makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-07-26 11:58:53 +00:00
Code Issues Projects Releases Packages Wiki Activity

Improve handling of DDoS/brute force attacks on login form.

Browse source
This commit is contained in:
Robert Korulczyk 2022-04-12 23:34:56 +02:00
parent 7a034a8c1e
commit e9247ce017
2 changed files with 20 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
phpBB/phpbb/captcha/plugins/captcha_abstract.php
View file

@ -157,7 +157,8 @@ abstract class captcha_abstract
FROM ' . CONFIRM_TABLE . ' c
LEFT JOIN ' . SESSIONS_TABLE . ' s ON (c.session_id = s.session_id)
WHERE s.session_id IS NULL' .
((empty($type)) ? '' : ' AND c.confirm_type = ' . (int) $type);
((empty($type)) ? '' : ' AND c.confirm_type = ' . (int) $type)
. ' LIMIT 100000';
$result = $db->sql_query($sql);
if ($row = $db->sql_fetchrow($result))

3
phpBB/phpbb/session.php
View file

@ -802,6 +802,8 @@ class session
unset($cookie_expire);
if ($this->data['user_id'] != ANONYMOUS)
{
$sql = 'SELECT COUNT(session_id) AS sessions
FROM ' . SESSIONS_TABLE . '
WHERE session_user_id = ' . (int) $this->data['user_id'] . '
@ -820,6 +822,7 @@ class session
$db->sql_query($sql);
}
}
}
else
{
$this->data['session_time'] = $this->data['session_last_visit'] = $this->time_now;