ISPConfig3 devel
parent: 3fac9871 | patch | commit | show whitespace
bpssoft
2007-11-09 3eeed9bdef1040d4f1f9343201cd8b30e21d273c 
* Added bruteforge protection into login
* Cleanup some stuff into login/index.php like globals
* Add errors to the lang files
5 files modified
1 files added
94 ■■■■ changed files
CODING_NOTES.php.txt 4 ●●● patch | view | raw | blame | history
install/sql/ispconfig3.sql 10 ●●●●● patch | view | raw | blame | history
interface/lib/classes/datasources_enbion.inc.php 2 ●●● patch | view | raw | blame | history
interface/web/login/index.php 60 ●●●● patch | view | raw | blame | history
interface/web/login/lib/lang/de.lng 1 ●●●● patch | view | raw | blame | history
interface/web/login/lib/lang/en.lng 17 ●●●●● patch | view | raw | blame | history 
 CODING_NOTES.php.txt


@@ -7,8 +7,10 @@


* error_reporting(E_ALL|E_STRICT) , yep php5


* Magic quotes is gone in php6, get used to it now. config = magic_quotes_gpc() Everything must be quoted




please mark any section that nned review or work on with


please mark any section that need review or work on with


// TODO 


* Add documentation about access levels (public, private, protected).


* Make function / var names on the following way, first word lower, next word(s) first letter upper like. getFirstResult();




Pear coding guiidelines






 install/sql/ispconfig3.sql


@@ -864,3 +864,13 @@


-- 


-- Daten für Tabelle `web_domain`


-- 




--


-- Table for attempts login 


--




CREATE TABLE `attempts_login` (


  `ip` varchar(12) NOT NULL,


  `times` tinyint(1) NOT NULL default '1',


  `login_time` timestamp NOT NULL default '0000-00-00 00:00:00'


);




 interface/lib/classes/datasources_enbion.inc.php


@@ -30,7 +30,7 @@






class datasources_enbion {



    



    function get_employees() {



    public function get_employees() {



        global $app, $conf;



        



        $out = array();





 interface/web/login/index.php


@@ -34,6 +34,15 @@




public $status = '';


private $target = '';


    private $app;


    private $conf;


	


    public function __construct()


    {


        global $app, $conf;


        $this->app  = $app;


        $this->conf = $conf;


    }




public function render() {


    


@@ -41,9 +50,8 @@


        die('HEADER_REDIRECT:'.$_SESSION['s']['module']['startpage']);


    }


    


    global $app, $conf;


    $app->uses('tpl');


    $app->tpl->newTemplate('form.tpl.htm');


        $this->app->uses('tpl');


        $this->app->tpl->newTemplate('form.tpl.htm');


    


    $error = '';    




@@ -52,15 +60,26 @@


    if(count($_POST) > 0) {




        // iporting variables


        $username = $app->db->quote($_POST['username']);


        $passwort = $app->db->quote($_POST['passwort']);


            $ip       = $this->app->db->quote(ip2long($_SERVER['REMOTE_ADDR']));


            $username = $this->app->db->quote($_POST['username']);


            $passwort = $this->app->db->quote($_POST['passwort']); 




        if($username != '' and $passwort != '') {


                //* Check if there already wrong logins


                $sql = "SELECT * FROM `attempts_login` WHERE `ip`= '{$ip}' AND  `login_time` < NOW() + INTERVAL 15 MINUTE LIMIT 1";


                $alreadyfailed = $this->app->db->queryOneRecord($sql);


                //* login to much wrong


                if($alreadyfailed['times'] > 5) {


                    $error = $this->app->lng(1004);


                } else {


                $sql = "SELECT * FROM sys_user WHERE USERNAME = '$username' and ( PASSWORT = '".md5($passwort)."' or PASSWORT = password('$passwort') )";


                $user = $app->db->queryOneRecord($sql);


                    $user = $this->app->db->queryOneRecord($sql);


                  if($user) {


                        if($user['active'] == 1) {


                                $user = $app->db->toLower($user);


                            // User login right, so attempts can be deleted


                            $sql = "DELETE FROM `attempts_login` WHERE `ip`='{$ip}'";


                            $this->app->db->query($sql);


                            $user = $this->app->db->toLower($user);


                                $_SESSION = array();


                                $_SESSION['s']['user'] = $user;


                                $_SESSION['s']['user']['theme'] = isset($user['app_theme']) ? $user['app_theme'] : 'default';


@@ -75,16 +94,27 @@


                                


                                exit;


                        } else {


                                $error = $app->lng(1003);


                            $error = $this->app->lng(1003);


                        }


                } else {


                        if(!$alreadyfailed['times'] )


                        {


                            //* user login the first time wrong


                            $sql = "INSERT INTO `attempts_login` (`ip`, `times`, `login_time`) VALUES ('{$ip}', 1, NOW())";


                            $this->app->db->query($sql);


                        } elseif($alreadyfailed['times'] >= 1) {


                            //* update times wrong


                            $sql = "UPDATE `attempts_login` SET `times`=`times`+1, `login_time`=NOW() WHERE `login_time` >= '{$time}' LIMIT 1";


                            $this->app->db->query($sql);


                        }


                        //* Incorrect login - Username and password incorrect


                        $error = $app->lng(1002);


                        if($app->db->errorMessage != '') $error .= '<br>'.$app->db->errorMessage != '';


                        $error = $this->app->lng(1002);


                        if($this->app->db->errorMessage != '') $error .= '<br />'.$this->app->db->errorMessage != '';


                       }


                }


        } else {


                //* Username or password empty


                $error = $app->lng(1001);


                $error = $this->app->lng(1001);


        }


    }


    if($error != ''){


@@ -97,13 +127,13 @@








    $app->tpl->setVar('error', $error);


    $app->tpl->setInclude('content_tpl','login/templates/index.htm');


    $app->tpl_defaults();


        $this->app->tpl->setVar('error', $error);


        $this->app->tpl->setInclude('content_tpl','login/templates/index.htm');


        $this->app->tpl_defaults();


    


    $this->status = 'OK';


    


    return $app->tpl->grab();


        return $this->app->tpl->grab();


    


} // << end function






 interface/web/login/lib/lang/de.lng


@@ -3,6 +3,7 @@


$wb[1001]    = "Username or Password empty.";


$wb[1002]    = "Username or Passwort wrong.";


$wb[1003]    = "User is blocked.";


$wb[1004]    = "To many wrong login's, Please retry it after 15 minutes";










 interface/web/login/lib/lang/en.lng


New file


@@ -0,0 +1,17 @@


<?php







$wb[1001]    = "Username or Password empty.";



$wb[1002]    = "Username or Password wrong.";



$wb[1003]    = "User is blocked.";



$wb[1004]    = "To many wrong login's, Please retry it after 15 minutes";











































?>