diff options
| author | Henry Sudhof <kellanved@phpbb.com> | 2010-01-17 16:46:41 +0000 |
|---|---|---|
| committer | Henry Sudhof <kellanved@phpbb.com> | 2010-01-17 16:46:41 +0000 |
| commit | ef2cd7b6c96ba1cf39f7ee6cc0655278c1e4a485 (patch) | |
| tree | 113f54a63a94383c353e443a41f2cffaea88c0ac | |
| parent | 9532ba3c3d67a8cf250e8e7e6bd4f31da82c11e3 (diff) | |
| download | forums-ef2cd7b6c96ba1cf39f7ee6cc0655278c1e4a485.tar forums-ef2cd7b6c96ba1cf39f7ee6cc0655278c1e4a485.tar.gz forums-ef2cd7b6c96ba1cf39f7ee6cc0655278c1e4a485.tar.bz2 forums-ef2cd7b6c96ba1cf39f7ee6cc0655278c1e4a485.tar.xz forums-ef2cd7b6c96ba1cf39f7ee6cc0655278c1e4a485.zip | |
Always require a fresh solved captcha, don't accept a stored solution.
git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@10411 89ea8834-ac86-4346-8a33-228a782c2dd0
| -rw-r--r-- | phpBB/includes/auth/auth_db.php | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/phpBB/includes/auth/auth_db.php b/phpBB/includes/auth/auth_db.php index e49f3aa248..10dcbe1c27 100644 --- a/phpBB/includes/auth/auth_db.php +++ b/phpBB/includes/auth/auth_db.php @@ -62,10 +62,11 @@ function login_db(&$username, &$password) 'user_row' => array('user_id' => ANONYMOUS), ); } + $show_captcha = $config['max_login_attempts'] && $row['user_login_attempts'] >= $config['max_login_attempts']; // If there are too much login attempts, we need to check for an confirm image // Every auth module is able to define what to do by itself... - if ($config['max_login_attempts'] && $row['user_login_attempts'] >= $config['max_login_attempts']) + if ($show_captcha) { // Visual Confirmation handling @@ -80,6 +81,10 @@ function login_db(&$username, &$password) 'user_row' => $row, ); } + else + { + $captcha->reset(); + } } @@ -189,8 +194,8 @@ function login_db(&$username, &$password) // Give status about wrong password... return array( - 'status' => LOGIN_ERROR_PASSWORD, - 'error_msg' => 'LOGIN_ERROR_PASSWORD', + 'status' => ($show_captcha) ? LOGIN_ERROR_ATTEMPTS : LOGIN_ERROR_PASSWORD, + 'error_msg' => ($show_captcha) ? 'LOGIN_ERROR_ATTEMPTS' : 'LOGIN_ERROR_PASSWORD', 'user_row' => $row, ); } |