Jump to:

23001 Posts in 11854 Topics by 2828 members

General Questions

SilverStripe Forums » General Questions » Half Correct Login

General questions about getting started with SilverStripe that don't fit in any of the categories above.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

Page: 1
Go to End
Author Topic: 796 Views
  • TerryMiddleton
    Avatar
    Community Member
    108 Posts

    Half Correct Login Link to this post

    Is there a way that when someone logs in and they provide the correct email address but not the correct password to tell them "Sorry your password is not correct."? Giving them the option to click on Forgot My Password.

    Or to put the email address back in the email field.

    Then is there a way to restrict/disable a login if someone has tried to login 3 times and failed?

    Terry

    I am days away from launching a new site on SS and I'm totaly excited about all that can be done with SS. Great job who ever conceived SS.

  • Double-A-Ron
    Avatar
    Community Member
    603 Posts

    Re: Half Correct Login Link to this post

    Not sure on this one, but both requests probably require serious modification (especially the three strikes one).

    I will say from experience that telling a user what portion of their login credentials are incorrect instantly makes your login half as secure. And that's exactly what I would tell my client if they are asking for this.

    Cheers
    Aaron

  • Ben Gribaudo
    Avatar
    Community Member
    181 Posts

    Re: Half Correct Login Link to this post

    Terry,

    There is some functionality along the lines of disabling login for a given username after so many failed login attempts. It doesn't appear to be mentioned on the docs site but you can find it mentioned in the api docs. For more understanding of how it works, you might want to look at the source of class Member.

    I've never used this feature....

    Hope this helps,
    Ben

  • TerryMiddleton
    Avatar
    Community Member
    108 Posts

    Re: Half Correct Login Link to this post

    Ben

    Thank you for this. I appreciate you.

    Yeah, this looks very interesting. It seems you can restrict a login, but how do you (I wonder) update the record to reflect enabled.

    I'll keep you posted on what I find. There seems to be so much you can do if you can get your head around it and find out the syntax and proper structure.

    Thanks again,

    Terry

  • Ben Gribaudo
    Avatar
    Community Member
    181 Posts

    Re: Half Correct Login Link to this post

    Terry,

    "...but how do you (I wonder) update the record to reflect enabled. "

    Are you wondering how to go into the admin interface and unlock a locked account?

    Ben

  • TerryMiddleton
    Avatar
    Community Member
    108 Posts

    Re: Half Correct Login Link to this post

    Ben,

    Yes...That too. Here is my process

    1.) User register for an account
    2.) They get added to a group with the status of disabled
    3.) Their request gets reviewed and if approved they status needs to be changed to enabled and an email sent to them.
    4.) If they try to login to many times I would like to disable them for 30 minutes or so just so we don't have hackers trying to get into the system. (This happens)

    Thanks,

    Terry

  • Ben Gribaudo
    Avatar
    Community Member
    181 Posts

    Re: Half Correct Login Link to this post

    Terry,

    If you're wanting a way to manually clear the lock out, you might try poking around in class Member's source, particularly looking at getCMSFields(). That method currently hides the "LockedOutUntil" field.

    Hope this helps,
    Ben

    796 Views
Page: 1
Go to Top

Want to know more about the company that brought you SilverStripe? Then check out SilverStripe.com

Comments on this website? Please give feedback.