diff options
Diffstat (limited to 'phpBB')
| -rw-r--r-- | phpBB/includes/auth/auth_db.php | 6 | ||||
| -rw-r--r-- | phpBB/includes/constants.php | 4 | ||||
| -rw-r--r-- | phpBB/posting.php | 2 | ||||
| -rw-r--r-- | phpBB/styles/prosilver/template/login_body.html | 6 | ||||
| -rw-r--r-- | phpBB/styles/prosilver/template/mcp_post.html | 2 | ||||
| -rw-r--r-- | phpBB/styles/prosilver/template/search_body.html | 8 | ||||
| -rw-r--r-- | phpBB/styles/prosilver/theme/content.css | 5 | ||||
| -rw-r--r-- | phpBB/styles/subsilver2/template/login_body.html | 19 | ||||
| -rw-r--r-- | phpBB/styles/subsilver2/template/search_body.html | 19 |
9 files changed, 64 insertions, 7 deletions
diff --git a/phpBB/includes/auth/auth_db.php b/phpBB/includes/auth/auth_db.php index 73c4f92976..e04a6307e9 100644 --- a/phpBB/includes/auth/auth_db.php +++ b/phpBB/includes/auth/auth_db.php @@ -134,7 +134,8 @@ function login_db(&$username, &$password) // increase login attempt count to make sure this cannot be exploited $sql = 'UPDATE ' . USERS_TABLE . ' SET user_login_attempts = user_login_attempts + 1 - WHERE user_id = ' . $row['user_id']; + WHERE user_id = ' . (int) $row['user_id'] . ' + AND user_login_attempts < ' . LOGIN_ATTEMPTS_MAX; $db->sql_query($sql); return array( @@ -194,7 +195,8 @@ function login_db(&$username, &$password) // Password incorrect - increase login attempts $sql = 'UPDATE ' . USERS_TABLE . ' SET user_login_attempts = user_login_attempts + 1 - WHERE user_id = ' . $row['user_id']; + WHERE user_id = ' . (int) $row['user_id'] . ' + AND user_login_attempts < ' . LOGIN_ATTEMPTS_MAX; $db->sql_query($sql); // Give status about wrong password... diff --git a/phpBB/includes/constants.php b/phpBB/includes/constants.php index ff572869e2..ebaa342f54 100644 --- a/phpBB/includes/constants.php +++ b/phpBB/includes/constants.php @@ -69,6 +69,10 @@ define('LOGIN_ERROR_ATTEMPTS', 13); define('LOGIN_ERROR_EXTERNAL_AUTH', 14); define('LOGIN_ERROR_PASSWORD_CONVERT', 15); +// Maximum login attempts +// The value is arbitrary, but it has to fit into the user_login_attempts field. +define('LOGIN_ATTEMPTS_MAX', 100); + // Group settings define('GROUP_OPEN', 0); define('GROUP_CLOSED', 1); diff --git a/phpBB/posting.php b/phpBB/posting.php index 853ac18aad..f775699cee 100644 --- a/phpBB/posting.php +++ b/phpBB/posting.php @@ -1300,7 +1300,7 @@ $attachment_data = $message_parser->attachment_data; $filename_data = $message_parser->filename_data; $post_data['post_text'] = $message_parser->message; -if (sizeof($post_data['poll_options']) || $post_data['poll_title']) +if (sizeof($post_data['poll_options']) || !empty($post_data['poll_title'])) { $message_parser->message = $post_data['poll_title']; $message_parser->bbcode_uid = $post_data['bbcode_uid']; diff --git a/phpBB/styles/prosilver/template/login_body.html b/phpBB/styles/prosilver/template/login_body.html index e52ccd6434..26e425a1d0 100644 --- a/phpBB/styles/prosilver/template/login_body.html +++ b/phpBB/styles/prosilver/template/login_body.html @@ -1,5 +1,11 @@ <!-- INCLUDE overall_header.html --> +<script type="text/javascript"> +// <![CDATA[ + onload_functions.push('document.getElementById("{USERNAME_CREDENTIAL}").focus();'); +// ]]> +</script> + <form action="{S_LOGIN_ACTION}" method="post" id="login"> <div class="panel"> <div class="inner"><span class="corners-top"><span></span></span> diff --git a/phpBB/styles/prosilver/template/mcp_post.html b/phpBB/styles/prosilver/template/mcp_post.html index dab2d572a9..04e24cd1f9 100644 --- a/phpBB/styles/prosilver/template/mcp_post.html +++ b/phpBB/styles/prosilver/template/mcp_post.html @@ -54,7 +54,7 @@ </ul> <!