mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-08-03 13:17:24 +02:00
Code Issues Releases Wiki Activity

Allow admin to set a failed-login attempt limit before auto-banning occurs.

Browse Source
This commit is contained in:
Cameron
2015-04-12 22:34:44 -07:00
parent 2f46c967da
commit bcfe20dd2b
3 changed files with 21 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
e107_admin/prefs.php
View File

@@ -2005,6 +2005,13 @@ $text .= "
<div class='field-help'>".PRFLAN_91."</div> <div class='field-help'>".PRFLAN_91."</div>
</td> </td>
</tr> </tr>
<tr>
<td><label for='failed-login-limit'>Maximum failed logins before ban:</label></td>
<td>
".$frm->number('failed_login_limit', varset($pref['failed_login_limit'],10), 3, array('max'=>10, 'min'=>0))."
<div class='smalltext field-help'>Failed logins from the same IP will be banned after this many attempts.</div>
</td>
</tr>
<tr> <tr>
<td><label for='adminpwordchange'>".PRFLAN_139.":</label></td> <td><label for='adminpwordchange'>".PRFLAN_139.":</label></td>
<td> <td>

8
e107_handlers/form_handler.php
View File

@@ -440,11 +440,13 @@ class e_form
$options['type'] ='number'; $options['type'] ='number';
$mlength = vartrue($maxlength) ? "maxlength=".$maxlength : ""; $mlength = vartrue($maxlength) ? "maxlength=".$maxlength : "";
$min = varset($options['min']) ? 'min="'.$options['min'].'"' : '';
$max = vartrue($options['max']) ? 'max="'.$options['max'].'"' : '';
$options = $this->format_options('text', $name, $options); $options = $this->format_options('text', $name, $options);
$min = vartrue($options['min']) ? 'min="'.$options['min'].'"' : '';
$max = vartrue($options['max']) ? 'min="'.$options['max'].'"' : '';
//never allow id in format name-value for text fields //never allow id in format name-value for text fields
if(deftrue('BOOTSTRAP')) if(deftrue('BOOTSTRAP'))

15
e107_handlers/login.php
View File

@@ -534,12 +534,15 @@ class userlogin
e107::getMessage()->addError(LOGINMESSAGE); e107::getMessage()->addError(LOGINMESSAGE);
if ($doCheck) if ($doCheck) // See if ban required (formerly the checkibr() function)
{ // See if ban required (formerly the checkibr() function) {
if($pref['autoban'] == 1 || $pref['autoban'] == 3) if($pref['autoban'] == 1 || $pref['autoban'] == 3) // Flood + Login or Login Only.
{ // Flood + Login or Login Only. {
$fails = $sql->count("generic", "(*)", "WHERE gen_ip='{$this->userIP}' AND gen_type='failed_login' "); $fails = $sql->count("generic", "(*)", "WHERE gen_ip='{$this->userIP}' AND gen_type='failed_login' ");
if($fails > 10)
$failLimit = vartrue($pref['failed_login_limit'],10);
if($fails >= $failLimit)
{ {
$time = time(); $time = time();
e107::getIPHandler()->add_ban(4,LAN_LOGIN_18,$this->userIP,1); e107::getIPHandler()->add_ban(4,LAN_LOGIN_18,$this->userIP,1);
@@ -548,7 +551,7 @@ class userlogin
} }
} }
} }
return FALSE; // Passed back to signal failed login return false; // Passed back to signal failed login
} }