diff -r da0f2a76add5 -r 586fd7d3202d includes/sessions.php --- a/includes/sessions.php Mon Mar 17 09:47:19 2008 -0400 +++ b/includes/sessions.php Tue Mar 18 14:32:40 2008 -0400 @@ -2,7 +2,7 @@ /* * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between - * Version 1.1.2 (Caoineag alpha 2) + * Version 1.1.3 (Caoineag alpha 3) * Copyright (C) 2006-2007 Dan Fuhry * sessions.php - everything related to security and user management * @@ -864,20 +864,22 @@ $duration = ( $_ = getConfig('lockout_duration') ) ? intval($_) : 15; // convert to minutes $duration = $duration * 60; + $policy = ( $x = getConfig('lockout_policy') && in_array(getConfig('lockout_policy'), array('lockout', 'disable', 'captcha')) ) ? getConfig('lockout_policy') : 'lockout'; - // get the lockout status $timestamp_cutoff = time() - $duration; $ipaddr = $db->escape($_SERVER['REMOTE_ADDR']); $q = $this->sql('SELECT timestamp FROM '.table_prefix.'lockout WHERE timestamp > ' . $timestamp_cutoff . ' AND ipaddr = \'' . $ipaddr . '\' ORDER BY timestamp DESC;'); $fails = $db->numrows(); - $policy = ( $x = getConfig('lockout_policy') && in_array(getConfig('lockout_policy'), array('lockout', 'disable', 'captcha')) ) ? getConfig('lockout_policy') : 'lockout'; $captcha_good = false; if ( $policy == 'captcha' && $captcha_hash && $captcha_code ) { // policy is captcha -- check if it's correct, and if so, bypass lockout check $real_code = $this->get_captcha($captcha_hash); - $captcha_good = ( strtolower($real_code) === strtolower($captcha_code) ); + if ( strtolower($real_code) === strtolower($captcha_code) ) + { + $captcha_good = true; + } } if ( $policy != 'disable' && !$captcha_good ) { @@ -2926,38 +2928,86 @@ * @param string The name of the field that contains the encryption key * @param string The name of the field that will contain the encrypted password * @param string The name of the field that handles MD5 challenge data + * @param string The name of the field that tells if the server supports DiffieHellman + * @param string The name of the field with the DiffieHellman public key + * @param string The name of the field that the client should populate with its public key * @return string */ - function aes_javascript($form_name, $pw_field, $use_crypt, $crypt_key, $crypt_data, $challenge) + function aes_javascript($form_name, $pw_field, $use_crypt, $crypt_key, $crypt_data, $challenge, $dh_supported = false, $dh_pubkey = false, $dh_client_pubkey = false) { $code = '