Authmereloaded: Captcha bug return

Created on 4 Jun 2016  Â·  14Comments  Â·  Source: AuthMe/AuthMeReloaded

Looks like this don't fixed https://github.com/Xephi/AuthMeReloaded/issues/322

If maxLoginTry = 5, i can 5 times enter the wrong password, and then i have last 6-th try, after which AuthMe show me captcha. But this 6-th try will be always wrong for AuthMe, even if password correct!

AuthMe build: #1093
Spigot build: #847

enhancement

All 14 comments

@ljacqu

Hmm, I basically undid the solution "for" #322 (a212a0c0fd9aaeb078e492c3222e9e032cb61539) when I did #601. But I don't agree that this is a bug. For example:

    captcha:
        # Enable captcha when a player uses wrong password too many times
        useCaptcha: true
        # Max allowed tries before a captcha is required
        maxLoginTry: 2

"Max allowed tries before a captcha is required" -> You do not get a sixth try without captcha for maxLoginTry = 5

Ex:

# login tries = 0
/login wrong
> "Wrong password, please try again" // login tries = 1
/login wrong
> "Wrong password, please try again" // login tries = 2
/login correct
-> Captcha, because login tries = 2 ≥ maxLoginTry

What do you think, @Kixot14?

@ljacqu in my opinion if the player uses the right password the number of tries should be ignored (or at least we can print a warning to the console and the admins)

if the player uses the right password the number of tries should be ignored

@sgdc3, then the captcha is useless:

With maxLoginTry: 1

/login wrong
> "Wrong password, please try again" // login tries = 1
/login otherwrong
> require captcha
/login otherwrong2
> require captcha
/login correct
> log the player in -> captcha is useless, can still brute-force

you misunderstood what i meant

/login wrong
/login wrong
/login wrong
= require captcha

/login wrong
/login wrong
/login right
= logged in successful

@sgdc3 That represents the current behavior with maxLoginTry = 3.

yeah

@ljacqu "That represents the current behavior with maxLoginTry = 3."

BUT
IF

/login wrong
/login wrong
/login wrong
/login right (ignore, cause captcha)

Player think: "hmm, 4-th try of my login should be right, but it requires captcha... Wtf??"

I just wanna say, AuthMe must require captcha immediately after 3-d fail. Not w8 when player attempt one more login

in my opinion :]

Now I understand @Kixot14, and you're right! That would be much more user-friendly

Tested commit by Gnat008, behaves as I would expect. Please verify, @Kixot14

No answer, assuming it's OK

Verified with build 1292! It's ok.

But messages about "U must type /login ", when need to solve captcha, still showing [#745].

Was this page helpful?
0 / 5 - 0 ratings

Related issues

Ahryzth picture Ahryzth  Â·  8Comments

yannicnoller picture yannicnoller  Â·  4Comments

rogerxavier93 picture rogerxavier93  Â·  4Comments

ProblemsSender picture ProblemsSender  Â·  6Comments

ITZVGcGPmO picture ITZVGcGPmO  Â·  3Comments