Looks like this don't fixed https://github.com/Xephi/AuthMeReloaded/issues/322
If maxLoginTry = 5, i can 5 times enter the wrong password, and then i have last 6-th try, after which AuthMe show me captcha. But this 6-th try will be always wrong for AuthMe, even if password correct!
AuthMe build: #1093
Spigot build: #847
@ljacqu
Hmm, I basically undid the solution "for" #322 (a212a0c0fd9aaeb078e492c3222e9e032cb61539) when I did #601. But I don't agree that this is a bug. For example:
captcha:
# Enable captcha when a player uses wrong password too many times
useCaptcha: true
# Max allowed tries before a captcha is required
maxLoginTry: 2
"Max allowed tries before a captcha is required" -> You do not get a sixth try without captcha for maxLoginTry = 5
Ex:
# login tries = 0
/login wrong
> "Wrong password, please try again" // login tries = 1
/login wrong
> "Wrong password, please try again" // login tries = 2
/login correct
-> Captcha, because login tries = 2 ≥ maxLoginTry
What do you think, @Kixot14?
@ljacqu in my opinion if the player uses the right password the number of tries should be ignored (or at least we can print a warning to the console and the admins)
if the player uses the right password the number of tries should be ignored
@sgdc3, then the captcha is useless:
With maxLoginTry: 1
/login wrong
> "Wrong password, please try again" // login tries = 1
/login otherwrong
> require captcha
/login otherwrong2
> require captcha
/login correct
> log the player in -> captcha is useless, can still brute-force
you misunderstood what i meant
/login wrong
/login wrong
/login wrong
= require captcha
/login wrong
/login wrong
/login right
= logged in successful
@sgdc3 That represents the current behavior with maxLoginTry = 3.
yeah
@ljacqu "That represents the current behavior with maxLoginTry = 3."
BUT
IF
/login wrong
/login wrong
/login wrong
/login right (ignore, cause captcha)
Player think: "hmm, 4-th try of my login should be right, but it requires captcha... Wtf??"
I just wanna say, AuthMe must require captcha immediately after 3-d fail. Not w8 when player attempt one more login
in my opinion :]
Now I understand @Kixot14, and you're right! That would be much more user-friendly
Tested commit by Gnat008, behaves as I would expect. Please verify, @Kixot14
No answer, assuming it's OK
Verified with build 1292! It's ok.
But messages about "U must type /login