mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-04 13:35:13 +02:00
Code Issues Releases Wiki Activity

Some changes to the checks on login attempts:

Browse Source 
- handling reauthentication to the ACP
- handling inactive users


git-svn-id: file:///svn/phpbb/branches/phpBB-2_0_0@5445 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Graham Eames 2006-01-13 19:29:50 +00:00
parent 6dbe925952
commit e80684acca
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
phpBB/login.php
View File

@ -82,7 +82,7 @@ if( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) || isset($
// Check to see if user is allowed to login again... if his tries are exceeded // Check to see if user is allowed to login again... if his tries are exceeded
if ($row['user_last_login_try'] && $board_config['login_reset_time'] && $board_config['max_login_attempts'] && if ($row['user_last_login_try'] && $board_config['login_reset_time'] && $board_config['max_login_attempts'] &&
$row['user_last_login_try'] >= (time() - ($board_config['login_reset_time'] * 60)) && $row['user_login_tries'] >= $board_config['max_login_attempts']) $row['user_last_login_try'] >= (time() - ($board_config['login_reset_time'] * 60)) && $row['user_login_tries'] >= $board_config['max_login_attempts'] && $userdata['user_level'] == ADMIN)
{ {
message_die(GENERAL_MESSAGE, sprintf($lang['Login_attempts_exceeded'], $board_config['max_login_attempts'], $board_config['login_reset_time'])); message_die(GENERAL_MESSAGE, sprintf($lang['Login_attempts_exceeded'], $board_config['max_login_attempts'], $board_config['login_reset_time']));
} }
@ -107,7 +107,8 @@ if( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) || isset($
message_die(CRITICAL_ERROR, "Couldn't start session : login", "", __LINE__, __FILE__); message_die(CRITICAL_ERROR, "Couldn't start session : login", "", __LINE__, __FILE__);
} }
} }
else // Only store a failed login attempt for an active user - inactive users can't login even with a correct password
elseif( $row['user_active'] )
{ {
// Save login tries and last login // Save login tries and last login
if ($row['user_id'] != ANONYMOUS) if ($row['user_id'] != ANONYMOUS)