Redirect Failed Login
Version
1.51 (last update on Dec 24, 2008)
Rating
Compatibility
Votes
Favoured
39
License
GPLv2 or later
Non-Commercial
Type
Views
36886
Date Added
18 November 2008
V1.51: Adds 2 important features:
1) Adds a time delay on login failures - to discourage brute force login attacks on your site. The default delay is 10 seconds, you can change the delay in the plugin options. Even if you do not redirect failed logins, you can use this plugin to add a time delay after failed login attempts. This will discourage hackers from trying to hack into your site. The time delay helps to protect both the front-end and back-end logins - just use the default settings.
2) An option to enable/disable clearing of the page cache upon login failure. The default is set to "No" clearing. You can change this to "Yes" if you are using the system cache plugin (page cache) and your redirection messages do not appear because the page cache is showing a stale copy of your redirected page.
I needed to redirect the failed logins on the same page in order to give them a chance to retry.
Although the plugin does not do that our of the box, it was easy to change its behaviour this way if the failed login URL is left empty in the configuration.
I also applied the change mentioned below to display the failed login message as a Joomla! standard error message.
I'll submit the changes to the developer for review.
Although the plugin does not do that our of the box, it was easy to change its behaviour this way if the failed login URL is left empty in the configuration.
I also applied the change mentioned below to display the failed login message as a Joomla! standard error message.
I'll submit the changes to the developer for review.
The message of error on login doesn't work in every templates. That can be solved by creating an article just showing the message of error and then redirect in the module to that article. Another solution would be having the option to show the message using an javascript alert? just an idea...
Another problem is if i register an user, initially the user is disabled in the administration. If i try to login that user it doesn't raise the onLoginFailure event so it shows again the login form in the content pane. What event raises in this case? it should validate this situation...
Excellent plugin and a very necessary one. Congratulations to the developer.
Cheers!
Another problem is if i register an user, initially the user is disabled in the administration. If i try to login that user it doesn't raise the onLoginFailure event so it shows again the login form in the content pane. What event raises in this case? it should validate this situation...
Excellent plugin and a very necessary one. Congratulations to the developer.
Cheers!
It does work with SEF. All my sites are SEF. What may cause some to think it doesn't is if one is trying to use an SEF redirect entry in the plugin. That doesn't work. If you use the non SEF link address (the one you find if you open the link properties), and place THAT in the plugin entry it works perfectly. Thanks to the developer for pointing that out in the forum.
This solved a redirect problem I was having when a user puts in the wrong username/password in the login module causing Joomla to redirect to a default login screen not linked to from a menu and therefore breaking my template. Spent hours trying to fix it only to stumble on this plug-in which fixed it in about 5 seconds!
Sometimes this plugin causes a infinite redirect loop (TOO MANY REDIRECTS error in chrome). It seems that the cache is not emptied or something like that...
Owner's reply
Hi,
There is a support forum at http://joomlacode.org/gf/project/redirectfl/forum/
where you can get in touch with me regarding any problems.
-Roger
The small problem is that login failed message is shown as message not as error. To fix this you should change line in plugins/system/redirect_failed_login.php
$mainframe->redirect($redirect_destination, $redirect_message);
to
JFactory::getApplication()->enqueueMessage($redirect_message, 'error');
$mainframe->redirect( $redirect_destination);
Joomla 1.5 and PHP5 required.
$mainframe->redirect($redirect_destination, $redirect_message);
to
JFactory::getApplication()->enqueueMessage($redirect_message, 'error');
$mainframe->redirect( $redirect_destination);
Joomla 1.5 and PHP5 required.
just what I needed. easy to install. does what it says. thanks.
This does not work with Cblogin or with Joomla SEF on.
Owner's reply
Hi Richardkl,
I've never tried it with CBlogin, but I use it on several Joomla 1.5 websites with Joomla SEF turned on and it works fine for me. What problems did you see with Joomla SEF turned on?
Regarding CBlogin - this plugin is triggered by the Joomla Core user event "onLoginFailure" ( see http://docs.joomla.org/Reference:User_Events_for_Plugin_System#5.3.5_onLoginFailure)
so it must be that CB is not using this joomla core user event when a CB login failure occurs.
Does what it's supposed to but I accidentally caused some hard to diagnose errors through this.
I set the forward link to the standard Joomla password forgotten page. Unfortunately, this very seldomly would result in an endless feedback loop when visiting any site. At least until the cache was cleared.
I am not sure when it would happen but it was pretty annoying and mysterious, until I remembered I had installed this plugin.
Didn't find any other mention of the same problem so thought I'd mention it here.
Anyway, otherwise, this is very good and does what it says on the tin.
To beef up the security even further, would be nice if it was possible to have an auto-increment delay - e.g.: first failed log-in has X second delay, 2nd failed login for same username has Y seconds delay, 3rd has Z seconds delay up to some maximum.
Keep up the good work!
I set the forward link to the standard Joomla password forgotten page. Unfortunately, this very seldomly would result in an endless feedback loop when visiting any site. At least until the cache was cleared.
I am not sure when it would happen but it was pretty annoying and mysterious, until I remembered I had installed this plugin.
Didn't find any other mention of the same problem so thought I'd mention it here.
Anyway, otherwise, this is very good and does what it says on the tin.
To beef up the security even further, would be nice if it was possible to have an auto-increment delay - e.g.: first failed log-in has X second delay, 2nd failed login for same username has Y seconds delay, 3rd has Z seconds delay up to some maximum.
Keep up the good work!
This is a necessity, can't get the redirection message to show though...still, better than redirecting to the home page. Thanks
Owner's reply
Hi & thanks for your kind review!
Regarding the redirection message - I've seen 2 possible causes for the message not showing up:
1) Your template may not have proper links to the system css files. If this is the case, your joomla site will not show any system messages.
Go to joomlaroot/templates/YOUR ACTIVE TEMPLATE/index.php and see if the following links are present (usually near the top of the file):
/templates/system/css/system.css" type="text/css" />
/templates/system/css/general.css" type="text/css" />
2)If the system cache plugin is enabled, joomla may show a stale page that does not include the redirect message. To fix this, enable the plugin parameter that clears the page cache on login failures.
Not having any feedback when you fail to log in properly is kinda... lame. This extension fixes that and once you set up a page, you can show anything you want.
I like it.
I like it.
One of my Joomla sites got hacked so I was looking for something. Searched Joomla forums for Brute Force and a thread recommended this plugin. I installed it and it works. Definitely would discourage a brute force attack with the time delay combined with URL forwarding.
This solves the nasty caching problem Joomla has and gives you the option to let users stay on the login page if login failed, just what I needed!
Page 1 of 2