Changeset 30848
- Timestamp:
- Jan 4, 2015, 3:18:16 PM (9 years ago)
- Location:
- extensions/Password_Policy
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
extensions/Password_Policy/changelog.txt.php
r30698 r30848 66 66 67 67 --- 2.7.4 : Fix white page for german users (bug lexiglot) 68 69 --- 2.7.5 : Fixed - Admin and Webmaster accounts were not correctly excluded on login failure protection 70 68 71 */ 69 72 ?> -
extensions/Password_Policy/include/functions.inc.php
r27179 r30848 147 147 $conf_PP = unserialize($conf['PasswordPolicy']); 148 148 149 if ( 150 (isset($conf_PP['NBLOGFAIL']) and $conf_PP['NBLOGFAIL'] <> 0) 149 if ((isset($conf_PP['NBLOGFAIL']) and $conf_PP['NBLOGFAIL'] <> 0) 151 150 and (isset($conf_PP['LOGFAILBLOCK']) and $conf_PP['LOGFAILBLOCK'] == 'true') 152 and !is_admin()153 and !is_webmaster()154 151 ) 155 152 { 156 // If login failure then increments loginfailcount value in database 157 $query = ' 153 $query =' 154 SELECT ui.status 155 FROM '.USER_INFOS_TABLE.' AS ui 156 LEFT JOIN '.USERS_TABLE.' AS u 157 ON u.id = ui.user_id 158 WHERE(u.username = "'.stripslashes($username).'") 159 ;'; 160 $exclude = pwg_db_fetch_assoc(pwg_query($query)); 161 162 // Exclude specific accounts 163 if ($exclude['status'] <> "webmaster" and $exclude['status'] <> "admin" and $exclude['status'] <> "generic") 164 { 165 // If login failure then increments loginfailcount value in database 166 $query = ' 158 167 UPDATE '.USERS_TABLE.' 159 168 SET PP_loginfailcount = PP_loginfailcount+1 … … 161 170 LIMIT 1 162 171 ;'; 163 pwg_query($query);164 165 $query = '172 pwg_query($query); 173 174 $query = ' 166 175 SELECT PP_loginfailcount 167 176 FROM '.USERS_TABLE.' … … 169 178 ;'; 170 179 171 $datas = pwg_db_fetch_assoc(pwg_query($query));172 173 // If number of failed logon exeeds $conf_PP['NBLOGFAIL'], set the account as locked174 if (isset($datas['PP_loginfailcount']) and $datas['PP_loginfailcount'] >= $conf_PP['NBLOGFAIL'])175 {176 $query = '180 $datas = pwg_db_fetch_assoc(pwg_query($query)); 181 182 // If number of failed logon exceeds $conf_PP['NBLOGFAIL'], set the account as locked 183 if (isset($datas['PP_loginfailcount']) and $datas['PP_loginfailcount'] >= $conf_PP['NBLOGFAIL']) 184 { 185 $query = ' 177 186 UPDATE '.USERS_TABLE.' 178 187 SET PP_lock = "true" … … 180 189 LIMIT 1 181 190 ;'; 182 pwg_query($query);183 191 pwg_query($query); 192 } 184 193 } 185 194 }
Note: See TracChangeset
for help on using the changeset viewer.