make a file "models/plugin_conditionalrecaptcha.py" which contains:
MAX_LOGIN_FAILURES = 3
RECAPTCHA_PUBLIC_KEY = ''
RECAPTCHA_PRIVATE_KEY = ''
def _():
from gluon.tools import Recaptcha
key = 'login_from:%s' % request.env.remote_addr
num_login_attempts = cache.ram(key,lambda:0,None)
if num_login_attempts >= MAX_LOGIN_FAILURES:
auth.settings.login_captcha = Recaptcha(
request,RECAPTCHA_PUBLIC_KEY,RECAPTCHA_PRIVATE_KEY)
def login_attempt(form,key=key,n=num_login_attempts+1):
cache.ram(key,lambda n=n:n,0)
def login_success(form,key=key):
cache.ram(key,lambda:0,0)
auth.settings.login_onvalidation.append(login_attempt)
auth.settings.login_onaccept.append(login_success)
_()
On Oct 3, 6:16 pm, sadik fanan <sadikfa...@gmail.com> wrote:
> Hi , i am developing an online booking system on GAE..
> .the developement is allmost
> complete...recently i have come to know about brutforce attacks on web based
> application for admin login...
> my application is in web2py framework
> (python)...can anyone here please guide me on a functionality where in ,
> the admin
> login will be disabled after 5 wrong password entries ...
> ..is there any kind of
> plugin available for this,,,
> ,or any pre existing code that i can put into my code
> to have this done....please reply on my mail id : sadikfa...@gmail.com
> ..... if the
> above mentioned thing is not possible at all
> in web2py , please suggest other ways
> to make more secured admin login
