[Vtigercrm-commits] [vtiger development] #7019: Implementing User Account Lockout in the Customer Portal
vtiger development
vtiger-tickets at trac.vtiger.com
Wed Feb 16 01:37:16 PST 2011
#7019: Implementing User Account Lockout in the Customer Portal
----------------------------+-----------------------------------------------
Reporter: christopher | Owner: developer
Type: enhancement | Status: new
Priority: unassigned | Milestone: Unassigned
Component: customerportal | Version: 5.2.1
Keywords: |
----------------------------+-----------------------------------------------
The following database and code updates will implement account lockout for
user accounts in the Customer Portal. If a Customer Portal user has 5 or
more failed login attempts in a row, they will be locked out of the
Customer Portal. A user of vtigercrm with access to edit Contacts will
need to unlock the Customer Portal user if the Customer Portal user
becomes locked out.
'''1.) Create the database field.''': Through the Module Manager in
vtigercrm, create a new field for Contacts called "Number of Failed
Attempts". Make it with a length of 3 and 0 Decimal places. Find the
name of the field created in the vtiger_contactscf table (in mysql, run:
''describe vtiger_contactscf;'') For the sake of this example, we will
use the field name of vtiger_contactscf.cf_674 (the actual name of this
field may vary).
'''2.) Make the following changes to vtigercrm/soap/customerportal.php.'''
These 3 changes need to be made to the authenticate_user function:
{{{
966c979
< $sql = "select id, user_name, user_password,last_login_time,
support_start_date, support_end_date from vtiger_portalinfo inner join
vtiger_customerdetails on
vtiger_portalinfo.id=vtiger_customerdetails.customerid inner join
vtiger_crmentity on vtiger_crmentity.crmid=vtiger_portalinfo.id where
vtiger_crmentity.deleted=0 and user_name=? and user_password = ? and
isactive=1 and vtiger_customerdetails.portal=1 and
vtiger_customerdetails.support_end_date >= ?";
---
> $sql = "select id, user_name, user_password,last_login_time,
support_start_date, support_end_date, COALESCE(vtiger_contactscf.cf_674,0)
as failed_attempts from vtiger_portalinfo inner join
vtiger_customerdetails on
vtiger_portalinfo.id=vtiger_customerdetails.customerid inner join
vtiger_crmentity on vtiger_crmentity.crmid=vtiger_portalinfo.id inner join
vtiger_contactscf on vtiger_portalinfo.id=vtiger_contactscf.contactid
where vtiger_crmentity.deleted=0 and user_name=? and user_password = ? and
isactive=1 and vtiger_customerdetails.portal=1 and
vtiger_customerdetails.support_end_date >= ?";
974c987,1002
< elseif($num_rows <= 0) return $err[1];//No user
---
> elseif($num_rows <= 0)
> {
> // Increment number of failed attempts
> if ($login == 'true') {
> $sql = "update vtiger_contactscf inner join vtiger_portalinfo on
vtiger_contactscf.contactid=vtiger_portalinfo.id set
cf_674=COALESCE(vtiger_contactscf.cf_674,0)+1 where user_name=?";
> $adb->pquery($sql, array($username));
> }
> return $err[1];//No user
> }
> else {
> $failed_login_attempts =
$adb->query_result($result,0,'failed_attempts');
> if ($failed_login_attempts >= 5)
> {
> return $err[1];
> }
> }
997a1026,1029
> // If authentication is sucessful, reset number of failed attempts
> $sql = "update vtiger_contactscf set cf_674=0 where contactid = ?";
> $adb->pquery($sql, array($customerid));
>
}}}
--
Ticket URL: <http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/7019>
vtiger development <http://trac.vtiger.com/>
vtigerCRM
More information about the vtigercrm-commits
mailing list