[geeklog-devel] Bug with anti-hacking functionality can cause users to be incorrectly booted out

[Blank, Jessica]

Mea culpa. I hit the wrong key combination and the email went out into
the aether. I meant to close the message below by attaching a screen
shot (see attached PNG) displaying this behaviour.

I am assuming that this is not desired behaviour. I believe it should
not be difficult to reproduce this bug. If you have some difficulty
doing so, let me know, but I suspect the bug should be triggered by
attempting to log in $_CONF['login_attempts'] times with incorrect
information, then entering CORRECT information.

--Jessica

 <<welcome_loggedout.png>> 

> _____________________________________________ 

> From: 	Blank, Jessica  

> Sent:	Thursday, March 13, 2008 12:04 PM

> To:	'Geeklog Development'

> Subject:	Bug with anti-hacking functionality can cause users to

> be incorrectly booted out

> 

> Hi gang.

> 

> I've been discovering a range of subtle bugs with the login

> functionality in the CVS version of Geeklog 1.X. Here's one:

> 

> If you make several incorrect login attempts, then attempt to log in

> again WITH THE CORRECT INFORMATION, it can show you "Welcome,

> [username]" as if you are logged in... and, right below that, a notice

> that you had exceeded the number of allowed login attempts.

> 

> 

> 

> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://eight.pairlist.net/pipermail/geeklog-devel/attachments/20080313/32801911/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: welcome_loggedout.png
Type: image/png
Size: 65050 bytes
Desc: welcome_loggedout.png
Url : <http://eight.pairlist.net/pipermail/geeklog-devel/attachments/20080313/32801911/attachment.png>