aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB/includes/auth
diff options
context:
space:
mode:
Diffstat (limited to 'phpBB/includes/auth')
-rw-r--r--phpBB/includes/auth/auth_db.php6
-rw-r--r--phpBB/includes/auth/auth_ldap.php2
2 files changed, 5 insertions, 3 deletions
diff --git a/phpBB/includes/auth/auth_db.php b/phpBB/includes/auth/auth_db.php
index 73c4f92976..e04a6307e9 100644
--- a/phpBB/includes/auth/auth_db.php
+++ b/phpBB/includes/auth/auth_db.php
@@ -134,7 +134,8 @@ function login_db(&$username, &$password)
// increase login attempt count to make sure this cannot be exploited
$sql = 'UPDATE ' . USERS_TABLE . '
SET user_login_attempts = user_login_attempts + 1
- WHERE user_id = ' . $row['user_id'];
+ WHERE user_id = ' . (int) $row['user_id'] . '
+ AND user_login_attempts < ' . LOGIN_ATTEMPTS_MAX;
$db->sql_query($sql);
return array(
@@ -194,7 +195,8 @@ function login_db(&$username, &$password)
// Password incorrect - increase login attempts
$sql = 'UPDATE ' . USERS_TABLE . '
SET user_login_attempts = user_login_attempts + 1
- WHERE user_id = ' . $row['user_id'];
+ WHERE user_id = ' . (int) $row['user_id'] . '
+ AND user_login_attempts < ' . LOGIN_ATTEMPTS_MAX;
$db->sql_query($sql);
// Give status about wrong password...
diff --git a/phpBB/includes/auth/auth_ldap.php b/phpBB/includes/auth/auth_ldap.php
index a6092baba5..e8c957aaa3 100644
--- a/phpBB/includes/auth/auth_ldap.php
+++ b/phpBB/includes/auth/auth_ldap.php
@@ -74,7 +74,7 @@ function init_ldap()
if ($search === false)
{
- return $user->lang['LDAP_NO_SERVER_CONNECTION'];
+ return $user->lang['LDAP_SEARCH_FAILED'];
}
$result = @ldap_get_entries($ldap, $search);
generated by cgit v1.2.1 (git 2.21.0) at 2025-10-10 08:05:14 +0000