aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB/includes
diff options
context:
space:
mode:
Diffstat (limited to 'phpBB/includes')
-rw-r--r--phpBB/includes/acp/acp_board.php3
-rw-r--r--phpBB/includes/auth.php2
-rw-r--r--phpBB/includes/auth/auth_db.php66
-rw-r--r--phpBB/includes/constants.php1
-rw-r--r--phpBB/includes/db/db_tools.php13
-rw-r--r--phpBB/includes/session.php4
6 files changed, 84 insertions, 5 deletions
diff --git a/phpBB/includes/acp/acp_board.php b/phpBB/includes/acp/acp_board.php
index d38c4d58ba..9f00145f3b 100644
--- a/phpBB/includes/acp/acp_board.php
+++ b/phpBB/includes/acp/acp_board.php
@@ -386,6 +386,9 @@ class acp_board
'pass_complex' => array('lang' => 'PASSWORD_TYPE', 'validate' => 'string', 'type' => 'select', 'method' => 'select_password_chars', 'explain' => true),
'chg_passforce' => array('lang' => 'FORCE_PASS_CHANGE', 'validate' => 'int:0', 'type' => 'text:3:3', 'explain' => true, 'append' => ' ' . $user->lang['DAYS']),
'max_login_attempts' => array('lang' => 'MAX_LOGIN_ATTEMPTS', 'validate' => 'int:0', 'type' => 'text:3:3', 'explain' => true),
+ 'ip_login_limit_max' => array('lang' => 'IP_LOGIN_LIMIT_MAX', 'validate' => 'int:0', 'type' => 'text:3:3', 'explain' => true),
+ 'ip_login_limit_time' => array('lang' => 'IP_LOGIN_LIMIT_TIME', 'validate' => 'int:0', 'type' => 'text:5:5', 'explain' => true),
+ 'ip_login_limit_use_forwarded' => array('lang' => 'IP_LOGIN_LIMIT_USE_FORWARDED', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true),
'tpl_allow_php' => array('lang' => 'TPL_ALLOW_PHP', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true),
'form_token_lifetime' => array('lang' => 'FORM_TIME_MAX', 'validate' => 'int:-1', 'type' => 'text:5:5', 'explain' => true, 'append' => ' ' . $user->lang['SECONDS']),
'form_token_sid_guests' => array('lang' => 'FORM_SID_GUESTS', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true),
diff --git a/phpBB/includes/auth.php b/phpBB/includes/auth.php
index 8324cb4977..5564de2943 100644
--- a/phpBB/includes/auth.php
+++ b/phpBB/includes/auth.php
@@ -908,7 +908,7 @@ class auth
$method = 'login_' . $method;
if (function_exists($method))
{
- $login = $method($username, $password);
+ $login = $method($username, $password, $user->ip, $user->browser, $user->forwarded_for);
// If the auth module wants us to create an empty profile do so and then treat the status as LOGIN_SUCCESS
if ($login['status'] == LOGIN_SUCCESS_CREATE_PROFILE)
diff --git a/phpBB/includes/auth/auth_db.php b/phpBB/includes/auth/auth_db.php
index e04a6307e9..e155130e04 100644
--- a/phpBB/includes/auth/auth_db.php
+++ b/phpBB/includes/auth/auth_db.php
@@ -23,8 +23,21 @@ if (!defined('IN_PHPBB'))
/**
* Login function
+*
+* @param string $username
+* @param string $password
+* @param string $ip IP address the login is taking place from. Used to
+* limit the number of login attempts per IP address.
