123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771 |
- <?php
- if (!defined('SMF'))
- die('No direct access...');
- function Login()
- {
- global $txt, $context, $scripturl, $user_info;
-
- if (!empty($user_info['id']))
- redirectexit();
-
- if (WIRELESS)
- $context['sub_template'] = WIRELESS_PROTOCOL . '_login';
-
- else
- {
- loadLanguage('Login');
- loadTemplate('Login');
- $context['sub_template'] = 'login';
- }
-
- $context['page_title'] = $txt['login'];
- $context['default_username'] = &$_REQUEST['u'];
- $context['default_password'] = '';
- $context['never_expire'] = false;
-
- $context['linktree'][] = array(
- 'url' => $scripturl . '?action=login',
- 'name' => $txt['login'],
- );
-
- if (isset($_SESSION['old_url']) && strpos($_SESSION['old_url'], 'dlattach') === false && preg_match('~(board|topic)[=,]~', $_SESSION['old_url']) != 0)
- $_SESSION['login_url'] = $_SESSION['old_url'];
- else
- unset($_SESSION['login_url']);
-
- createToken('login');
- }
- function Login2()
- {
- global $txt, $scripturl, $user_info, $user_settings, $smcFunc;
- global $cookiename, $modSettings, $context, $sc, $sourcedir;
-
- require_once($sourcedir . '/Subs-Auth.php');
- if (isset($_GET['sa']) && $_GET['sa'] == 'salt' && !$user_info['is_guest'])
- {
- if (isset($_COOKIE[$cookiename]) && preg_match('~^a:[34]:\{i:0;(i:\d{1,6}|s:[1-8]:"\d{1,8}");i:1;s:(0|40):"([a-fA-F0-9]{40})?";i:2;[id]:\d{1,14};(i:3;i:\d;)?\}$~', $_COOKIE[$cookiename]) === 1)
- list (, , $timeout) = @unserialize($_COOKIE[$cookiename]);
- elseif (isset($_SESSION['login_' . $cookiename]))
- list (, , $timeout) = @unserialize($_SESSION['login_' . $cookiename]);
- else
- trigger_error('Login2(): Cannot be logged in without a session or cookie', E_USER_ERROR);
- $user_settings['password_salt'] = substr(md5(mt_rand()), 0, 4);
- updateMemberData($user_info['id'], array('password_salt' => $user_settings['password_salt']));
- setLoginCookie($timeout - time(), $user_info['id'], sha1($user_settings['passwd'] . $user_settings['password_salt']));
- redirectexit('action=login2;sa=check;member=' . $user_info['id'], $context['server']['needs_login_fix']);
- }
-
- elseif (isset($_GET['sa']) && $_GET['sa'] == 'check')
- {
-
- if ($_GET['member'] != $user_info['id'])
- fatal_lang_error('login_cookie_error', false);
- $user_info['can_mod'] = allowedTo('access_mod_center') || (!$user_info['is_guest'] && ($user_info['mod_cache']['gq'] != '0=1' || $user_info['mod_cache']['bq'] != '0=1' || ($modSettings['postmod_active'] && !empty($user_info['mod_cache']['ap']))));
- if ($user_info['can_mod'] && isset($user_settings['openid_uri']) && empty($user_settings['openid_uri']))
- {
- $_SESSION['moderate_time'] = time();
- unset($_SESSION['just_registered']);
- }
-
- if (empty($_SESSION['login_url']))
- redirectexit();
- elseif (!empty($_SESSION['login_url']) && (strpos('http://', $_SESSION['login_url']) === false && strpos('https://', $_SESSION['login_url']) === false))
- {
- unset ($_SESSION['login_url']);
- redirectexit();
- }
- else
- {
-
- $temp = $_SESSION['login_url'];
- unset($_SESSION['login_url']);
- redirectexit($temp);
- }
- }
-
- if (!$user_info['is_guest'])
- redirectexit();
-
- checkSession('post');
- $tk = validateToken('login');
- spamProtection('login');
-
- if ((empty($_SESSION['login_url']) && isset($_SESSION['old_url']) && strpos($_SESSION['old_url'], 'dlattach') === false && preg_match('~(board|topic)[=,]~', $_SESSION['old_url']) != 0) || (isset($_GET['quicklogin']) && isset($_SESSION['old_url']) && strpos($_SESSION['old_url'], 'login') === false))
- $_SESSION['login_url'] = $_SESSION['old_url'];
-
- if (isset($_SESSION['failed_login']) && $_SESSION['failed_login'] >= $modSettings['failed_login_threshold'] * 3)
- fatal_lang_error('login_threshold_fail', 'critical');
