From 04ce664604592623f72c12edc34994cc65a4d010 Mon Sep 17 00:00:00 2001
From: Andreas Fischer <bantu@phpbb.com>
Date: Wed, 20 Jan 2010 01:05:36 +0000
Subject: [PATCH] Trigger error right away if user has exceeded login attempts
 instead of asking for the authentication data over and over again without
 accepting it even if it is correct.

git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@10432 89ea8834-ac86-4346-8a33-228a782c2dd0
---
 phpBB/includes/functions.php | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php
index af94f3f041..823c71dbf0 100644
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@@ -4003,6 +4003,11 @@ function phpbb_http_login($param)
 		{
 			return;
 		}
+		else if ($auth_result['status'] == LOGIN_ERROR_ATTEMPTS)
+		{
+			header('HTTP/1.0 401 Unauthorized');
+			trigger_error('NOT_AUTHORISED');
+		}
 	}
 
 	// Prepend sitename to auth_message