From ec43f191d24dd3cf181061cbf4582029dcdca399 Mon Sep 17 00:00:00 2001
From: artem <artem@97f52cf1-0a1b-0410-bd0e-c28be96e8082>
Date: Tue, 29 Apr 2008 11:52:36 +0000
Subject:  - [DEV-153] added protection against brute force attack (Artem)

git-svn-id: svn://svn.zabbix.com/trunk@5666 97f52cf1-0a1b-0410-bd0e-c28be96e8082
---
 frontends/php/include/config.inc.php  | 2 +-
 frontends/php/include/defines.inc.php | 3 +++
 frontends/php/include/perm.inc.php    | 5 +++++
 3 files changed, 9 insertions(+), 1 deletion(-)

(limited to 'frontends/php/include')

diff --git a/frontends/php/include/config.inc.php b/frontends/php/include/config.inc.php
index ae183ae4..024358ef 100644
--- a/frontends/php/include/config.inc.php
+++ b/frontends/php/include/config.inc.php
@@ -105,7 +105,7 @@ function TODO($msg) { echo "TODO: ".$msg.SBR; }  // DEBUG INFO!!!
 	
 	if(defined('ZBX_DENY_GUI_ACCESS')){
 		if(isset($ZBX_GUI_ACCESS_IP_RANGE) && is_array($ZBX_GUI_ACCESS_IP_RANGE)){
-			$user_ip = (isset($_SERVER['HTTP_X_FORWARDED_FOR']) && !empty($_SERVER['HTTP_X_FORWARDED_FOR']))?($_SERVER['HTTP_X_FORWARDED_FOR']):($_SERVER['REMOTE_ADDR']);			
+			$user_ip = (isset($_SERVER['HTTP_X_FORWARDED_FOR']) && !empty($_SERVER['HTTP_X_FORWARDED_FOR']))?($_SERVER['HTTP_X_FORWARDED_FOR']):($_SERVER['REMOTE_ADDR']);	
 			if(!str_in_array($user_ip,$ZBX_GUI_ACCESS_IP_RANGE)) $DENY_GUI = TRUE;
 		}
 		else{
diff --git a/frontends/php/include/defines.inc.php b/frontends/php/include/defines.inc.php
index 728288b1..571386fb 100644
--- a/frontends/php/include/defines.inc.php
+++ b/frontends/php/include/defines.inc.php
@@ -27,6 +27,9 @@
 	define('PAGE_TYPE_XML',			2);
 	define('PAGE_TYPE_JS',			3);	//javascript
 	define('PAGE_TYPE_HTML_BLOCK',	4);	//simple block of html (as text)
+	
+	define('ZBX_LOGIN_ATTEMPTS', 5);
+	define('ZBX_LOGIN_BLOCK', 180);
 
 	define('T_ZBX_STR',			0);
 	define('T_ZBX_INT',			1);
diff --git a/frontends/php/include/perm.inc.php b/frontends/php/include/perm.inc.php
index c0692cf4..5cf3ae64 100644
--- a/frontends/php/include/perm.inc.php
+++ b/frontends/php/include/perm.inc.php
@@ -53,9 +53,14 @@
 							' AND s.userid=u.userid'.
 							' AND ((s.lastaccess+u.autologout>'.time().') OR (u.autologout=0))'.
 							' AND '.DBin_node('u.userid', $ZBX_LOCALNODEID)));
+
 			if(!$USER_DETAILS){
 				$incorect_session = true;
 			}
+			else if($login['attempt_failed']){
+				error('There was ['.$login['attempt_failed'].'] failed attempts to Login from ['.$login['attempt_ip'].'] at ['.date('d.m.Y H:nn',$login['attempt_clock']).'] o\'clock!');
+				DBexecute('UPDATE users SET attempt_failed=0 WHERE userid='.zbx_dbstr($login['userid']));
+			}
 		}
 		
 		if(!$USER_DETAILS){
-- 
cgit