-
- if (isset($_POST['cookieneverexp']) || (!empty($_POST['cookielength']) && $_POST['cookielength'] == -1))
- $modSettings['cookieTime'] = 3153600;
- elseif (!empty($_POST['cookielength']) && ($_POST['cookielength'] >= 1 || $_POST['cookielength'] <= 525600))
- $modSettings['cookieTime'] = (int) $_POST['cookielength'];
- loadLanguage('Login');
-
- if (WIRELESS)
- $context['sub_template'] = WIRELESS_PROTOCOL . '_login';
- else
- {
- loadTemplate('Login');
- $context['sub_template'] = 'login';
- }
-
- $context['default_username'] = isset($_POST['user']) ? preg_replace('~&#(\\d{1,7}|x[0-9a-fA-F]{1,6});~', '&#\\1;', htmlspecialchars($_POST['user'])) : '';
- $context['default_password'] = '';
- $context['never_expire'] = $modSettings['cookieTime'] == 525600 || $modSettings['cookieTime'] == 3153600;
- $context['login_errors'] = array($txt['error_occured']);
- $context['page_title'] = $txt['login'];
-
- $context['linktree'][] = array(
- 'url' => $scripturl . '?action=login',
- 'name' => $txt['login'],
- );
- if (!empty($_POST['openid_identifier']) && !empty($modSettings['enableOpenID']))
- {
- require_once($sourcedir . '/Subs-OpenID.php');
- if (($open_id = smf_openID_validate($_POST['openid_identifier'])) !== 'no_data')
- return $open_id;
- }
-
- if (!isset($_POST['user']) || $_POST['user'] == '')
- {
- $context['login_errors'] = array($txt['need_username']);
- return;
- }
-
- if ((!isset($_POST['passwrd']) || $_POST['passwrd'] == '') && (!isset($_POST['hash_passwrd']) || strlen($_POST['hash_passwrd']) != 40))
- {
- $context['login_errors'] = array($txt['no_password']);
- return;
- }
-
- if (preg_match('~[<>&"\'=\\\]~', preg_replace('~(&#(\\d{1,7}|x[0-9a-fA-F]{1,6});)~', '', $_POST['user'])) != 0)
- {
- $context['login_errors'] = array($txt['error_invalid_characters_username']);
- return;
- }
-
- if (in_array('retry', call_integration_hook('integrate_validate_login', array($_POST['user'], isset($_POST['hash_passwrd']) && strlen($_POST['hash_passwrd']) == 40 ? $_POST['hash_passwrd'] : null, $modSettings['cookieTime'])), true))
- {
- $context['login_errors'] = array($txt['login_hash_error']);
- $context['disable_login_hashing'] = true;
- return;
- }
-
- $request = $smcFunc['db_query']('', '
- SELECT passwd, id_member, id_group, lngfile, is_activated, email_address, additional_groups, member_name, password_salt,
- openid_uri, passwd_flood
- FROM {db_prefix}members
- WHERE ' . ($smcFunc['db_case_sensitive'] ? 'LOWER(member_name) = LOWER({string:user_name})' : 'member_name = {string:user_name}') . '
- LIMIT 1',
- array(
- 'user_name' => $smcFunc['db_case_sensitive'] ? strtolower($_POST['user']) : $_POST['user'],
- )
- );
-
- if ($smcFunc['db_num_rows']($request) == 0 && strpos($_POST['user'], '@') !== false)
- {
- $smcFunc['db_free_result']($request);
- $request = $smcFunc['db_query']('', '
- SELECT passwd, id_member, id_group, lngfile, is_activated, email_address, additional_groups, member_name, password_salt, openid_uri,
- passwd_flood
- FROM {db_prefix}members
- WHERE email_address = {string:user_name}
- LIMIT 1',
- array(
- 'user_name' => $_POST['user'],
- )
- );
- }
-
- if ($smcFunc['db_num_rows']($request) == 0)
- {
- $context['login_errors'] = array($txt['username_no_exist']);
- return;
- }
- $user_settings = $smcFunc['db_fetch_assoc']($request);
- $smcFunc['db_free_result']($request);
-
- if (isset($_POST['hash_passwrd']) && strlen($_POST['hash_passwrd']) == 40)
- {
-
- if (strlen($user_settings['passwd']) != 40)
- {
- $context['login_errors'] = array($txt['login_hash_error']);
- $context['disable_login_hashing'] = true;
- unset($user_settings);
- return;
- }
-
- elseif ($_POST['hash_passwrd'] == sha1($user_settings['passwd'] . $sc . $tk))
- $sha_passwd = $user_settings['passwd'];
