From 2dc3c05a2b40653f10bd57e76007de22b6468a8f Mon Sep 17 00:00:00 2001
From: Dries Buytaert <dries@buytaert.net>
Date: Sun, 18 Oct 2009 11:34:45 +0000
Subject: - Patch #589126 by mfb: fixed bug with user module using a flood
 window of 6 hours, but flood events more than 1 hour old being deleted by
 cron. Improved API documentation, and added tests.

---
 modules/user/user.module | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'modules/user/user.module')

diff --git a/modules/user/user.module b/modules/user/user.module
index 241e6ee84..cf10cfe34 100644
--- a/modules/user/user.module
+++ b/modules/user/user.module
@@ -1801,10 +1801,10 @@ function user_login_authenticate_validate($form, &$form_state) {
 function user_login_final_validate($form, &$form_state) {
   if (empty($form_state['uid'])) {
     // Always register an IP-based failed login event.
-    flood_register_event('failed_login_attempt_ip');
+    flood_register_event('failed_login_attempt_ip', variable_get('user_failed_login_ip_window', 3600));
     // Register a per-user failed login event.
     if (isset($form_state['flood_control_user_identifier'])) {
-      flood_register_event('failed_login_attempt_user', $form_state['flood_control_user_identifier']);
+      flood_register_event('failed_login_attempt_user', variable_get('user_failed_login_user_window', 21600), $form_state['flood_control_user_identifier']);
     }
 
     if (isset($form_state['flood_control_triggered'])) {
-- 
cgit v1.2.3