resolve issues with cubecart Matt. Link to comment Share on other sites More sharing options...
Recommended Posts