From 4b6c2c8cde0b87d32f8df8af87239580ddc340c4 Mon Sep 17 00:00:00 2001
From: Jakub Senko <jakubsenko@gmail.com>
Date: Sun, 29 May 2016 12:42:57 +0200
Subject: [ticket/10961] Send HTTP 403 when applicable

PHPBB3-10961
---
 phpBB/includes/functions.php | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'phpBB/includes/functions.php')

diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php
index 588a717f0e..465964913c 100644
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@@ -2264,6 +2264,7 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa
 		{
 			$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_ADMIN_AUTH_FAIL');
 		}
+		send_status_line(403, 'Forbidden');
 		trigger_error('NO_AUTH_ADMIN');
 	}
 
@@ -2280,6 +2281,7 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa
 				{
 					$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_ADMIN_AUTH_FAIL');
 				}
+				send_status_line(403, 'Forbidden');
 				trigger_error('NO_AUTH_ADMIN');
 			}
 
@@ -2301,6 +2303,8 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa
 		{
 			// We log the attempt to use a different username...
 			$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_ADMIN_AUTH_FAIL');
+
+			send_status_line(403, 'Forbidden');
 			trigger_error('NO_AUTH_ADMIN_USER_DIFFER');
 		}
 
-- 
cgit v1.2.1