-- ENDIF --> - <span class="right-box clear" id="expand"><a href="#post_details" onclick="viewableArea(getElementById('post_details'), true); var rev_text = getElementById('expand').getElementsByTagName('a').item(0).firstChild; if (rev_text.data == '{LA_EXPAND_VIEW}'){rev_text.data = '{LA_COLLAPSE_VIEW}'; } else if (rev_text.data == '{LA_COLLAPSE_VIEW}'){rev_text.data = '{LA_EXPAND_VIEW}'}; return false;">{L_EXPAND_VIEW}</a></span> + <span class="right-box" id="expand"><a href="#post_details" onclick="viewableArea(getElementById('post_details'), true); var rev_text = getElementById('expand').getElementsByTagName('a').item(0).firstChild; if (rev_text.data == '{LA_EXPAND_VIEW}'){rev_text.data = '{LA_COLLAPSE_VIEW}'; } else if (rev_text.data == '{LA_COLLAPSE_VIEW}'){rev_text.data = '{LA_EXPAND_VIEW}'}; return false;">{L_EXPAND_VIEW}</a></span> <h3><a href="{U_VIEW_POST}">{POST_SUBJECT}</a></h3> <!-- IF S_PM --> diff --git a/phpBB/styles/prosilver/template/search_body.html b/phpBB/styles/prosilver/template/search_body.html index 612641b141..6616b95a73 100644 --- a/phpBB/styles/prosilver/template/search_body.html +++ b/phpBB/styles/prosilver/template/search_body.html @@ -1,5 +1,11 @@ <!-- INCLUDE overall_header.html --> +<script type="text/javascript"> +// <![CDATA[ + onload_functions.push('document.getElementById("keywords").focus();'); +// ]]> +</script> + <h2 class="solo">{L_SEARCH}</h2> <form method="get" action="{S_SEARCH_ACTION}"> @@ -119,4 +125,4 @@ </div> <!-- ENDIF --> -<!-- INCLUDE overall_footer.html -->
\ No newline at end of file +<!-- INCLUDE overall_footer.html --> diff --git a/phpBB/styles/prosilver/theme/content.css b/phpBB/styles/prosilver/theme/content.css index dfe00371e4..64beb97a37 100644 --- a/phpBB/styles/prosilver/theme/content.css +++ b/phpBB/styles/prosilver/theme/content.css @@ -307,6 +307,11 @@ div[class].topic-actions { max-height: 300px; } +#expand +{ + clear: both; +} + /* Content container styles ----------------------------------------*/ .content { diff --git a/phpBB/styles/subsilver2/template/login_body.html b/phpBB/styles/subsilver2/template/login_body.html index 503de9e69e..90bbf8c139 100644 --- a/phpBB/styles/subsilver2/template/login_body.html +++ b/phpBB/styles/subsilver2/template/login_body.html @@ -88,4 +88,21 @@ <div align="{S_CONTENT_FLOW_END}"><!-- INCLUDE jumpbox.html --></div> -<!-- INCLUDE overall_footer.html -->
\ No newline at end of file +<script type="text/javascript"> +// <![CDATA[ + (function() + { + var elements = document.getElementsByName("{USERNAME_CREDENTIAL}"); + for (var i = 0; i < elements.length; ++i) + { + if (elements[i].tagName.toLowerCase() == 'input') + { + elements[i].focus(); + break; + } + } + })(); +// ]]> +</script> + +<!-- INCLUDE overall_footer.html --> diff --git a/phpBB/styles/subsilver2/template/search_body.html b/phpBB/styles/subsilver2/template/search_body.html index a0ec30e9ba..763a229c83 100644 --- a/phpBB/styles/subsilver2/template/search_body.html +++ b/phpBB/styles/subsilver2/template/search_body.html @@ -75,4 +75,21 @@ <div align="{S_CONTENT_FLOW_END}"><!-- INCLUDE jumpbox.html --></div> -<!-- INCLUDE overall_footer.html -->
\ No newline at end of file +<script type="text/javascript"> +// <![CDATA[ + (function() + { + var elements = document.getElementsByName("keywords"); + for (var i = 0; i < elements.length; ++i) + { + if (elements[i].tagName.toLowerCase() == 'input') + { + elements[i].focus(); + break; + } + } + })(); +// ]]> +</script> + +<!-- INCLUDE overall_footer.html --> |