mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-05-05 23:25:30 +02:00
Code Issues Releases Wiki Activity

Always require a fresh solved captcha, don't accept a stored solution.

Browse Source 
git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@10411 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Henry Sudhof 2010-01-17 16:46:41 +00:00
parent 9532ba3c3d
commit ef2cd7b6c9
1 changed files with 8 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
phpBB/includes/auth/auth_db.php
View File

@ -62,10 +62,11 @@ function login_db(&$username, &$password)
'user_row' => array('user_id' => ANONYMOUS),
);
}
$show_captcha = $config['max_login_attempts'] && $row['user_login_attempts'] >= $config['max_login_attempts'];
// If there are too much login attempts, we need to check for an confirm image
// Every auth module is able to define what to do by itself...
if ($config['max_login_attempts'] && $row['user_login_attempts'] >= $config['max_login_attempts'])
if ($show_captcha)
{
// Visual Confirmation handling
@ -80,6 +81,10 @@ function login_db(&$username, &$password)
'user_row' => $row,
);
}
else
{
$captcha->reset();
}
}
@ -189,8 +194,8 @@ function login_db(&$username, &$password)
// Give status about wrong password...
return array(
'status' => LOGIN_ERROR_PASSWORD,
'error_msg' => 'LOGIN_ERROR_PASSWORD',
'status' => ($show_captcha) ? LOGIN_ERROR_ATTEMPTS : LOGIN_ERROR_PASSWORD,
'error_msg' => ($show_captcha) ? 'LOGIN_ERROR_ATTEMPTS' : 'LOGIN_ERROR_PASSWORD',
'user_row' => $row,
);
}