[geeklog-cvs] Geeklog-1.x/system lib-webservices.php,1.17,1.18

Dirk Haun dhaun at qs1489.pair.com
Sun Nov 18 13:48:05 EST 2007 

Update of /cvsroot/geeklog/Geeklog-1.x/system
In directory qs1489.pair.com:/tmp/cvs-serv59876

Modified Files:
	lib-webservices.php 
Log Message:
Implemented speedlimit


Index: lib-webservices.php
===================================================================
RCS file: /cvsroot/geeklog/Geeklog-1.x/system/lib-webservices.php,v
retrieving revision 1.17
retrieving revision 1.18
diff -C2 -d -r1.17 -r1.18
*** lib-webservices.php	18 Nov 2007 09:28:31 -0000	1.17
--- lib-webservices.php	18 Nov 2007 18:48:03 -0000	1.18
***************
*** 648,656 ****
  function WS_authenticate()
  {
!     global $_USER, $_GROUPS, $_RIGHTS, $WS_VERBOSE;
  
      $uid = '';
!     
      $status = -1;
      if (isset($_SERVER['PHP_AUTH_USER'])) {
          $username = $_SERVER['PHP_AUTH_USER'];
--- 648,659 ----
  function WS_authenticate()
  {
!     global $_CONF, $_USER, $_GROUPS, $_RIGHTS, $WS_VERBOSE;
  
      $uid = '';
!     $username = '';
!     $password = '';
! 
      $status = -1;
+ 
      if (isset($_SERVER['PHP_AUTH_USER'])) {
          $username = $_SERVER['PHP_AUTH_USER'];
***************
*** 660,665 ****
              COM_errorLog("WS: Attempting to log in user '$username'");
          }
- 
-         $status = SEC_authenticate($username, $password, $uid);
      } elseif (!empty($_REQUEST['gl_auth_header'])) {
          /* PHP installed as CGI may not have access to authorization headers of
--- 663,666 ----
***************
*** 674,679 ****
              COM_errorLog("WS: Attempting to log in user '$username' (via gl_auth_header)");
          }
- 
-         $status = SEC_authenticate($username, $password, $uid);
      } else {
          if ($WS_VERBOSE) {
--- 675,678 ----
***************
*** 684,687 ****
--- 683,693 ----
      }
  
+     COM_clearSpeedlimit($_CONF['login_speedlimit'], 'login');
+     if (COM_checkSpeedlimit('login', $_CONF['login_attempts']) > 0) {
+         WS_error(PLG_RET_PERMISSION_DENIED, 'Speed Limit exceeded');
+     }
+ 
+     $status = SEC_authenticate($username, $password, $uid);
+ 
      if ($status == USER_ACCOUNT_ACTIVE) {
          $_USER = SESS_getUserDataFromId($uid);
***************
*** 692,695 ****
--- 698,702 ----
          }
      } else {
+         COM_updateSpeedlimit('login');
          WS_error(PLG_RET_AUTH_FAILED);
      }

More information about the geeklog-cvs mailing list