mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-07-31 14:00:31 +02:00
Code Issues Releases Wiki Activity

Merge branch 'develop-olympus' into develop

Browse Source 
* develop-olympus:
  [ticket/7332] Fix post details expand link rendering on Webkit.
  [ticket/9162] Prevent notice on unset poll title
  [ticket/7417] Also focus search keywords and username in subsilver2.
  [ticket/7417] Focus username field when prosilver login page is loaded.
  [ticket/7417] Focus search keywords field when prosilver search page is loaded.
  [ticket/9841] Change "Save" to "Save draft", "Load" to "Load draft".
  [ticket/9664] Resolve conflict with accesskey="t", change addlitsitem to "y".
  [ticket/7538] Limit user_login_attempts to prevent SQL errors.
  [ticket/9848] Add avatars, attachments and store files to .gitignore.
  [ticket/9822] Correct some style related ACP explain statements.
  [ticket/9698] Add .htaccess to the includes subdirectory.
  [ticket/9830] Redirect to install directly when config.php does not exist.
  [ticket/9816] Remove config.php from repository
  [ticket/9810] Hide "Select All" of code bbcode on print page
This commit is contained in:
Igor Wiedler
2010-10-17 21:47:04 +02:00
parent 6e5e22961a 642f940bc8
commit d753a02ec0
20 changed files with 90 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
phpBB/includes/.htaccess Normal file
View File

@@ -0,0 +1,4 @@
<Files *>
Order Allow,Deny
Deny from All
</Files>

6
phpBB/includes/auth/auth_db.php
View File

@@ -134,7 +134,8 @@ function login_db(&$username, &$password)
// increase login attempt count to make sure this cannot be exploited
$sql = 'UPDATE ' . USERS_TABLE . '
SET user_login_attempts = user_login_attempts + 1
WHERE user_id = ' . $row['user_id'];
WHERE user_id = ' . (int) $row['user_id'] . '
AND user_login_attempts < ' . LOGIN_ATTEMPTS_MAX;
$db->sql_query($sql);
return array(
@@ -194,7 +195,8 @@ function login_db(&$username, &$password)
// Password incorrect - increase login attempts
$sql = 'UPDATE ' . USERS_TABLE . '
SET user_login_attempts = user_login_attempts + 1
WHERE user_id = ' . $row['user_id'];
WHERE user_id = ' . (int) $row['user_id'] . '
AND user_login_attempts < ' . LOGIN_ATTEMPTS_MAX;
$db->sql_query($sql);
// Give status about wrong password...

4
phpBB/includes/constants.php
View File

@@ -69,6 +69,10 @@ define('LOGIN_ERROR_ATTEMPTS', 13);
define('LOGIN_ERROR_EXTERNAL_AUTH', 14);
define('LOGIN_ERROR_PASSWORD_CONVERT', 15);
// Maximum login attempts
// The value is arbitrary, but it has to fit into the user_login_attempts field.
define('LOGIN_ATTEMPTS_MAX', 100);
// Group settings
define('GROUP_OPEN', 0);
define('GROUP_CLOSED', 1);