mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-07-30 13:30:25 +02:00
Code Issues Releases Wiki Activity

[ticket/9992] Adding a limit on login attempts per IP.

Browse Source 
A new table was created to save all failed login attempts with
corresponding information on username, ip and useragent. By default
the limit is 50 login attempts within 6 hours per IP. The limit is
relatively high to avoid big problems on sites behind a reverse
proxy that don't receive the forwarded-for value as REMOTE_ADDR but
see all users as coming from the same IP address. But if these
users run into problems a special forwarded-for option is available
to limit logins by forwarded-for value instead of ip.

PHPBB3-9992
This commit is contained in:
Nils Adermann
2011-06-10 12:02:59 +02:00
parent fc9b126691
commit 2dee57fd43
17 changed files with 343 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
phpBB/includes/session.php
View File

@@ -1005,6 +1005,10 @@ class session
include($phpbb_root_path . "includes/captcha/captcha_factory." . $phpEx);
}
phpbb_captcha_factory::garbage_collect($config['captcha_plugin']);
$sql = 'DELETE FROM ' . LOGIN_ATTEMPT_TABLE . '
WHERE attempt_time < ' . (time() - (int) $config['ip_login_limit_time']);
$db->sql_query($sql);
}
return;