diff options
| author | Igor Wiedler <igor@wiedler.ch> | 2010-10-17 21:47:04 +0200 |
|---|---|---|
| committer | Igor Wiedler <igor@wiedler.ch> | 2010-10-17 21:47:04 +0200 |
| commit | d753a02ec02e9475ee29d12797648c3aecccdcd8 (patch) | |
| tree | c418ddf592f762c842db7a97b26d7de93a2aa85f /phpBB/includes | |
| parent | 6e5e22961a86c168742ba20dbd7e575ce3afd1b7 (diff) | |
| parent | 642f940bc82bd426dfcc27d5d13ff6296c2f7fe6 (diff) | |
| download | forums-d753a02ec02e9475ee29d12797648c3aecccdcd8.tar forums-d753a02ec02e9475ee29d12797648c3aecccdcd8.tar.gz forums-d753a02ec02e9475ee29d12797648c3aecccdcd8.tar.bz2 forums-d753a02ec02e9475ee29d12797648c3aecccdcd8.tar.xz forums-d753a02ec02e9475ee29d12797648c3aecccdcd8.zip | |
Merge branch 'develop-olympus' into develop
* develop-olympus:
[ticket/7332] Fix post details expand link rendering on Webkit.
[ticket/9162] Prevent notice on unset poll title
[ticket/7417] Also focus search keywords and username in subsilver2.
[ticket/7417] Focus username field when prosilver login page is loaded.
[ticket/7417] Focus search keywords field when prosilver search page is loaded.
[ticket/9841] Change "Save" to "Save draft", "Load" to "Load draft".
[ticket/9664] Resolve conflict with accesskey="t", change addlitsitem to "y".
[ticket/7538] Limit user_login_attempts to prevent SQL errors.
[ticket/9848] Add avatars, attachments and store files to .gitignore.
[ticket/9822] Correct some style related ACP explain statements.
[ticket/9698] Add .htaccess to the includes subdirectory.
[ticket/9830] Redirect to install directly when config.php does not exist.
[ticket/9816] Remove config.php from repository
[ticket/9810] Hide "Select All" of code bbcode on print page
Diffstat (limited to 'phpBB/includes')
| -rw-r--r-- | phpBB/includes/.htaccess | 4 | ||||
| -rw-r--r-- | phpBB/includes/auth/auth_db.php | 6 | ||||
| -rw-r--r-- | phpBB/includes/constants.php | 4 |
3 files changed, 12 insertions, 2 deletions
diff --git a/phpBB/includes/.htaccess b/phpBB/includes/.htaccess new file mode 100644 index 0000000000..4128d345ab --- /dev/null +++ b/phpBB/includes/.htaccess @@ -0,0 +1,4 @@ +<Files *> + Order Allow,Deny + Deny from All +</Files> diff --git a/phpBB/includes/auth/auth_db.php b/phpBB/includes/auth/auth_db.php index b672e212bf..f1bc47c393 100644 --- a/phpBB/includes/auth/auth_db.php +++ b/phpBB/includes/auth/auth_db.php @@ -134,7 +134,8 @@ function login_db(&$username, &$password) // increase login attempt count to make sure this cannot be exploited $sql = 'UPDATE ' . USERS_TABLE . ' SET user_login_attempts = user_login_attempts + 1 - WHERE user_id = ' . $row['user_id']; + WHERE user_id = ' . (int) $row['user_id'] . ' + AND user_login_attempts < ' . LOGIN_ATTEMPTS_MAX; $db->sql_query($sql); return array( @@ -194,7 +195,8 @@ function login_db(&$username, &$password) // Password incorrect - increase login attempts $sql = 'UPDATE ' . USERS_TABLE . ' SET user_login_attempts = user_login_attempts + 1 - WHERE user_id = ' . $row['user_id']; + WHERE user_id = ' . (int) $row['user_id'] . ' + AND user_login_attempts < ' . LOGIN_ATTEMPTS_MAX; $db->sql_query($sql); // Give status about wrong password... diff --git a/phpBB/includes/constants.php b/phpBB/includes/constants.php index ff572869e2..ebaa342f54 100644 --- a/phpBB/includes/constants.php +++ b/phpBB/includes/constants.php @@ -69,6 +69,10 @@ define('LOGIN_ERROR_ATTEMPTS', 13); define('LOGIN_ERROR_EXTERNAL_AUTH', 14); define('LOGIN_ERROR_PASSWORD_CONVERT', 15); +// Maximum login attempts +// The value is arbitrary, but it has to fit into the user_login_attempts field. +define('LOGIN_ATTEMPTS_MAX', 100); + // Group settings define('GROUP_OPEN', 0); define('GROUP_CLOSED', 1); |