[geeklog-cvs] Geeklog-1.x/system lib-webservices.php,1.17,1.18
Dirk Haun
dhaun at qs1489.pair.com
Sun Nov 18 13:48:05 EST 2007
Update of /cvsroot/geeklog/Geeklog-1.x/system
In directory qs1489.pair.com:/tmp/cvs-serv59876
Modified Files:
lib-webservices.php
Log Message:
Implemented speedlimit
Index: lib-webservices.php
===================================================================
RCS file: /cvsroot/geeklog/Geeklog-1.x/system/lib-webservices.php,v
retrieving revision 1.17
retrieving revision 1.18
diff -C2 -d -r1.17 -r1.18
*** lib-webservices.php 18 Nov 2007 09:28:31 -0000 1.17
--- lib-webservices.php 18 Nov 2007 18:48:03 -0000 1.18
***************
*** 648,656 ****
function WS_authenticate()
{
! global $_USER, $_GROUPS, $_RIGHTS, $WS_VERBOSE;
$uid = '';
!
$status = -1;
if (isset($_SERVER['PHP_AUTH_USER'])) {
$username = $_SERVER['PHP_AUTH_USER'];
--- 648,659 ----
function WS_authenticate()
{
! global $_CONF, $_USER, $_GROUPS, $_RIGHTS, $WS_VERBOSE;
$uid = '';
! $username = '';
! $password = '';
!
$status = -1;
+
if (isset($_SERVER['PHP_AUTH_USER'])) {
$username = $_SERVER['PHP_AUTH_USER'];
***************
*** 660,665 ****
COM_errorLog("WS: Attempting to log in user '$username'");
}
-
- $status = SEC_authenticate($username, $password, $uid);
} elseif (!empty($_REQUEST['gl_auth_header'])) {
/* PHP installed as CGI may not have access to authorization headers of
--- 663,666 ----
***************
*** 674,679 ****
COM_errorLog("WS: Attempting to log in user '$username' (via gl_auth_header)");
}
-
- $status = SEC_authenticate($username, $password, $uid);
} else {
if ($WS_VERBOSE) {
--- 675,678 ----
***************
*** 684,687 ****
--- 683,693 ----
}
+ COM_clearSpeedlimit($_CONF['login_speedlimit'], 'login');
+ if (COM_checkSpeedlimit('login', $_CONF['login_attempts']) > 0) {
+ WS_error(PLG_RET_PERMISSION_DENIED, 'Speed Limit exceeded');
+ }
+
+ $status = SEC_authenticate($username, $password, $uid);
+
if ($status == USER_ACCOUNT_ACTIVE) {
$_USER = SESS_getUserDataFromId($uid);
***************
*** 692,695 ****
--- 698,702 ----
}
} else {
+ COM_updateSpeedlimit('login');
WS_error(PLG_RET_AUTH_FAILED);
}
More information about the geeklog-cvs
mailing list