https://bugzilla.wikimedia.org/show_bug.cgi?id=9838
--- Comment #15 from Tyler Romeo <[email protected]> 2012-05-27 05:17:31 UTC --- (In reply to comment #12) > What about adding the missing i to make the Notifcation a Notification? > > Still spaces instead of tabs at $failedCount block, lines 574-583, 594-597, > 603-625, 833-844, and messages.inc > > Also, the code fails if the checks are done from multiple ips. > > I think the approach should be something like: > > On bad login: > store[$USER] += (date, ip) > > On good login: > Show store[$USER] > Empty store[$USER] > > Daily: > For each $USER: > Email store[$USER] to $USER unless disabled in preferences > Empty store[$USER] > > I'm not keen on using a db table, though. Actually, quick question. First of all, I like this approach a little better, because it'd be preferable to not be flooding users' emails. But I'm not sure on the whole daily email and empty idea, so here's my suggestion: On bad login: store[$USER] += (date, ip) On good login: Show store[$USER] where ip != curr_ip && abs(date - curr_date) < X After X amount of time: Empty store[$USER] Upon reaching threshold: Email store[$USER] unless disabled in prefs Empty store[$USER] The first change is just a convenience because there's no need to tell a user about incorrect passwords made a few seconds ago at the same IP address they are logging in from (for obvious reasons). The second change is because I think there's no need to worry users about people trying to login to their accounts unless it breaks a certain threshold. Under the daily approach, even just one incorrect login and at the end of the day the user gets a scary email warning them of breaches of security in their account. In this method, users are always shown all incorrect logins upon their first successful login before the time period expires, but they're only notified by email if the incorrect logins are occurring often enough to be a problem. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
