[isf-wifidog] auth server: debian packaging, timeouts,
kicking users, captcha
ian.white at datamile-computers.com
Mer 17 Mai 08:18:29 EDT 2006
There are some code is the publicip.net version of the auth server
that does this kind of thing.
I think when a connection is first made connection.timestamp_in is
set, now if you have as part of the auth counters process, and diff
check on current time - timestamp_in you should be able to limit login
time by logging them out there. You could also do limits on traffic
On the spam attacks, I've seen some code that blocks a mac from
repeated login attempts by entering the ip into a block table, and
then ignoring login requests.
Not sure on the messaging , but v2 is looking at that issue.
As auth.php is the central place you can
> thanks indeed for your help -
> now what I do to log out the user is running a small Perl script from
> cron doing this:
> UPDATE connections SET token_status='USED'
> WHERE NOW()-timestamp_in > '60 minutes'
> What did you mean by changing the auth/index.php? When I set the
> to 'USED', any web access will be redirected to the login page
> do you mean some message like "You have been logged out after 60
> of online time"? How should the auth/index.php "know" that this just
> happened? Just display that sentence for 5 minutes after the user
> logged out, that is having a 'USED' session less than 5 minutes old?
> Something like
> SELECT user_id,user_ip,user_mac FROM connections WHERE
> token_status='USED' AND NOW()-last_updated < '5 minutes'
> I didn't figure how to do this autologout feature elegantly using a
> trigger and stored procedure as I'm not familiar with Postgres, and a
> cronjob will do for my urgent needs. If anyone can come up with an
> "inside the database" solution, I'm anxious for your input :-)
> I'll have a look at some PHP captcha library for the Turing test now.
> Thanks again for your help!
> WiFiDog mailing list
> WiFiDog at listes.ilesansfil.org
More information about the WiFiDog