- else
- {
-
- validatePasswordFlood($user_settings['id_member'], $user_settings['passwd_flood']);
- $_SESSION['failed_login'] = isset($_SESSION['failed_login']) ? ($_SESSION['failed_login'] + 1) : 1;
- if ($_SESSION['failed_login'] >= $modSettings['failed_login_threshold'])
- redirectexit('action=reminder');
- else
- {
- log_error($txt['incorrect_password'] . ' - <span class="remove">' . $user_settings['member_name'] . '</span>', 'user');
- $context['disable_login_hashing'] = true;
- $context['login_errors'] = array($txt['incorrect_password']);
- unset($user_settings);
- return;
- }
- }
- }
- else
- $sha_passwd = sha1(strtolower($user_settings['member_name']) . un_htmlspecialchars($_POST['passwrd']));
-
- if ($user_settings['passwd'] != $sha_passwd)
- {
-
- validatePasswordFlood($user_settings['id_member'], $user_settings['passwd_flood']);
-
- $other_passwords = array();
-
- if (!empty($modSettings['enable_password_conversion']) && $user_settings['password_salt'] == '')
- {
-
- $other_passwords[] = crypt($_POST['passwrd'], substr($_POST['passwrd'], 0, 2));
- $other_passwords[] = crypt($_POST['passwrd'], substr($user_settings['passwd'], 0, 2));
- $other_passwords[] = md5($_POST['passwrd']);
- $other_passwords[] = sha1($_POST['passwrd']);
- $other_passwords[] = md5_hmac($_POST['passwrd'], strtolower($user_settings['member_name']));
- $other_passwords[] = md5($_POST['passwrd'] . strtolower($user_settings['member_name']));
- $other_passwords[] = md5(md5($_POST['passwrd']));
- $other_passwords[] = $_POST['passwrd'];
-
- $other_passwords[] = crypt(md5($_POST['passwrd']), md5($_POST['passwrd']));
-
- if (strlen($user_settings['passwd']) == 64 && function_exists('mhash') && defined('MHASH_SHA256'))
- $other_passwords[] = bin2hex(mhash(MHASH_SHA256, $_POST['passwrd']));
-
- $other_passwords[] = phpBB3_password_check($_POST['passwrd'], $user_settings['passwd']);
-
- $other_passwords[] = md5(crypt($_POST['passwrd'], 'CRYPT_MD5'));
- }
-
- elseif (!empty($modSettings['enable_password_conversion']) && strlen($user_settings['passwd']) == 32)
- {
-
- $other_passwords[] = md5(md5($_POST['passwrd']) . stripslashes($user_settings['password_salt']));
-
- $other_passwords[] = md5(md5($user_settings['password_salt']) . md5($_POST['passwrd']));
-
- $other_passwords[] = md5($user_settings['password_salt'] . $_POST['passwrd']);
- $other_passwords[] = md5($_POST['passwrd'] . $user_settings['password_salt']);
- }
- elseif (strlen($user_settings['passwd']) == 40)
- {
-
- $other_passwords[] = sha1(strtolower($user_settings['member_name']) . un_htmlspecialchars($_POST['passwrd']));
-
- if (!empty($modSettings['enable_password_conversion']))
- $other_passwords[] = sha1($user_settings['password_salt'] . sha1($user_settings['password_salt'] . sha1($_POST['passwrd'])));
-
- if ($context['character_set'] == 'utf8' && !empty($modSettings['previousCharacterSet']) && $modSettings['previousCharacterSet'] != 'utf8')
- {
-
- if (function_exists('iconv'))
- $other_passwords['iconv'] = sha1(strtolower(iconv('UTF-8', $modSettings['previousCharacterSet'], $user_settings['member_name'])) . un_htmlspecialchars(iconv('UTF-8', $modSettings['previousCharacterSet'], $_POST['passwrd'])));
-
- if (empty($other_passwords['iconv']) && function_exists('mb_convert_encoding'))
- $other_passwords[] = sha1(strtolower(mb_convert_encoding($user_settings['member_name'], 'UTF-8', $modSettings['previousCharacterSet'])) . un_htmlspecialchars(mb_convert_encoding($_POST['passwrd'], 'UTF-8', $modSettings['previousCharacterSet'])));
- }
- }
-
- if (stripos(PHP_OS, 'win') !== 0)
- {
- require_once($sourcedir . '/Subs-Compat.php');
- $other_passwords[] = sha1_smf(strtolower($user_settings['member_name']) . un_htmlspecialchars($_POST['passwrd']));
- }
-
