735 else |
735 else |
736 $lockout_data = array( |
736 $lockout_data = array( |
737 'lockout_policy' => 'disable' |
737 'lockout_policy' => 'disable' |
738 ); |
738 ); |
739 |
739 |
740 if ( $lockout_data['lockout_policy'] != 'disable' && !defined('IN_ENANO_INSTALL') ) |
740 if ( $lockout_data['policy'] != 'disable' && !defined('IN_ENANO_INSTALL') ) |
741 { |
741 { |
742 $ipaddr = $db->escape($_SERVER['REMOTE_ADDR']); |
742 $ipaddr = $db->escape($_SERVER['REMOTE_ADDR']); |
743 // increment fail count |
743 // increment fail count |
744 $this->sql('INSERT INTO '.table_prefix.'lockout(ipaddr, timestamp, action) VALUES(\'' . $ipaddr . '\', ' . time() . ', \'credential\');'); |
744 $this->sql('INSERT INTO '.table_prefix.'lockout(ipaddr, timestamp, action, username) VALUES(\'' . $ipaddr . '\', ' . time() . ', \'credential\', \'' . $db->escape($username) . '\');'); |
745 $lockout_data['lockout_fails']++; |
745 $lockout_data['fails']++; |
746 return array( |
746 return array( |
747 'success' => false, |
747 'success' => false, |
748 'error' => ( $lockout_data['lockout_fails'] >= $lockout_data['lockout_threshold'] ) ? 'locked_out' : 'invalid_credentials', |
748 'error' => ( $lockout_data['fails'] >= $lockout_data['threshold'] ) ? 'locked_out' : 'invalid_credentials', |
749 'lockout_threshold' => $lockout_data['lockout_threshold'], |
749 'lockout_threshold' => $lockout_data['threshold'], |
750 'lockout_duration' => ( $lockout_data['lockout_duration'] ), |
750 'lockout_duration' => ( $lockout_data['duration'] ), |
751 'lockout_fails' => $lockout_data['lockout_fails'], |
751 'lockout_fails' => $lockout_data['fails'], |
752 'lockout_policy' => $lockout_data['lockout_policy'] |
752 'lockout_policy' => $lockout_data['policy'] |
753 ); |
753 ); |
754 } |
754 } |
755 |
755 |
756 return array( |
756 return array( |
757 'success' => false, |
757 'success' => false, |
864 // Do we also need to increment the lockout countdown? |
864 // Do we also need to increment the lockout countdown? |
865 if ( !defined('IN_ENANO_INSTALL') && getConfig('lockout_policy', 'lockout') !== 'disable' ) |
865 if ( !defined('IN_ENANO_INSTALL') && getConfig('lockout_policy', 'lockout') !== 'disable' ) |
866 { |
866 { |
867 $ipaddr = $db->escape($_SERVER['REMOTE_ADDR']); |
867 $ipaddr = $db->escape($_SERVER['REMOTE_ADDR']); |
868 // increment fail count |
868 // increment fail count |
869 $this->sql('INSERT INTO '.table_prefix.'lockout(ipaddr, timestamp, action) VALUES(\'' . $ipaddr . '\', ' . time() . ', \'credential\');'); |
869 $this->sql('INSERT INTO '.table_prefix.'lockout(ipaddr, timestamp, action) VALUES(\'' . $ipaddr . '\', ' . time() . ', \'credential\', \'' . $db->escape($username) . '\');'); |
870 } |
870 } |
871 |
871 |
872 return array( |
872 return array( |
873 'success' => false, |
873 'success' => false, |
874 'error' => 'invalid_credentials' |
874 'error' => 'invalid_credentials' |
979 |
979 |
980 // Sanity check |
980 // Sanity check |
981 if(!is_int($user_id)) |
981 if(!is_int($user_id)) |
982 die('Somehow an SQL injection attempt crawled into our session registrar! (1)'); |
982 die('Somehow an SQL injection attempt crawled into our session registrar! (1)'); |
983 if(!is_int($level)) |
983 if(!is_int($level)) |
984 die('Somehow an SQL injection attempt crawled into our session registrar! (2)'); |
984 die(var_dump($level) . '<br />Somehow an SQL injection attempt crawled into our session registrar! (2)'); |
985 |
985 |
986 // Update RAM |
986 // Update RAM |
987 $this->user_id = $user_id; |
987 $this->user_id = $user_id; |
988 $this->user_level = max(array($this->user_level, $level)); |
988 $this->user_level = max(array($this->user_level, $level)); |
989 |
989 |