diff options
| author | artem <artem@97f52cf1-0a1b-0410-bd0e-c28be96e8082> | 2008-06-17 13:51:42 +0000 |
|---|---|---|
| committer | artem <artem@97f52cf1-0a1b-0410-bd0e-c28be96e8082> | 2008-06-17 13:51:42 +0000 |
| commit | 717eb6f9ed27471f3213d188d29bd267ff726a0f (patch) | |
| tree | de1b3ce21891d1ce5d50e7762a6acf5270acdb47 /frontends/php/index.php | |
| parent | 184117d744e0a9c98e31ae94cfc3bca0e66e4b50 (diff) | |
| download | zabbix-717eb6f9ed27471f3213d188d29bd267ff726a0f.tar.gz zabbix-717eb6f9ed27471f3213d188d29bd267ff726a0f.tar.xz zabbix-717eb6f9ed27471f3213d188d29bd267ff726a0f.zip | |
- [DEV-178] fixes to permission scheme in DM setup (Artem)
- [DEV-153] changes in brute force blocking scheme (Artem)
git-svn-id: svn://svn.zabbix.com/trunk@5775 97f52cf1-0a1b-0410-bd0e-c28be96e8082
Diffstat (limited to 'frontends/php/index.php')
| -rw-r--r-- | frontends/php/index.php | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/frontends/php/index.php b/frontends/php/index.php index 831dba6d..1dc8bdd1 100644 --- a/frontends/php/index.php +++ b/frontends/php/index.php @@ -76,14 +76,20 @@ $sql = 'SELECT u.userid,u.attempt_failed, u.attempt_clock, u.attempt_ip '. ' FROM users u '. - ' WHERE u.alias='.zbx_dbstr($name). - ' AND ( attempt_failed<'.ZBX_LOGIN_ATTEMPTS. - ' OR (attempt_failed>'.(ZBX_LOGIN_ATTEMPTS-1). - ' AND ('.time().'-attempt_clock)>'.ZBX_LOGIN_BLOCK.'))'; + ' WHERE u.alias='.zbx_dbstr($name); + +//SQL to BLOCK attempts +// .' AND ( attempt_failed<'.ZBX_LOGIN_ATTEMPTS. +// ' OR (attempt_failed>'.(ZBX_LOGIN_ATTEMPTS-1). +// ' AND ('.time().'-attempt_clock)>'.ZBX_LOGIN_BLOCK.'))'; $login = $attempt = DBfetch(DBselect($sql)); if($login){ + if($login['attempt_failed'] >= ZBX_LOGIN_ATTEMPTS){ + sleep(ZBX_LOGIN_BLOCK); + } + switch($config['authentication_type']){ case ZBX_AUTH_LDAP: $login = ldap_authentication($name,get_request('password','')); |