- call_integration_hook('integrate_other_passwords', array(&$other_passwords));
-
- if (in_array($user_settings['passwd'], $other_passwords))
- {
- $user_settings['passwd'] = $sha_passwd;
- $user_settings['password_salt'] = substr(md5(mt_rand()), 0, 4);
-
- updateMemberData($user_settings['id_member'], array('passwd' => $user_settings['passwd'], 'password_salt' => $user_settings['password_salt'], 'passwd_flood' => ''));
- }
-
- else
- {
-
- $_SESSION['failed_login'] = isset($_SESSION['failed_login']) ? ($_SESSION['failed_login'] + 1) : 1;
-
- if ($_SESSION['failed_login'] >= $modSettings['failed_login_threshold'])
- redirectexit('action=reminder');
-
- else
- {
-
- log_error($txt['incorrect_password'] . ' - <span class="remove">' . $user_settings['member_name'] . '</span>', 'user');
- $context['login_errors'] = array($txt['incorrect_password']);
- return;
- }
- }
- }
- elseif (!empty($user_settings['passwd_flood']))
- {
-
- validatePasswordFlood($user_settings['id_member'], $user_settings['passwd_flood'], true);
-
- updateMemberData($user_settings['id_member'], array('passwd_flood' => ''));
- }
-
- if ($user_settings['password_salt'] == '')
- {
- $user_settings['password_salt'] = substr(md5(mt_rand()), 0, 4);
- updateMemberData($user_settings['id_member'], array('password_salt' => $user_settings['password_salt']));
- }
-
- if (!checkActivation())
- return;
- DoLogin();
- }
- function checkActivation()
- {
- global $context, $txt, $scripturl, $user_settings, $modSettings;
- if (!isset($context['login_errors']))
- $context['login_errors'] = array();
-
- $activation_status = $user_settings['is_activated'] > 10 ? $user_settings['is_activated'] - 10 : $user_settings['is_activated'];
-
- if ($activation_status == 5)
- {
- $context['login_errors'][] = $txt['coppa_no_concent'] . ' <a href="' . $scripturl . '?action=coppa;member=' . $user_settings['id_member'] . '">' . $txt['coppa_need_more_details'] . '</a>';
- return false;
- }
-
- elseif ($activation_status == 3)
- fatal_lang_error('still_awaiting_approval', 'user');
-
- elseif ($activation_status == 4)
- {
- if (isset($_REQUEST['undelete']))
- {
- updateMemberData($user_settings['id_member'], array('is_activated' => 1));
- updateSettings(array('unapprovedMembers' => ($modSettings['unapprovedMembers'] > 0 ? $modSettings['unapprovedMembers'] - 1 : 0)));
- }
- else
- {
- $context['disable_login_hashing'] = true;
- $context['login_errors'][] = $txt['awaiting_delete_account'];
- $context['login_show_undelete'] = true;
- return false;
- }
- }
-
- elseif ($activation_status != 1)
- {
- log_error($txt['activate_not_completed1'] . ' - <span class="remove">' . $user_settings['member_name'] . '</span>', false);
- $context['login_errors'][] = $txt['activate_not_completed1'] . ' <a href="' . $scripturl . '?action=activate;sa=resend;u=' . $user_settings['id_member'] . '">' . $txt['activate_not_completed2'] . '</a>';
- return false;
- }
- return true;
- }
- function DoLogin()
- {
- global $user_info, $user_settings, $smcFunc;
- global $maintenance, $modSettings, $context, $sourcedir;
-
- require_once($sourcedir . '/Subs-Auth.php');
-
- call_integration_hook('integrate_login', array($user_settings['member_name'], isset($_POST['hash_passwrd']) && strlen($_POST['hash_passwrd']) == 40 ? $_POST['hash_passwrd'] : null, $modSettings['cookieTime']));
-
- $username = $user_settings['member_name'];
- $user_info['id'] = $user_settings['id_member'];
-
- setLoginCookie(60 * $modSettings['cookieTime'], $user_settings['id_member'], sha1($user_settings['passwd'] . $user_settings['password_salt']));
-
- if (isset($_SESSION['failed_login']))
- unset($_SESSION['failed_login']);
- $user_info['is_guest'] = false;
- $user_settings['additional_groups'] = explode(',', $user_settings['additional_groups']);
