diff options
| author | Nils Adermann <naderman@naderman.de> | 2010-03-02 01:05:40 +0100 |
|---|---|---|
| committer | Nils Adermann <naderman@naderman.de> | 2010-03-02 01:05:40 +0100 |
| commit | 021c186be91095397d4e76801738373989360a52 (patch) | |
| tree | 4a5b42c0ebcaeb0be77edacb839bf164fe2dadc0 /phpBB/includes/auth/auth_db.php | |
| parent | 4f9c3b8f5c0181c2ebf367436f3c0336d8f2251d (diff) | |
| parent | 3ddedd5ff228cdcc3c0b05000affe3944afc7854 (diff) | |
| download | forums-021c186be91095397d4e76801738373989360a52.tar forums-021c186be91095397d4e76801738373989360a52.tar.gz forums-021c186be91095397d4e76801738373989360a52.tar.bz2 forums-021c186be91095397d4e76801738373989360a52.tar.xz forums-021c186be91095397d4e76801738373989360a52.zip | |
Merge commit 'release-3.0.6-RC1'
Diffstat (limited to 'phpBB/includes/auth/auth_db.php')
| -rw-r--r-- | phpBB/includes/auth/auth_db.php | 41 |
1 files changed, 7 insertions, 34 deletions
diff --git a/phpBB/includes/auth/auth_db.php b/phpBB/includes/auth/auth_db.php index 24d4c56614..5dc141ff77 100644 --- a/phpBB/includes/auth/auth_db.php +++ b/phpBB/includes/auth/auth_db.php @@ -68,7 +68,6 @@ function login_db(&$username, &$password) if ($config['max_login_attempts'] && $row['user_login_attempts'] >= $config['max_login_attempts']) { $confirm_id = request_var('confirm_id', ''); - $confirm_code = request_var('confirm_code', ''); // Visual Confirmation handling if (!$confirm_id) @@ -81,41 +80,15 @@ function login_db(&$username, &$password) } else { - global $user; - - $sql = 'SELECT code - FROM ' . CONFIRM_TABLE . " - WHERE confirm_id = '" . $db->sql_escape($confirm_id) . "' - AND session_id = '" . $db->sql_escape($user->session_id) . "' - AND confirm_type = " . CONFIRM_LOGIN; - $result = $db->sql_query($sql); - $confirm_row = $db->sql_fetchrow($result); - $db->sql_freeresult($result); - - if ($confirm_row) - { - if (strcasecmp($confirm_row['code'], $confirm_code) === 0) - { - $sql = 'DELETE FROM ' . CONFIRM_TABLE . " - WHERE confirm_id = '" . $db->sql_escape($confirm_id) . "' - AND session_id = '" . $db->sql_escape($user->session_id) . "' - AND confirm_type = " . CONFIRM_LOGIN; - $db->sql_query($sql); - } - else - { - return array( - 'status' => LOGIN_ERROR_ATTEMPTS, - 'error_msg' => 'CONFIRM_CODE_WRONG', - 'user_row' => $row, - ); - } - } - else + $captcha =& phpbb_captcha_factory::get_instance($config['captcha_plugin']); + $captcha->init(CONFIRM_LOGIN); + $vc_response = $captcha->validate(); + + if ($vc_response) { return array( 'status' => LOGIN_ERROR_ATTEMPTS, - 'error_msg' => 'CONFIRM_CODE_WRONG', + 'error_msg' => 'LOGIN_ERROR_ATTEMPTS', 'user_row' => $row, ); } @@ -157,7 +130,7 @@ function login_db(&$username, &$password) $row['user_pass_convert'] = 0; $row['user_password'] = $hash; } - else + else { // Although we weren't able to convert this password we have to // increase login attempt count to make sure this cannot be exploited |