From ec43f191d24dd3cf181061cbf4582029dcdca399 Mon Sep 17 00:00:00 2001
From: artem <artem@97f52cf1-0a1b-0410-bd0e-c28be96e8082>
Date: Tue, 29 Apr 2008 11:52:36 +0000
Subject:  - [DEV-153] added protection against brute force attack (Artem)

git-svn-id: svn://svn.zabbix.com/trunk@5666 97f52cf1-0a1b-0410-bd0e-c28be96e8082
---
 frontends/php/include/perm.inc.php | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'frontends/php/include/perm.inc.php')

diff --git a/frontends/php/include/perm.inc.php b/frontends/php/include/perm.inc.php
index c0692cf4..5cf3ae64 100644
--- a/frontends/php/include/perm.inc.php
+++ b/frontends/php/include/perm.inc.php
@@ -53,9 +53,14 @@
 							' AND s.userid=u.userid'.
 							' AND ((s.lastaccess+u.autologout>'.time().') OR (u.autologout=0))'.
 							' AND '.DBin_node('u.userid', $ZBX_LOCALNODEID)));
+
 			if(!$USER_DETAILS){
 				$incorect_session = true;
 			}
+			else if($login['attempt_failed']){
+				error('There was ['.$login['attempt_failed'].'] failed attempts to Login from ['.$login['attempt_ip'].'] at ['.date('d.m.Y H:nn',$login['attempt_clock']).'] o\'clock!');
+				DBexecute('UPDATE users SET attempt_failed=0 WHERE userid='.zbx_dbstr($login['userid']));
+			}
 		}
 		
 		if(!$USER_DETAILS){
-- 
cgit