mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-08-09 10:16:36 +02:00
Code Issues Releases Wiki Activity

[ticket/9992] Adding a limit on login attempts per IP.

Browse Source 
A new table was created to save all failed login attempts with
corresponding information on username, ip and useragent. By default
the limit is 50 login attempts within 6 hours per IP. The limit is
relatively high to avoid big problems on sites behind a reverse
proxy that don't receive the forwarded-for value as REMOTE_ADDR but
see all users as coming from the same IP address. But if these
users run into problems a special forwarded-for option is available
to limit logins by forwarded-for value instead of ip.

PHPBB3-9992
This commit is contained in:
Nils Adermann
2011-06-10 12:02:59 +02:00
parent fc9b126691
commit 2dee57fd43
17 changed files with 343 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
phpBB/install/schemas/firebird_schema.sql
View File

@@ -1,5 +1,5 @@
#
# $Id$
# $Id: $
#
@@ -545,6 +545,36 @@ BEGIN
END;;
# Table: 'phpbb_login_attempts'
CREATE TABLE phpbb_login_attempts (
attempt_id INTEGER NOT NULL,
attempt_ip VARCHAR(40) CHARACTER SET NONE DEFAULT '' NOT NULL,
attempt_browser VARCHAR(150) CHARACTER SET NONE DEFAULT '' NOT NULL,
attempt_forwarded_for VARCHAR(255) CHARACTER SET NONE DEFAULT '' NOT NULL,
attempt_time INTEGER DEFAULT 0 NOT NULL,
user_id INTEGER DEFAULT 0 NOT NULL,
username VARCHAR(255) CHARACTER SET UTF8 DEFAULT 0 NOT NULL COLLATE UNICODE,
username_clean VARCHAR(255) CHARACTER SET UTF8 DEFAULT 0 NOT NULL COLLATE UNICODE
);;
ALTER TABLE phpbb_login_attempts ADD PRIMARY KEY (attempt_id);;
CREATE INDEX phpbb_login_attempts_attempt_ip ON phpbb_login_attempts(attempt_ip, attempt_time);;
CREATE INDEX phpbb_login_attempts_attempt_forwarded_for ON phpbb_login_attempts(attempt_forwarded_for, attempt_time);;
CREATE INDEX phpbb_login_attempts_attempt_time ON phpbb_login_attempts(attempt_time);;
CREATE INDEX phpbb_login_attempts_user_id ON phpbb_login_attempts(user_id);;
CREATE GENERATOR phpbb_login_attempts_gen;;
SET GENERATOR phpbb_login_attempts_gen TO 0;;
CREATE TRIGGER t_phpbb_login_attempts FOR phpbb_login_attempts
BEFORE INSERT
AS
BEGIN
NEW.attempt_id = GEN_ID(phpbb_login_attempts_gen, 1);
END;;
# Table: 'phpbb_moderator_cache'
CREATE TABLE phpbb_moderator_cache (
forum_id INTEGER DEFAULT 0 NOT NULL,