diff options
| author | Nils Adermann <naderman@naderman.de> | 2011-06-10 12:02:59 +0200 |
|---|---|---|
| committer | Nils Adermann <naderman@naderman.de> | 2011-06-10 12:18:19 +0200 |
| commit | 2dee57fd43ebe1cf1f43fb0161cdd5f072eeaa63 (patch) | |
| tree | 3c50ada87cc79e7488cb68a57d52dd3494d985ed /phpBB/includes/session.php | |
| parent | fc9b12669145f72414eb45bbb73860099c6cecef (diff) | |
| download | forums-2dee57fd43ebe1cf1f43fb0161cdd5f072eeaa63.tar forums-2dee57fd43ebe1cf1f43fb0161cdd5f072eeaa63.tar.gz forums-2dee57fd43ebe1cf1f43fb0161cdd5f072eeaa63.tar.bz2 forums-2dee57fd43ebe1cf1f43fb0161cdd5f072eeaa63.tar.xz forums-2dee57fd43ebe1cf1f43fb0161cdd5f072eeaa63.zip | |
[ticket/9992] Adding a limit on login attempts per IP.
A new table was created to save all failed login attempts with
corresponding information on username, ip and useragent. By default
the limit is 50 login attempts within 6 hours per IP. The limit is
relatively high to avoid big problems on sites behind a reverse
proxy that don't receive the forwarded-for value as REMOTE_ADDR but
see all users as coming from the same IP address. But if these
users run into problems a special forwarded-for option is available
to limit logins by forwarded-for value instead of ip.
PHPBB3-9992
Diffstat (limited to 'phpBB/includes/session.php')
| -rw-r--r-- | phpBB/includes/session.php | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index ceb22c197c..69369ff72d 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -1005,6 +1005,10 @@ class session include($phpbb_root_path . "includes/captcha/captcha_factory." . $phpEx); } phpbb_captcha_factory::garbage_collect($config['captcha_plugin']); + + $sql = 'DELETE FROM ' . LOGIN_ATTEMPT_TABLE . ' + WHERE attempt_time < ' . (time() - (int) $config['ip_login_limit_time']); + $db->sql_query($sql); } return; |