[ticket/7538] Limit user_login_attempts to prevent SQL errors.

PHPBB3-7538
author: Andreas Fischer <bantu@phpbb.com> 2010-10-15 18:54:44 +0200
committer: Andreas Fischer <bantu@phpbb.com> 2010-10-15 19:00:14 +0200
commit: 0452da2bf1f93dc8d9ea5c73f1276a5976eaca7d (patch)
tree: 58f5f327ec2dc76d9f3bfa9a9e776de00fd798c6 /phpBB/includes/auth/auth_db.php
parent: b8f37a5024c3fbda51c76f3990e6dd2059892837 (diff)
download: forums-0452da2bf1f93dc8d9ea5c73f1276a5976eaca7d.tar
forums-0452da2bf1f93dc8d9ea5c73f1276a5976eaca7d.tar.gz
forums-0452da2bf1f93dc8d9ea5c73f1276a5976eaca7d.tar.bz2
forums-0452da2bf1f93dc8d9ea5c73f1276a5976eaca7d.tar.xz
forums-0452da2bf1f93dc8d9ea5c73f1276a5976eaca7d.zip
1 files changed, 4 insertions, 2 deletions
diff --git a/phpBB/includes/auth/auth_db.php b/phpBB/includes/auth/auth_db.php
index 73c4f92976..e04a6307e9 100644
--- a/phpBB/includes/auth/auth_db.php
+++ b/phpBB/includes/auth/auth_db.php
@@ -134,7 +134,8 @@ function login_db(&$username, &$password)
 				// increase login attempt count to make sure this cannot be exploited
 				$sql = 'UPDATE ' . USERS_TABLE . '
 					SET user_login_attempts = user_login_attempts + 1
-					WHERE user_id = ' . $row['user_id'];
+					WHERE user_id = ' . (int) $row['user_id'] . '
+						AND user_login_attempts < ' . LOGIN_ATTEMPTS_MAX;
 				$db->sql_query($sql);
 
 				return array(
@@ -194,7 +195,8 @@ function login_db(&$username, &$password)
 	// Password incorrect - increase login attempts
 	$sql = 'UPDATE ' . USERS_TABLE . '
 		SET user_login_attempts = user_login_attempts + 1
-		WHERE user_id = ' . $row['user_id'];
+		WHERE user_id = ' . (int) $row['user_id'] . '
+			AND user_login_attempts < ' . LOGIN_ATTEMPTS_MAX;
 	$db->sql_query($sql);
 
 	// Give status about wrong password...
author	Andreas Fischer <bantu@phpbb.com>	2010-10-15 18:54:44 +0200
committer	Andreas Fischer <bantu@phpbb.com>	2010-10-15 19:00:14 +0200
commit	0452da2bf1f93dc8d9ea5c73f1276a5976eaca7d (patch)
tree	58f5f327ec2dc76d9f3bfa9a9e776de00fd798c6 /phpBB/includes/auth/auth_db.php
parent	b8f37a5024c3fbda51c76f3990e6dd2059892837 (diff)
download	forums-0452da2bf1f93dc8d9ea5c73f1276a5976eaca7d.tar forums-0452da2bf1f93dc8d9ea5c73f1276a5976eaca7d.tar.gz forums-0452da2bf1f93dc8d9ea5c73f1276a5976eaca7d.tar.bz2 forums-0452da2bf1f93dc8d9ea5c73f1276a5976eaca7d.tar.xz forums-0452da2bf1f93dc8d9ea5c73f1276a5976eaca7d.zip