Added login failed support.

app/controllers/application_controller.rb

@@ -85,9 +85,6 @@ class ApplicationController < ActionController::Base
       # return auth ok
       if message == ''
 
-        # remember last login
-        userdata.update_last_login
-
         # set basic auth user to current user
         current_user_set(userdata)
         return {

app/controllers/sessions_controller.rb

@@ -15,9 +15,6 @@ class SessionsController < ApplicationController
       return
     end
 
-    # remember last login date
-    user.update_last_login()
-
     # auto population of default collections
     default_collection = SessionHelper::default_collections(user)
 
@@ -125,7 +122,7 @@ class SessionsController < ApplicationController
     end
 
     # remember last login date
-    authorization.user.update_last_login()
+    authorization.user.update_last_login
 
     # Log the authorizing user in.
     session[:user_id] = authorization.user.id

app/models/user.rb

@@ -51,8 +51,9 @@ class User < ApplicationModel
     end
 
     # check failed logins
-    if user
+    max_login_failed = Setting.get('password_max_login_failed') || 10
-#      return if user.faild_login > 10
+    if user && user.login_failed > max_login_failed
+      return false
     end
 
     # use auth backends
@@ -80,18 +81,20 @@ class User < ApplicationModel
       # auth ok
       if user_auth
 
-        # update last login
+        # remember last login date
-        
+        user.update_last_login
 
         # reset login failed
-
+        user.login_failed = 0
+        user.save
 
         return user_auth
       end
     }
 
     # set login failed +1
-
+    user.login_failed = user.login_failed + 1
+    user.save
 
     # auth failed
     sleep 1