Wrong login causes error message

[jommbee]

If an incorrect password is entered in the frontend (Member), an SQL error is generated.

A timestamp is set as value for the "disabled" field. But the corresponding field in the database at tl_meber is char(1).

Change the field to char(10) in contao/dca/tl_member.php fixed the problem.

request.CRITICAL: Uncaught PHP Exception Doctrine\DBAL\Exception\DriverException: "An exception occurred while executing 'UPDATE tl_member SET id='3', tstamp='1600331516', firstname='XXX', lastname='xxxx', dateOfBirth='', gender='', company='', street='', postal='', city='', state='', country='', phone='', mobile='', fax='', email='xxx', website='', language='', groups='a:2:{i:0;s:1:"1";i:1;s:1:"8";}', login='1', username='xxx', password='xxx', assignDir='', homeDir=NULL, disable=1600331591, start='', stop='', dateAdded='1579170269', lastLogin='1600329817', currentLogin='1600329996', locked='0', session='a:0:{}', trustedTokenVersion='0', backupCodes=NULL, useTwoFactor='', secret=NULL, loginAttempts=1, iban='', pwChange='' WHERE id='3'': SQLSTATE[22001]: String data, right truncated: 1406 Data too long for column 'disable' at row 1" at /var/www/html/gremienportal/vendor/doctrine/dbal/lib/Doctrine/DBAL/Driver/AbstractMySQLDriver.php line 110 {"exception":"[object] (Doctrine\DBAL\Exception\DriverException(code: 0): An exception occurred while executing 'UPDATE tl_member SET id='3', tstamp='1600331516', firstname='XXX', lastname='xxxx', dateOfBirth='', gender='', company='', street='', postal='', city='', state='', country='', phone='', mobile='', fax='', email='xxx', website='', language='', groups='a:2:{i:0;s:1:\"1\";i:1;s:1:\"8\";}', login='1', username='xxx', password='xxx', assignDir='', homeDir=NULL, disable=1600331591, start='', stop='', dateAdded='1579170269', lastLogin='1600329817', currentLogin='1600329996', locked='0', session='a:0:{}', trustedTokenVersion='0', backupCodes=NULL, useTwoFactor='', secret=NULL, loginAttempts=1, iban='', pwChange='' WHERE id='3'':\n\nSQLSTATE[22001]: String data, right truncated: 1406 Data too long for column 'disable' at row 1 at /var/www/html/gremienportal/vendor/doctrine/dbal/lib/Doctrine/DBAL/Driver/AbstractMySQLDriver.php:110, Doctrine\DBAL\Driver\PDOException(code: 22001): SQLSTATE[22001]: String data, right truncated: 1406 Data too long for column 'disable' at row 1 at /var/www/html/gremienportal/vendor/doctrine/dbal/lib/Doctrine/DBAL/Driver/PDOConnection.php:91, PDOException(code: 22001): SQLSTATE[22001]: String data, right truncated: 1406 Data too long for column 'disable' at row 1 at /var/www/html/gremienportal/vendor/doctrine/dbal/lib/Doctrine/DBAL/Driver/PDOConnection.php:86)"} []

[richardhj]

It has to be $user->disable = '1'. Also, loginAttempts instead of loginCount should be used in Contao 4.9 (see contao/contao#1178)

[richardhj]

@aschempp I started the necessary rework for Contao 4.9 and want to move the logic to a decorated AuthenticationFailureHandler. I just realized that our "invalid_attempts" (where you can set any number) config does not seem to be compatible with the Contao core, since the loginAttempts is hardcoded to "3" in the AuthenticationProvider.
What we can do, however, is to disable the account on 3 invalid attempts and send an admin notification. WDYT?

[richardhj]

A hotfix for 4.4 is already released. For Contao 4.9 we will disable the "invalid_attempts" setting. Thus make sure to not define "invalid_attempts" in the config @jommbee