mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-07-28 20:40:24 +02:00
Code Issues Releases Wiki Activity

[ticket/9992] Adding a limit on login attempts per IP.

Browse Source 
A new table was created to save all failed login attempts with
corresponding information on username, ip and useragent. By default
the limit is 50 login attempts within 6 hours per IP. The limit is
relatively high to avoid big problems on sites behind a reverse
proxy that don't receive the forwarded-for value as REMOTE_ADDR but
see all users as coming from the same IP address. But if these
users run into problems a special forwarded-for option is available
to limit logins by forwarded-for value instead of ip.

PHPBB3-9992
This commit is contained in:
Nils Adermann
2011-06-10 12:02:59 +02:00
parent fc9b126691
commit 2dee57fd43
17 changed files with 343 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
phpBB/includes/auth.php
View File

@@ -908,7 +908,7 @@ class auth
$method = 'login_' . $method;
if (function_exists($method))
{
$login = $method($username, $password);
$login = $method($username, $password, $user->ip, $user->browser, $user->forwarded_for);
// If the auth module wants us to create an empty profile do so and then treat the status as LOGIN_SUCCESS
if ($login['status'] == LOGIN_SUCCESS_CREATE_PROFILE)