XF 2.1 Member Login Issues & Login Questions

Alfuzzy

Well-known member
Hello. Have a muti-part question regarding member login issues & questions about login settings & logs.

1. From time to time I'm getting 'Contact Us" messages from members saying they're getting locked out of their account after entering their login info just once (maybe the login info is correct or not correct)...but either way it's my understanding that they should get up to 4 attempts in a 15 minute period before the account is locked. Is there something in the AdminCP settings that could cause an account lock after only the first attempt?

2. In the AdminCP there's a setting for "Login Limit Method"...with 2 options (CAPTCHA or Lockout). I have Lockout selected. If Lockout is selected...and a forum member does get locked out...is there a period of time before the account lockout ends...and the member can try again?

I have a member that got locked out 4 hours ago...and when they tried to login again after 4 hours...their account was still locked.

3. Is there any sort of member login attempt log that can be checked to verify when a member claims to have login issues? I know many times members claim to be using the correct login info (and they aren't)...or they say they only tried logging in once (when they really tried multiple times). I checked the AdminCP Log area...but didn't see a log for member login's.

4. I also checked the particular members account mentioned above in the AdminCP...and I don't see anything there that says their account is "locked". If this member is receiving a message that their account has been locked...is there a way in the AdminCP to check on this locked status...and is there some way to unlock it?

Thanks very much.

p.s. I should mention that there are no banned IP's or discouraged IP's.
 
Accounts are only locked out if an incorrect password has been entered multiple times.

I don't recall what the time limits are but the duration of each lockout increases the more times an incorrect password is entered.

This is to prevent brute force attacks.

There is no way to unlock a locked account - the member can perform a password reset which will do so.
 
Thanks Brogan. Wanted to know all those details so I can deal with issues as well as I can.

Many times members claim to be using the correct login info (and they aren't)...or they say they only tried logging in once (when they really tried multiple times).

Is there any sort of member login attempt log that can be checked to verify when a member claims to have login issues?

If a member claims to have "only tried once"...and they really tried 15 times;)...this would be great to know.

Thanks
 
Top Bottom