+* @param string $browser The user agent used to login
+* @param string $forwarded_for X_FORWARDED_FOR header sent with login request
+* @return array A associative array of the format
+* array(
+* 'status' => status constant
+* 'error_msg' => string
+* 'user_row' => array
+* )
*/
-function login_db(&$username, &$password)
+function login_db($username, $password, $ip = '', $browser = '', $forwarded_for = '')
{
global $db, $config;
@@ -47,13 +60,52 @@ function login_db(&$username, &$password)
);
}
+ $username_clean = utf8_clean_string($username);
+
$sql = 'SELECT user_id, username, user_password, user_passchg, user_pass_convert, user_email, user_type, user_login_attempts
FROM ' . USERS_TABLE . "
- WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'";
+ WHERE username_clean = '" . $db->sql_escape($username_clean) . "'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
+ if (($ip && !$config['ip_login_limit_use_forwarded']) ||
+ ($forwarded_for && $config['ip_login_limit_use_forwarded']))
+ {
+ $sql = 'SELECT COUNT(attempt_id) AS count
+ FROM ' . LOGIN_ATTEMPT_TABLE . '
+ WHERE attempt_time > ' . (time() - (int) $config['ip_login_limit_time']);
+ if ($config['ip_login_limit_use_forwarded'])
+ {
+ $sql .= " AND attempt_forwarded_for = '" . $db->sql_escape($forwarded_for) . "'";
+ }
+ else
+ {
+ $sql .= " AND attempt_ip = '" . $db->sql_escape($ip) . "' ";
+ }
+
+ $result = $db->sql_query($sql);
+ $attempts_row = $db->sql_fetchrow($result);
+ $db->sql_freeresult($result);
+ $attempts = $attempts_row['count'];
+
+ $attempt_data = array(
+ 'attempt_ip' => $ip,
+ 'attempt_browser' => $browser,
+ 'attempt_forwarded_for' => $forwarded_for,
+ 'attempt_time' => time(),
+ 'user_id' => ($row) ? (int) $row['user_id'] : 0,
+ 'username' => $username,
+ 'username_clean' => $username_clean,
+ );
+ $sql = 'INSERT INTO ' . LOGIN_ATTEMPT_TABLE . $db->sql_build_array('INSERT', $attempt_data);
+ $result = $db->sql_query($sql);
+ }
+ else
+ {
+ $attempts = 0;
+ }
+
if (!$row)
{
return array(
@@ -62,7 +114,9 @@ function login_db(&$username, &$password)
'user_row' => array('user_id' => ANONYMOUS),
);
}
- $show_captcha = $config['max_login_attempts'] && $row['user_login_attempts'] >= $config['max_login_attempts'];
+
+ $show_captcha = ($config['max_login_attempts'] && $row['user_login_attempts'] >= $config['max_login_attempts']) ||
+ ($config['ip_login_limit_max'] && $attempts >= $config['ip_login_limit_max']);
// If there are too much login attempts, we need to check for an confirm image
// Every auth module is able to define what to do by itself...
@@ -90,7 +144,7 @@ function login_db(&$username, &$password)
{
$captcha->reset();
}
-
+
}
// If the password convert flag is set we need to convert it
@@ -165,6 +219,10 @@ function login_db(&$username, &$password)
$row['user_password'] = $hash;
}
+ $sql = 'DELETE FROM ' . LOGIN_ATTEMPT_TABLE . '
+ WHERE user_id = ' . $row['user_id'];
+ $db->sql_query($sql);
+
if ($row['user_login_attempts'] != 0)
{
// Successful, reset login attempts (the user passed all stages)
diff --git a/phpBB/includes/constants.php b/phpBB/includes/constants.php
index ea34eb8e81..b5a0aa893a 100644
--- a/phpBB/includes/constants.php
+++ b/phpBB/includes/constants.php
@@ -236,6 +236,7 @@ define('GROUPS_TABLE', $table_prefix . 'groups');
define('ICONS_TABLE', $table_prefix . 'icons');
define('LANG_TABLE', $table_prefix . 'lang');
define('LOG_TABLE', $table_prefix . 'log');
+define('LOGIN_ATTEMPT_TABLE', $table_prefix . 'login_attempts');
define('MODERATOR_CACHE_TABLE', $table_prefix . 'moderator_cache');
define('MODULES_TABLE', $table_prefix . 'modules');
define('POLL_OPTIONS_TABLE', $table_prefix . 'poll_options');
diff --git a/phpBB/includes/db/db_tools.php b/phpBB/includes/db/db_tools.php
index 483ceee043..fdefda9e26 100644
--- a/phpBB/includes/db/db_tools.php
+++ b/phpBB/includes/db/db_tools.php
@@ -638,6 +638,19 @@ class phpbb_db_tools
$sqlite = true;
}
+ // Add tables?
+ if (!empty($schema_changes['add_tables']))
+ {
+ foreach ($schema_changes['add_tables'] as $table => $table_data)
+ {
+ $result = $this->sql_create_table($table, $table_data);
+ if ($this->return_statements)
+ {
+ $statements = array_merge($statements, $result);
+ }
+ }
+ }
+
// Change columns?
if (!empty($schema_changes['change_columns']))
{
diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php
index ceb22c197c..69369ff72d 100644
--- a/phpBB/includes/session.php
+++ b/phpBB/includes/session.php
@@ -1005,6 +1005,10 @@ class session
include($phpbb_root_path . "includes/captcha/captcha_factory." . $phpEx);
}
phpbb_captcha_factory::garbage_collect($config['captcha_plugin']);
+
+ $sql = 'DELETE FROM ' . LOGIN_ATTEMPT_TABLE . '
+ WHERE attempt_time < ' . (time() - (int) $config['ip_login_limit_time']);
+ $db->sql_query($sql);
}
return;
generated by cgit v1.2.1 (git 2.21.0) at 2025-07-20 07:59:13 +0000