diff options
| author | artem <artem@97f52cf1-0a1b-0410-bd0e-c28be96e8082> | 2008-04-29 11:52:36 +0000 |
|---|---|---|
| committer | artem <artem@97f52cf1-0a1b-0410-bd0e-c28be96e8082> | 2008-04-29 11:52:36 +0000 |
| commit | ec43f191d24dd3cf181061cbf4582029dcdca399 (patch) | |
| tree | b4a72c596497ddea14668433a355a6579ff3ebc7 /frontends/php/include | |
| parent | 131500f24e0298058a33aa79ced9d01111c7b778 (diff) | |
| download | zabbix-ec43f191d24dd3cf181061cbf4582029dcdca399.tar.gz zabbix-ec43f191d24dd3cf181061cbf4582029dcdca399.tar.xz zabbix-ec43f191d24dd3cf181061cbf4582029dcdca399.zip | |
- [DEV-153] added protection against brute force attack (Artem)
git-svn-id: svn://svn.zabbix.com/trunk@5666 97f52cf1-0a1b-0410-bd0e-c28be96e8082
Diffstat (limited to 'frontends/php/include')
| -rw-r--r-- | frontends/php/include/config.inc.php | 2 | ||||
| -rw-r--r-- | frontends/php/include/defines.inc.php | 3 | ||||
| -rw-r--r-- | frontends/php/include/perm.inc.php | 5 |
3 files changed, 9 insertions, 1 deletions
diff --git a/frontends/php/include/config.inc.php b/frontends/php/include/config.inc.php index ae183ae4..024358ef 100644 --- a/frontends/php/include/config.inc.php +++ b/frontends/php/include/config.inc.php @@ -105,7 +105,7 @@ function TODO($msg) { echo "TODO: ".$msg.SBR; } // DEBUG INFO!!! if(defined('ZBX_DENY_GUI_ACCESS')){ if(isset($ZBX_GUI_ACCESS_IP_RANGE) && is_array($ZBX_GUI_ACCESS_IP_RANGE)){ - $user_ip = (isset($_SERVER['HTTP_X_FORWARDED_FOR']) && !empty($_SERVER['HTTP_X_FORWARDED_FOR']))?($_SERVER['HTTP_X_FORWARDED_FOR']):($_SERVER['REMOTE_ADDR']); + $user_ip = (isset($_SERVER['HTTP_X_FORWARDED_FOR']) && !empty($_SERVER['HTTP_X_FORWARDED_FOR']))?($_SERVER['HTTP_X_FORWARDED_FOR']):($_SERVER['REMOTE_ADDR']); if(!str_in_array($user_ip,$ZBX_GUI_ACCESS_IP_RANGE)) $DENY_GUI = TRUE; } else{ diff --git a/frontends/php/include/defines.inc.php b/frontends/php/include/defines.inc.php index 728288b1..571386fb 100644 --- a/frontends/php/include/defines.inc.php +++ b/frontends/php/include/defines.inc.php @@ -27,6 +27,9 @@ define('PAGE_TYPE_XML', 2); define('PAGE_TYPE_JS', 3); //javascript define('PAGE_TYPE_HTML_BLOCK', 4); //simple block of html (as text) + + define('ZBX_LOGIN_ATTEMPTS', 5); + define('ZBX_LOGIN_BLOCK', 180); define('T_ZBX_STR', 0); define('T_ZBX_INT', 1); diff --git a/frontends/php/include/perm.inc.php b/frontends/php/include/perm.inc.php index c0692cf4..5cf3ae64 100644 --- a/frontends/php/include/perm.inc.php +++ b/frontends/php/include/perm.inc.php @@ -53,9 +53,14 @@ ' AND s.userid=u.userid'. ' AND ((s.lastaccess+u.autologout>'.time().') OR (u.autologout=0))'. ' AND '.DBin_node('u.userid', $ZBX_LOCALNODEID))); + if(!$USER_DETAILS){ $incorect_session = true; } + else if($login['attempt_failed']){ + error('There was ['.$login['attempt_failed'].'] failed attempts to Login from ['.$login['attempt_ip'].'] at ['.date('d.m.Y H:nn',$login['attempt_clock']).'] o\'clock!'); + DBexecute('UPDATE users SET attempt_failed=0 WHERE userid='.zbx_dbstr($login['userid'])); + } } if(!$USER_DETAILS){ |