[geeklog-cvs] Geeklog-1.x/public_html users.php,1.160,1.161
Dirk Haun
dhaun at qs1489.pair.com
Sun Jan 20 05:20:25 EST 2008
Update of /cvsroot/geeklog/Geeklog-1.x/public_html
In directory qs1489.pair.com:/tmp/cvs-serv67724/public_html
Modified Files:
users.php
Log Message:
Added a second speedlimit for OpenID logins, in case spammers confuse the login prompt with a place to drop their spam ...
Index: users.php
===================================================================
RCS file: /cvsroot/geeklog/Geeklog-1.x/public_html/users.php,v
retrieving revision 1.160
retrieving revision 1.161
diff -C2 -d -r1.160 -r1.161
*** users.php 9 Dec 2007 18:05:39 -0000 1.160
--- users.php 20 Jan 2008 10:20:23 -0000 1.161
***************
*** 9,13 ****
// | User authentication module. |
// +---------------------------------------------------------------------------+
! // | Copyright (C) 2000-2007 by the following authors: |
// | |
// | Authors: Tony Bibbs - tony AT tonybibbs DOT com |
--- 9,13 ----
// | User authentication module. |
// +---------------------------------------------------------------------------+
! // | Copyright (C) 2000-2008 by the following authors: |
// | |
// | Authors: Tony Bibbs - tony AT tonybibbs DOT com |
***************
*** 47,52 ****
* Geeklog common function library
*/
! require_once ('lib-common.php');
! require_once ($_CONF['path_system'] . 'lib-user.php');
$VERBOSE = false;
--- 47,52 ----
* Geeklog common function library
*/
! require_once 'lib-common.php';
! require_once $_CONF['path_system'] . 'lib-user.php';
$VERBOSE = false;
***************
*** 781,784 ****
--- 781,819 ----
}
+ /**
+ * Display message after a login error
+ *
+ * @param int $msg message number for custom handler
+ * @param string $message_title title for the message box
+ * @param string $message_text text of the message box
+ * @return void function does not return!
+ *
+ */
+ function displayLoginErrorAndAbort($msg, $message_title, $message_text)
+ {
+ global $_CONF;
+
+ if ($_CONF['custom_registration'] &&
+ function_exists('CUSTOM_loginErrorHandler')) {
+ // Typically this will be used if you have a custom main site page
+ // and need to control the login process
+ $display .= CUSTOM_loginErrorHandler($msg);
+ } else {
+ $retval .= COM_siteHeader('menu', $message_title)
+ . COM_startBlock($message_title, '',
+ COM_getBlockTemplate('_msg_block', 'header'))
+ . $message_text
+ . COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'))
+ . COM_siteFooter();
+
+ header($_SERVER['SERVER_PROTOCOL'] . ' 403 Forbidden');
+ header('Status: 403 Forbidden');
+ echo $retval;
+ }
+
+ // don't return
+ exit();
+ }
+
// MAIN
***************
*** 980,996 ****
COM_clearSpeedlimit($_CONF['login_speedlimit'], 'login');
if (COM_checkSpeedlimit('login', $_CONF['login_attempts']) > 0) {
! if ($_CONF['custom_registration'] AND function_exists('CUSTOM_loginErrorHandler')) {
! // Typically this will be used if you have a custom main site page and need to control the login process
! $msg=82;
! $display .= CUSTOM_loginErrorHandler($msg);
! } else {
! $retval .= COM_siteHeader('menu', $LANG12[26])
! . COM_startBlock ($LANG12[26], '', COM_getBlockTemplate ('_msg_block', 'header'))
! . $LANG04[112]
! . COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer'))
! . COM_siteFooter ();
! echo $retval;
! exit();
! }
}
--- 1015,1019 ----
COM_clearSpeedlimit($_CONF['login_speedlimit'], 'login');
if (COM_checkSpeedlimit('login', $_CONF['login_attempts']) > 0) {
! displayLoginErrorAndAbort(82, $LANG12[26], $LANG04[112]);
}
***************
*** 1019,1025 ****
// Here we go with the handling of OpenID authentification.
require_once $_CONF['path_system'] . 'classes/openidhelper.class.php';
- $query = array_merge($_GET, $_POST);
$consumer = new SimpleConsumer();
$handler = new SimpleActionHandler($query, $consumer);
--- 1042,1059 ----
// Here we go with the handling of OpenID authentification.
+ $query = array_merge($_GET, $_POST);
+
+ if (isset($query['identity_url']) &&
+ ($query['identity_url'] != 'http://')) {
+ $property = sprintf('%x', crc32($query['identity_url']));
+ COM_clearSpeedlimit($_CONF['login_speedlimit'], 'openid');
+ if (COM_checkSpeedlimit('openid', $_CONF['login_attempts'],
+ $property) > 0) {
+ displayLoginErrorAndAbort(82, $LANG12[26], $LANG04[112]);
+ }
+ }
+
require_once $_CONF['path_system'] . 'classes/openidhelper.class.php';
$consumer = new SimpleConsumer();
$handler = new SimpleActionHandler($query, $consumer);
***************
*** 1030,1033 ****
--- 1064,1069 ----
if (!$ret) {
COM_updateSpeedlimit('login');
+ $property = sprintf('%x', crc32($query['identity_url']));
+ COM_updateSpeedlimit('openid', $property);
COM_errorLog('Unable to find an OpenID server for the identity URL ' . $identity_url);
echo COM_refresh($_CONF['site_url'] . '/users.php?msg=89');
***************
*** 1174,1194 ****
default:
// check to see if this was the last allowed attempt
! if ( COM_checkSpeedlimit('login', $_CONF['login_attempts']) > 0 ) {
! if ($_CONF['custom_registration'] AND function_exists('CUSTOM_loginErrorHandler')) {
! // Typically this will be used if you have a custom main site page and need to control the login process
! $msg = 82;
! $display .= CUSTOM_loginErrorHandler($msg);
! } else {
! $retval .= COM_siteHeader('menu', $LANG04[113])
! . COM_startBlock ($LANG04[113], '',
! COM_getBlockTemplate ('_msg_block', 'header'))
! . $LANG04[112]
! . COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer'))
! . COM_siteFooter ();
! echo $retval;
! exit();
! }
} else { // Show login form
! if( ($msg != 69) && ($msg != 70) ) {
if ($_CONF['custom_registration'] AND function_exists('CUSTOM_loginErrorHandler')) {
// Typically this will be used if you have a custom main site page and need to control the login process
--- 1210,1217 ----
default:
// check to see if this was the last allowed attempt
! if (COM_checkSpeedlimit('login', $_CONF['login_attempts']) > 0) {
! displayLoginErrorAndAbort(82, $LANG04[113], $LANG04[112]);
} else { // Show login form
! if(($msg != 69) && ($msg != 70)) {
if ($_CONF['custom_registration'] AND function_exists('CUSTOM_loginErrorHandler')) {
// Typically this will be used if you have a custom main site page and need to control the login process
More information about the geeklog-cvs
mailing list