revolution
revolution copied to clipboard
modxcms
Confusing message about blocking a user
Bug report
Summary
It happens that if a user has a simple login, for example, admin, then, as it seems to me, the login form is blocked due to "brute force" on the manager.
And in the login form a message pops up:
You have been blocked from the Manager by an administrator.
In the login.inc.php lexicon:
$_lang['login_blocked_admin'] = 'You have been blocked from the Manager by an administrator.';
But it turns out that admin blocked himself, even if there are no other users in the manager at all.
Those either the message is displayed incorrectly, or the logic is broken in the file https://github.com/modxcms/revolution/blob/3.x/core/src/Revolution/Processors/Security/Login.php.
Environment
MODX 2.x >
I'm unable to reproduce this error.
After X amount of failed attempts I get this error message:
You have been blocked due to too many failed login attempts.
If I try to log in again:
You are temporarily blocked and cannot log in. Please try again later.
There is a message, and it is used in the code :) I don't know how to reproduce it manually, but clients have reported it and I've seen it a few times (I think it's related to admin login brute force, but maybe I'm wrong).
@Ruslan-Aleev after waiting a bit I do get the same error message. However, if you try to login again after this message you are logged in successfully.
So yes, you're right the logic is doing something wrong.