Jump to content

3.0.13 : is blocker working for you ?


Guest mfauveau

Recommended Posts

Guest mfauveau

Hi all,

I have upgraded my modded store on ly local server with 3.0.13 changelog.

I have been trying the blocker function with several false login attempt but as I kept receiving "Connection failed" instead of "you have been banned" i have taken a look in the database. What I saw is that all my login attempts have been inserted as a new record each time. From what i understand the blocker should update the first recorded attempt at each login attempt from the same ip and browser.

Am I the only one having this problem ?

Regards,

Matt.

Link to comment
Share on other sites

Hi Matt, I tested the login blocker until I was blue in the face and it worked perfectly on the development server.

I will have a quick look into this now.

*EDIT* I just tested the blocker and it works on an upgraded 3.0.12 store. Please try it here:

Front: http://office.devellion.com/CubeCart_3.0.1...x.php?act=login

Back: http://office.devellion.com/CubeCart_3.0.12/upload/admin/

(Links only work if our office server is switched on.)

Edited by Al
Link to comment
Share on other sites

Guest mfauveau

Hi Matt, I tested the login blocker until I was blue in the face and it worked perfectly on the development server.

I will have a quick look into this now.

*EDIT* I just tested the blocker and it works on an upgraded 3.0.12 store. Please try it here:

http://office.devellion.com/CubeCart_3.0.1...x.php?act=login (Link only works if our office server is switched on.)

Hi Al, just tested on your link, keep having "Login failed" after at least 10 tries. It seems to be something related to my computer if it's working for you, we should have another person trying...

Link to comment
Share on other sites

It works with logging of browser and IP (level 1). I'll look in the DB to see what happens with your attempts.

There are duplicate rows in the DB for your attempts but not mine! It should block after 5 failed attempts for 10 mins. This can be changed in the ini.inc.php file.

See screenshots below:

Link to comment
Share on other sites

Guest Brivtech

I think it likes me too much, I've logged in at least 10 times on both the front and back, and I just keep getting "login failed, please try again" instead of being blocked.

Al, do you want me to set up a permanent testing server for you to use on my hosting?

Link to comment
Share on other sites

Guest mfauveau

Could be something with the IP/Browser detection method. On the admin part i'm identified as IP 192.168.0.254 (this is my router) but the database show 192.168.0.2 (my ip on the network).

Link to comment
Share on other sites

Very kind of you Brivtech but there is no need. :) We can test the demo store.

Ok I've made progress.... The SQL query looks for e.g:

SELECT * FROM CubeCart_blocker WHERE `browser` = 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.7) Gecko/20060909 Firefox/1.5.0.7' AND `ip` = 'xxx.xxx.xxx.xxx' AND `loc`= 'f'

The stupid thing is that it is returning zero results where there are rows that match!!

Link to comment
Share on other sites

Guest mfauveau

Al,

in the function blocker in db.inc.php, I have altered :

$query = "SELECT * FROM ".$glob['dbprefix']."CubeCart_blocker WHERE `browser` = ".$this->mySQLSafe($_SERVER['HTTP_USER_AGENT'])." AND `ip` = ".$this->mySQLSafe($_SERVER['REMOTE_ADDR'])." AND `loc`= '".$loc."'";


to


print "SELECT * FROM ".$glob['dbprefix']."CubeCart_blocker WHERE `browser` = ".$this->mySQLSafe($_SERVER['HTTP_USER_AGENT'])." AND `ip` = ".$this->mySQLSafe($_SERVER['REMOTE_ADDR'])." AND `loc`= '".$loc."'";




and guess what it's showing : 


SELECT * FROM CubeCart_blocker WHERE browser = 'Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.8.0.7) Gecko/20060909 Firefox/1.5.0.7' AND ip = '[color=#FF0000]192.168.0.254[/color]' AND loc= 'b'

but in the data base the ip is recorded as 192.168.0.2.

So, I believe I have found the bug. It's the database structure : try change ip varchar(11) to varchar(15) and... it should work !

Link to comment
Share on other sites

Looks like you are correct. I'll modify the download package now. And add a note. This makse sense as to why it worked on the development server and not live. The development IP address was 11 digits. Of course this silly mistake competely explains the issue.

Thanks so much for your help and patience.

Ok so if your store doesn't block the user after 5 failed login attempts run the following SQL comand:

Replace {PREFIX} with your database prefix (if you have one).

ALTER TABLE `{PREFIX}CubeCart_blocker` CHANGE `ip` `ip` VARCHAR( 15 ) NOT NULL

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
×
×
  • Create New...