Post by tora0515 » Fri Apr 05, 2013 7:28 am

Hey guys and gals,

I wanted to know if it is possible to set up a loop in a controller to limit the attempts customers have on trying to log in.

If it is, any help to get started on this would be appreciated.

Thanks.

Active Member

Posts

Joined
Fri Jun 15, 2012 3:05 pm

Post by butte » Fri Apr 05, 2013 1:48 pm

Search "limit log-in attempts" yields "About 566 results (0.24 seconds)" at
limit log-in attempts site:forum.opencart.com

Short answer is, no; long is, not easily. You can password portions of your directory tree, but that would be counterproductive to some extent even If ALL of your customers are preregistered, and still would not limit the number of attempts.

Even admin/ security does not restrict numbers of attempts. However, several entries in the thread at
http://forum.opencart.com/viewtopic.php?f=110&t=38042
will give you an idea of several security measures for it.

For both customers' and administrators' log-ins, curtailing numbers of log-in attempts requires scripting. If usernames and passwords are adequately difficult to guess in combination, the number of attempts required to get there is effectively high enough that few will persist long enough to get there. Extremely serious thought goes into forward and reverse encryption and decryption algorithms for dynamically reducing the odds to levels that are completely impracticable to overcome.

Guru Member

Posts

Joined
Wed Mar 20, 2013 6:58 am

Post by pprmkr » Sat Apr 06, 2013 5:38 pm

Attached: Restrict Login Attempts

Uses session variables to count the login attempts within the wait time.

Tested on 1.5.5.1, but should work on older versions

Attachments


User avatar
Active Member

Posts

Joined
Sat Jan 08, 2011 11:05 pm
Location - Netherlands

Post by butte » Sun Apr 07, 2013 5:19 am

Well, good on you, pprmkr! You've gone a different direction, and gotten somewhere. Thank you.

For general reference, there are at least three ways to frustrate hackers: lock them out (no access), toss them out (retries, timeouts), and slow them down (retry intervals, timeouts).

Guru Member

Posts

Joined
Wed Mar 20, 2013 6:58 am

Post by rph » Sun Apr 07, 2013 1:33 pm

pprmkr wrote:Attached: Restrict Login Attempts

Uses session variables to count the login attempts within the wait time.

Tested on 1.5.5.1, but should work on older versions
Cool. Sessions are fairly easy to reset so a database solution might prove more robust for the issue.

-Ryan


rph
Expert Member

Posts

Joined
Fri Jan 08, 2010 5:05 am
Location - Lincoln, Nebraska

Post by tora0515 » Tue Apr 16, 2013 7:23 am

Thanks for the download. It works pretty well, but rph does have a point. Sessions can be cleared by simply clearing the cache or reopening the browser.

Active Member

Posts

Joined
Fri Jun 15, 2012 3:05 pm
Who is online

Users browsing this forum: No registered users and 29 guests