No replies to this topic

[traderhut]

Greetings,

I made a modification to the userLogin() in the index.php file in the root, which is called by the authenticate_visitor snipit. As I also modified the snipit to actually call this to login the user at the end of the Register code - it was just creating the account and leaving the person logged off, requiring them to login again...

The change to userLogin() was to add the code at the end:

$currentsessionid = session_id();

$internalKey = $_SESSION['internalKey'];

$sql = "update " . $this->db . "user_attributes SET failedlogincount=0, logincount=logincount+1, lastlogin=thislogin, thislogin=".time().", sessionid='$currentsessionid' where internalKey=$internalKey";
$rs = $this->dbQuery($sql);

To update the last login time, and clear failed login attempts.

(I'm also wondering about all the code that checks a condition to see if it should fail the login, calls code to zap everything... And then just continues through the function failing and zapping again.. Seems like it should return out of the function when it gets an error / failure..)

Seems like a couple of changes that would be nice to have in the standard release..

-Chert runecube.com