* Change $wgCaptchaBadLoginAttempts to be inclusive of the first attempt, so that...

* Set the default to 3 instead of 1, to be more forgiving of mistyped passwords.  Unlikely to help bots much; quite likely to help blind people who aren't really really really careful typers.
* Commit some whitespace change I had lying around.

diff --git a/ConfirmEdit.php b/ConfirmEdit.php
index 828570355fb8893d0abe01c80909be247822f7cb..cbf889098e8489003cb6d14850e2cdb6fd7288a2 100644 (file)
--- a/ConfirmEdit.php
+++ b/ConfirmEdit.php
@@ -150,12 +150,11 @@ global $ceAllowConfirmedEmail;
 $ceAllowConfirmedEmail = false;
 
 /** 
- * Number of bad login attempts allowed before triggering the captcha.
- * 
- * Default is 0.
+ * Number of bad login attempts before triggering the captcha.  0 means the
+ * captcha is presented on the first login.
  */
 global $wgCaptchaBadLoginAttempts;
-$wgCaptchaBadLoginAttempts = 0;
+$wgCaptchaBadLoginAttempts = 3;
 
 /**
  * Regex to whitelist URLs to known-good sites...

diff --git a/ConfirmEdit_body.php b/ConfirmEdit_body.php
index 31635dac4323d4c7d2006320abb74bec78b5655f..cd68f5cb678da9655ca035db04ddbce4c61eaf00 100644 (file)
--- a/ConfirmEdit_body.php
+++ b/ConfirmEdit_body.php
@@ -205,7 +205,7 @@ class SimpleCaptcha {
         */
        function isBadLoginTriggered() {
                global $wgMemc, $wgCaptchaBadLoginAttempts;
-               return intval( $wgMemc->get( $this->badLoginKey() ) ) > $wgCaptchaBadLoginAttempts;
+               return intval( $wgMemc->get( $this->badLoginKey() ) ) >= $wgCaptchaBadLoginAttempts;
        }
        
        /**