mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-08-10 18:54:08 +02:00
Code Issues Releases Wiki Activity

implemented maximum login attempts feature to prevent dictionary attacks

Browse Source 
git-svn-id: file:///svn/phpbb/branches/phpBB-2_0_0@5392 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Meik Sievertsen
2005-12-29 11:51:13 +00:00
parent d63c1ddf2b
commit aa3bcbaccf
18 changed files with 143 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
phpBB/install/update_to_latest.php
View File

@@ -584,6 +584,48 @@ switch ($row['config_value'])
break;
}
case '.0.18':
// Add login columns to user table
switch (SQL_LAYER)
{
case 'mysql':
case 'mysql4':
$sql[] = "ALTER TABLE " . USERS_TABLE . "
ADD COLUMN user_login_tries smallint(5) UNSIGNED DEFAULT '0' NOT NULL";
$sql[] = "ALTER TABLE " . USERS_TABLE . "
ADD COLUMN user_last_login_try int(11) DEFAULT '0' NOT NULL";
break;
case 'postgresql':
$sql[] = "ALTER TABLE " . USERS_TABLE . "
ADD COLUMN user_login_tries int2";
$sql[] = "ALTER TABLE " . USERS_TABLE . "
ALTER COLUMN user_login_tries SET DEFAULT '0'";
$sql[] = "ALTER TABLE " . USERS_TABLE . "
ADD COLUMN user_last_login_try int4";
$sql[] = "ALTER TABLE " . USERS_TABLE . "
ALTER COLUMN user_last_login_try SET DEFAULT '0'";
break;
case 'mssql-odbc':
case 'mssql':
$sql[] = "ALTER TABLE " . USERS_TABLE . " ADD
user_login_tries smallint NOT NULL,
CONSTRAINT [DF_" . $table_prefix . "users_user_login_tries] DEFAULT (0) FOR [user_login_tries]";
$sql[] = "ALTER TABLE " . USERS_TABLE . " ADD
user_last_login_try int NOT NULL,
CONSTRAINT [DF_" . $table_prefix . "users_user_last_login_try] DEFAULT (0) FOR [user_last_login_try]";
break;
case 'msaccess':
$sql[] = "ALTER TABLE " . USERS_TABLE . " ADD
user_login_tries smallint NOT NULL";
$sql[] = "ALTER TABLE " . USERS_TABLE . " ADD
user_last_login_try int NOT NULL";
break;
}
break;
}
@@ -1002,6 +1044,17 @@ switch ($row['config_value'])
// We reset those having autologin enabled and forcing the re-assignment of a session id
$sql = 'DELETE FROM ' . SESSIONS_TABLE;
_sql($sql, $errored, $error_ary);
case '.0.18':
$sql = 'INSERT INTO ' . CONFIG_TABLE . " (config_name, config_value)
VALUES ('max_login_attempts', '5')";
_sql($sql, $errored, $error_ary);
$sql = 'INSERT INTO ' . CONFIG_TABLE . " (config_name, config_value)
VALUES ('login_reset_time', '30')";
_sql($sql, $errored, $error_ary);
break;
default: