[ticket/9992] Adding a limit on login attempts per IP.

A new table was created to save all failed login attempts with
corresponding information on username, ip and useragent. By default
the limit is 50 login attempts within 6 hours per IP. The limit is
relatively high to avoid big problems on sites behind a reverse
proxy that don't receive the forwarded-for value as REMOTE_ADDR but
see all users as coming from the same IP address. But if these
users run into problems a special forwarded-for option is available
to limit logins by forwarded-for value instead of ip.

PHPBB3-9992

phpBB/install/schemas/mssql_schema.sql

@@ -1,6 +1,6 @@
 /*
 
- $Id$
+ $Id: $
 
 */
 
@@ -649,6 +649,41 @@ CREATE  INDEX [user_id] ON [phpbb_log]([user_id]) ON [PRIMARY]
 GO
 
 
+/*
+	Table: 'phpbb_login_attempts'
+*/
+CREATE TABLE [phpbb_login_attempts] (
+	[attempt_id] [int] IDENTITY (1, 1) NOT NULL ,
+	[attempt_ip] [varchar] (40) DEFAULT ('') NOT NULL ,
+	[attempt_browser] [varchar] (150) DEFAULT ('') NOT NULL ,
+	[attempt_forwarded_for] [varchar] (255) DEFAULT ('') NOT NULL ,
+	[attempt_time] [int] DEFAULT (0) NOT NULL ,
+	[user_id] [int] DEFAULT (0) NOT NULL ,
+	[username] [varchar] (255) DEFAULT (0) NOT NULL ,
+	[username_clean] [varchar] (255) DEFAULT (0) NOT NULL 
+) ON [PRIMARY]
+GO
+
+ALTER TABLE [phpbb_login_attempts] WITH NOCHECK ADD 
+	CONSTRAINT [PK_phpbb_login_attempts] PRIMARY KEY  CLUSTERED 
+	(
+		[attempt_id]
+	)  ON [PRIMARY] 
+GO
+
+CREATE  INDEX [attempt_ip] ON [phpbb_login_attempts]([attempt_ip], [attempt_time]) ON [PRIMARY]
+GO
+
+CREATE  INDEX [attempt_forwarded_for] ON [phpbb_login_attempts]([attempt_forwarded_for], [attempt_time]) ON [PRIMARY]
+GO
+
+CREATE  INDEX [attempt_time] ON [phpbb_login_attempts]([attempt_time]) ON [PRIMARY]
+GO
+
+CREATE  INDEX [user_id] ON [phpbb_login_attempts]([user_id]) ON [PRIMARY]
+GO
+
+
 /*
 	Table: 'phpbb_moderator_cache'
 */
@@ -1730,3 +1765,4 @@ ALTER TABLE [phpbb_zebra] WITH NOCHECK ADD
 	)  ON [PRIMARY] 
 GO
 
+