Hi,
How to disable the account lockout for Admins?
Is it possible to have the following options for Admin accounts instead of lockout?
Solution 1: Disable the account lock out, let the CAPTCHA do the work.
Solution 2: For every 5 attempts to login fails, user needs to fill in CAPTCHA
Thanks in advance,
Regards,
Sunil
How to disable lockout functionality for Admins
Re: How to disable lockout functionality for Admins
Hi Sunil,
Have you checked Admin-->Configure-->Security-->Password Policy?
Have you checked Admin-->Configure-->Security-->Password Policy?
hope this helps!
__________________
s_ismail
AbleCommerce Customization
Free Plugins and Add-Ons
AbleCommerce Plugins and Add-Ons
Plugables Blog
__________________
s_ismail
AbleCommerce Customization
Free Plugins and Add-Ons
AbleCommerce Plugins and Add-Ons
Plugables Blog
Re: How to disable lockout functionality for Admins
Yes, i checked configuration.
But my requirement is to disable the password lockout for Admin users only. Is it possible?
Thanks,
Sunil
But my requirement is to disable the password lockout for Admin users only. Is it possible?
Thanks,
Sunil
Re: How to disable lockout functionality for Admins
Yes it is possible but i think you have to handle this through code customization.
hope this helps!
__________________
s_ismail
AbleCommerce Customization
Free Plugins and Add-Ons
AbleCommerce Plugins and Add-Ons
Plugables Blog
__________________
s_ismail
AbleCommerce Customization
Free Plugins and Add-Ons
AbleCommerce Plugins and Add-Ons
Plugables Blog
Re: How to disable lockout functionality for Admins
Hi,
Can you tell me some pointers like what and where to do customization?
Thanks,
Sunil
Can you tell me some pointers like what and where to do customization?
Thanks,
Sunil
Re: How to disable lockout functionality for Admins
Go to Conlib/LoginDialog.ascx.cs
and locate this code
Customize it according to your requirements.
and locate this code
Code: Select all
protected void LoginButton_Click(object sender, EventArgs e)
{
_LastPasswordValue = Password.Text;
User loginUser = UserDataSource.LoadForUserName(UserName.Text);
if (loginUser != null)
{
bool stillNeedsCaptcha = false;
if ((loginUser.IsAdmin) && (!trCaptchaField.Visible))
{
stillNeedsCaptcha = (new MerchantPasswordPolicy()).ImageCaptcha;
}
if (!stillNeedsCaptcha)
{
//EITHER THIS IS NOT AN ADMIN USER, OR THE CAPTCHA IS ALREADY VISIBLE
if ((!trCaptchaField.Visible) || (CaptchaImage.Authenticate(CaptchaInput.Text)))
{
//CAPTCHA IS HIDDEN OR VALIDATED, PROCEED WITH LOGIN ATTEMPT
if (User.Login(UserName.Text, Password.Text))
{
//LOGIN SUCCEEDED, MIGRATE USER IF NEEDED
int newUserId = loginUser.UserId;
int oldUserId = Token.Instance.UserId;
if ((oldUserId != newUserId) && (newUserId != 0))
{
User.Migrate(Token.Instance.User, UserDataSource.Load(newUserId));
Token.Instance.UserId = newUserId;
}
//HANDLE LOGIN PROCESSING
if (trRememberMe.Visible && RememberUserName.Checked)
{
HttpCookie cookie = new HttpCookie("UserName", UserName.Text);
cookie.Expires = DateTime.MaxValue;
Response.Cookies.Add(cookie);
}
else
{
Response.Cookies.Add(new HttpCookie("UserName", ""));
}
//CHECK FOR EXPIRED PASSWORDS
PasswordPolicy policy;
if (loginUser.IsAdmin) policy = new MerchantPasswordPolicy();
else policy = new CustomerPasswordPolicy();
if (policy.IsPasswordExpired(loginUser))
{
ShowPasswordExpired(policy, loginUser);
}
else
{
//REDIRECT TO THE STANDARD PAGE
FormsAuthentication.RedirectFromLoginPage(UserName.Text, false);
}
}
else
{
if (loginUser != null)
{
if (!loginUser.IsApproved)
{
AccountDisabled.IsValid = false;
}
else
{
PasswordPolicy policy;
if (loginUser.IsAdmin) policy = new MerchantPasswordPolicy();
else policy = new CustomerPasswordPolicy();
int remainingTries = policy.MaxAttempts - loginUser.FailedPasswordAttemptCount;
if (!loginUser.IsLockedOut && remainingTries > 0)
{
InvalidLogin.ErrorMessage += " You have {0} tries remaining.";
InvalidLogin.ErrorMessage = String.Format(InvalidLogin.ErrorMessage, remainingTries);
InvalidLogin.IsValid = false;
RefreshCaptcha();
}
else
{
AccountLocked.ErrorMessage = String.Format(AccountLocked.ErrorMessage, policy.LockoutPeriod);
AccountLocked.IsValid = false;
}
}
}
else
{
InvalidLogin.IsValid = false;
}
}
}
else
{
//CAPTCHA IS VISIBLE AND DID NOT AUTHENTICATE
CustomValidator invalidInput = new CustomValidator();
invalidInput.ValidationGroup = "Login";
invalidInput.Text = "*";
invalidInput.ErrorMessage = "You did not input the verification number correctly.";
invalidInput.IsValid = false;
phCaptchaValidators.Controls.Add(invalidInput);
CaptchaInput.Text = "";
Password.Attributes.Add("value", string.Empty);
RefreshCaptcha();
}
}
else
{
//THIS IS AN ADMIN USER AND CAPTCHA IS NOT DISPLAYED YET
trCaptchaField.Visible = true;
trCaptchaImage.Visible = true;
trRememberMe.Visible = _EnableAdminRememberMe;
CaptchaImage.ChallengeText = StringHelper.RandomNumber(6);
CustomValidator needsCaptcha = new CustomValidator();
needsCaptcha.ValidationGroup = "Login";
needsCaptcha.Text = "*";
needsCaptcha.ErrorMessage = "Please type the verification number to log in.";
needsCaptcha.IsValid = false;
phCaptchaValidators.Controls.Add(needsCaptcha);
Password.Attributes.Add("value", Password.Text);
}
}
else
{
//THIS IS AN INVALID USER NAME
InvalidLogin.IsValid = false;
}
}
Customize it according to your requirements.
hope this helps!
__________________
s_ismail
AbleCommerce Customization
Free Plugins and Add-Ons
AbleCommerce Plugins and Add-Ons
Plugables Blog
__________________
s_ismail
AbleCommerce Customization
Free Plugins and Add-Ons
AbleCommerce Plugins and Add-Ons
Plugables Blog
Re: How to disable lockout functionality for Admins
I got it. Thank you very much.