1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
|
diff -ur phpBB2.orig/login.php phpBB2/login.php
--- phpBB2.orig/login.php 2006-06-09 16:29:42.000000000 +0200
+++ phpBB2/login.php 2006-07-03 14:17:38.000000000 +0200
@@ -57,7 +57,7 @@
$username = isset($HTTP_POST_VARS['username']) ? phpbb_clean_username($HTTP_POST_VARS['username']) : '';
$password = isset($HTTP_POST_VARS['password']) ? $HTTP_POST_VARS['password'] : '';
- $sql = "SELECT user_id, username, user_password, user_active, user_level, user_login_tries, user_last_login_try
+ $sql = "SELECT user_id, username, user_password, user_active, user_level
FROM " . USERS_TABLE . "
WHERE username = '" . str_replace("\\'", "''", $username) . "'";
if ( !($result = $db->sql_query($sql)) )
@@ -73,30 +73,12 @@
}
else
{
- // If the last login is more than x minutes ago, then reset the login tries/time
- if ($row['user_last_login_try'] && $board_config['login_reset_time'] && $row['user_last_login_try'] < (time() - ($board_config['login_reset_time'] * 60)))
- {
- $db->sql_query('UPDATE ' . USERS_TABLE . ' SET user_login_tries = 0, user_last_login_try = 0 WHERE user_id = ' . $row['user_id']);
- $row['user_last_login_try'] = $row['user_login_tries'] = 0;
- }
-
- // Check to see if user is allowed to login again... if his tries are exceeded
- if ($row['user_last_login_try'] && $board_config['login_reset_time'] && $board_config['max_login_attempts'] &&
- $row['user_last_login_try'] >= (time() - ($board_config['login_reset_time'] * 60)) && $row['user_login_tries'] >= $board_config['max_login_attempts'] && $userdata['user_level'] != ADMIN)
- {
- message_die(GENERAL_MESSAGE, sprintf($lang['Login_attempts_exceeded'], $board_config['max_login_attempts'], $board_config['login_reset_time']));
- }
-
if( md5($password) == $row['user_password'] && $row['user_active'] )
{
$autologin = ( isset($HTTP_POST_VARS['autologin']) ) ? TRUE : 0;
$admin = (isset($HTTP_POST_VARS['admin'])) ? 1 : 0;
$session_id = session_begin($row['user_id'], $user_ip, PAGE_INDEX, FALSE, $autologin, $admin);
-
- // Reset login tries
- $db->sql_query('UPDATE ' . USERS_TABLE . ' SET user_login_tries = 0, user_last_login_try = 0 WHERE user_id = ' . $row['user_id']);
-
if( $session_id )
{
$url = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : "index.$phpEx";
@@ -107,18 +89,6 @@
message_die(CRITICAL_ERROR, "Couldn't start session : login", "", __LINE__, __FILE__);
}
}
- // Only store a failed login attempt for an active user - inactive users can't login even with a correct password
- elseif( $row['user_active'] )
- {
- // Save login tries and last login
- if ($row['user_id'] != ANONYMOUS)
- {
- $sql = 'UPDATE ' . USERS_TABLE . '
- SET user_login_tries = user_login_tries + 1, user_last_login_try = ' . time() . '
- WHERE user_id = ' . $row['user_id'];
- $db->sql_query($sql);
- }
- }
$redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : '';
$redirect = str_replace('?', '&', $redirect);
|
