[Vtigercrm-commits] [Vtiger development] #7019: Implementing User Account Lockout in the Customer Portal

Vtiger development vtiger-tickets at trac.vtiger.com
Wed Feb 4 05:11:13 GMT 2015 

#7019: Implementing User Account Lockout in the Customer Portal
----------------------------+-------------------------
 Reporter:  christopher     |       Owner:  developer
     Type:  enhancement     |      Status:  closed
 Priority:  unassigned      |   Milestone:  Unassigned
Component:  customerportal  |     Version:  5.2.1
 Severity:  Medium          |  Resolution:  wontfix
 Keywords:                  |
----------------------------+-------------------------
Changes (by prasad):

 * status:  new => closed
 * resolution:   => wontfix
 * severity:   => Medium


Old description:

> The following database and code updates will implement account lockout
> for user accounts in the Customer Portal.  If a Customer Portal user has
> 5 or more failed login attempts in a row, they will be locked out of the
> Customer Portal.  A user of vtigercrm with access to edit Contacts will
> need to unlock the Customer Portal user if the Customer Portal user
> becomes locked out.
>
> '''1.) Create the database field.''': Through the Module Manager in
> vtigercrm, create a new field for Contacts called "Number of Failed
> Attempts".  Make it with a length of 3 and 0 Decimal places.  Find the
> name of the field created in the vtiger_contactscf table (in mysql, run:
> ''describe vtiger_contactscf;'')  For the sake of this example, we will
> use the field name of vtiger_contactscf.cf_674 (the actual name of this
> field may vary).
>
> '''2.) Make the following changes to
> vtigercrm/soap/customerportal.php.''' These 3 changes need to be made to
> the authenticate_user function:
>

> {{{
> 966c979
> < $sql = "select id, user_name, user_password,last_login_time,
> support_start_date, support_end_date from vtiger_portalinfo inner join
> vtiger_customerdetails on
> vtiger_portalinfo.id=vtiger_customerdetails.customerid inner join
> vtiger_crmentity on vtiger_crmentity.crmid=vtiger_portalinfo.id where
> vtiger_crmentity.deleted=0 and user_name=? and user_password = ? and
> isactive=1 and vtiger_customerdetails.portal=1 and
> vtiger_customerdetails.support_end_date >= ?";
> ---
> > $sql = "select id, user_name, user_password,last_login_time,
> support_start_date, support_end_date,
> COALESCE(vtiger_contactscf.cf_674,0) as failed_attempts from
> vtiger_portalinfo inner join vtiger_customerdetails on
> vtiger_portalinfo.id=vtiger_customerdetails.customerid inner join
> vtiger_crmentity on vtiger_crmentity.crmid=vtiger_portalinfo.id inner
> join vtiger_contactscf on
> vtiger_portalinfo.id=vtiger_contactscf.contactid where
> vtiger_crmentity.deleted=0 and user_name=? and user_password = ? and
> isactive=1 and vtiger_customerdetails.portal=1 and
> vtiger_customerdetails.support_end_date >= ?";
> 974c987,1002
> < elseif($num_rows <= 0) return $err[1];//No user
> ---
> > elseif($num_rows <= 0)
> > {
> > // Increment number of failed attempts
> > if ($login == 'true') {
> > $sql = "update vtiger_contactscf inner join vtiger_portalinfo on
> vtiger_contactscf.contactid=vtiger_portalinfo.id set
> cf_674=COALESCE(vtiger_contactscf.cf_674,0)+1 where user_name=?";
> > $adb->pquery($sql, array($username));
> > }
> > return $err[1];//No user
> > }
> > else {
> > $failed_login_attempts =
> $adb->query_result($result,0,'failed_attempts');
> > if ($failed_login_attempts >= 5)
> > {
> > return $err[1];
> > }
> > }
> 997a1026,1029
> > // If authentication is sucessful, reset number of failed attempts
> > $sql = "update vtiger_contactscf set cf_674=0 where contactid = ?";
> > $adb->pquery($sql, array($customerid));
> >
>
> }}}

New description:

 The following database and code updates will implement account lockout for
 user accounts in the Customer Portal.  If a Customer Portal user has 5 or
 more failed login attempts in a row, they will be locked out of the
 Customer Portal.  A user of vtigercrm with access to edit Contacts will
 need to unlock the Customer Portal user if the Customer Portal user
 becomes locked out.

 '''1.) Create the database field.''': Through the Module Manager in
 vtigercrm, create a new field for Contacts called "Number of Failed
 Attempts".  Make it with a length of 3 and 0 Decimal places.  Find the
 name of the field created in the vtiger_contactscf table (in mysql, run:
 ''describe vtiger_contactscf;'')  For the sake of this example, we will
 use the field name of vtiger_contactscf.cf_674 (the actual name of this
 field may vary).

 '''2.) Make the following changes to vtigercrm/soap/customerportal.php.'''
 These 3 changes need to be made to the authenticate_user function:


 {{{
 966c979
 < $sql = "select id, user_name, user_password,last_login_time,
 support_start_date, support_end_date from vtiger_portalinfo inner join
 vtiger_customerdetails on
 vtiger_portalinfo.id=vtiger_customerdetails.customerid inner join
 vtiger_crmentity on vtiger_crmentity.crmid=vtiger_portalinfo.id where
 vtiger_crmentity.deleted=0 and user_name=? and user_password = ? and
 isactive=1 and vtiger_customerdetails.portal=1 and
 vtiger_customerdetails.support_end_date >= ?";
 ---
 > $sql = "select id, user_name, user_password,last_login_time,
 support_start_date, support_end_date, COALESCE(vtiger_contactscf.cf_674,0)
 as failed_attempts from vtiger_portalinfo inner join
 vtiger_customerdetails on
 vtiger_portalinfo.id=vtiger_customerdetails.customerid inner join
 vtiger_crmentity on vtiger_crmentity.crmid=vtiger_portalinfo.id inner join
 vtiger_contactscf on vtiger_portalinfo.id=vtiger_contactscf.contactid
 where vtiger_crmentity.deleted=0 and user_name=? and user_password = ? and
 isactive=1 and vtiger_customerdetails.portal=1 and
 vtiger_customerdetails.support_end_date >= ?";
 974c987,1002
 < elseif($num_rows <= 0) return $err[1];//No user
 ---
 > elseif($num_rows <= 0)
 > {
 > // Increment number of failed attempts
 > if ($login == 'true') {
 > $sql = "update vtiger_contactscf inner join vtiger_portalinfo on
 vtiger_contactscf.contactid=vtiger_portalinfo.id set
 cf_674=COALESCE(vtiger_contactscf.cf_674,0)+1 where user_name=?";
 > $adb->pquery($sql, array($username));
 > }
 > return $err[1];//No user
 > }
 > else {
 > $failed_login_attempts =
 $adb->query_result($result,0,'failed_attempts');
 > if ($failed_login_attempts >= 5)
 > {
 > return $err[1];
 > }
 > }
 997a1026,1029
 > // If authentication is sucessful, reset number of failed attempts
 > $sql = "update vtiger_contactscf set cf_674=0 where contactid = ?";
 > $adb->pquery($sql, array($customerid));
 >

 }}}

--

Comment:

 Customer making login mistakes is possible and getting in touch with CRM
 admin could be troublesome. Rejecting the enhancement until there is a
 heavy demand and use-case evaluation.

--
Ticket URL: <http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/7019#comment:1>
Vtiger development <http://trac.vtiger.com/>
Vtiger CRM

More information about the vtigercrm-commits mailing list