- $user_info['is_admin'] = $user_settings['id_group'] == 1 || in_array(1, $user_settings['additional_groups']);
-
- is_not_banned(true);
-
- if ($user_info['is_admin'] && isset($user_settings['openid_uri']) && empty($user_settings['openid_uri']))
- {
- $_SESSION['admin_time'] = time();
- unset($_SESSION['just_registered']);
- }
-
- unset($_SESSION['language'], $_SESSION['id_theme']);
-
- $request = $smcFunc['db_query']('', '
- SELECT last_login
- FROM {db_prefix}members
- WHERE id_member = {int:id_member}
- AND last_login = 0',
- array(
- 'id_member' => $user_info['id'],
- )
- );
- if ($smcFunc['db_num_rows']($request) == 1)
- $_SESSION['first_login'] = true;
- else
- unset($_SESSION['first_login']);
- $smcFunc['db_free_result']($request);
-
- updateMemberData($user_info['id'], array('last_login' => time(), 'member_ip' => $user_info['ip'], 'member_ip2' => $_SERVER['BAN_CHECK_IP']));
-
- $smcFunc['db_query']('', '
- DELETE FROM {db_prefix}log_online
- WHERE session = {string:session}',
- array(
- 'session' => 'ip' . $user_info['ip'],
- )
- );
- $_SESSION['log_time'] = 0;
-
- if (!empty($modSettings['loginHistoryDays']))
- $smcFunc['db_insert']('insert',
- '{db_prefix}member_logins',
- array(
- 'id_member' => 'int', 'time' => 'int', 'ip' => 'string', 'ip2' => 'string',
- ),
- array(
- $user_info['id'], time(), $user_info['ip'], $user_info['ip2']
- ),
- array(
- 'id_member', 'time'
- )
- );
-
- if (empty($maintenance) || allowedTo('admin_forum'))
- redirectexit('action=login2;sa=check;member=' . $user_info['id'], $context['server']['needs_login_fix']);
- else
- redirectexit('action=logout;' . $context['session_var'] . '=' . $context['session_id'], $context['server']['needs_login_fix']);
- }
- function Logout($internal = false, $redirect = true)
- {
- global $sourcedir, $user_info, $user_settings, $context, $smcFunc;
-
- if (!$internal)
- checkSession('get');
- require_once($sourcedir . '/Subs-Auth.php');
- if (isset($_SESSION['pack_ftp']))
- $_SESSION['pack_ftp'] = null;
-
- if (isset($_SESSION['openid']))
- unset($_SESSION['openid']);
-
- unset($_SESSION['first_login']);
-
- if (!$user_info['is_guest'])
- {
-
- call_integration_hook('integrate_logout', array($user_settings['member_name']));
-
- $smcFunc['db_query']('', '
- DELETE FROM {db_prefix}log_online
- WHERE id_member = {int:current_member}',
- array(
- 'current_member' => $user_info['id'],
- )
- );
- }
- $_SESSION['log_time'] = 0;
-
- setLoginCookie(-3600, 0);
-
- if ($redirect)
- {
- if (empty($_SESSION['logout_url']))
- redirectexit('', $context['server']['needs_login_fix']);
- elseif (!empty($_SESSION['logout_url']) && (strpos('http://', $_SESSION['logout_url']) === false && strpos('https://', $_SESSION['logout_url']) === false))
- {
- unset ($_SESSION['logout_url']);
- redirectexit();
- }
- else
- {
- $temp = $_SESSION['logout_url'];
- unset($_SESSION['logout_url']);
- redirectexit($temp, $context['server']['needs_login_fix']);
- }
- }
- }
- function md5_hmac($data, $key)
- {
- $key = str_pad(strlen($key) <= 64 ? $key : pack('H*', md5($key)), 64, chr(0x00));
- return md5(($key ^ str_repeat(chr(0x5c), 64)) . pack('H*', md5(($key ^ str_repeat(chr(0x36), 64)) . $data)));
- }
- function phpBB3_password_check($passwd, $passwd_hash)
- {
-
- if (strlen($passwd_hash) != 34)
- return;
-
- $range = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
-
- $strpos = strpos($range, $passwd_hash[3]);
- $count = 1 << $strpos;
- $count2 = $count;
- $salt = substr($passwd_hash, 4, 8);
- $hash = md5($salt . $passwd, true);
- for (; $count != 0; --$count)
- $hash = md5($hash . $passwd, true);
- $output = substr($passwd_hash, 0, 12);
- $i = 0;
- while ($i < 16)
- {
- $value = ord($hash[$i++]);
- $output .= $range[$value & 0x3f];
- if ($i < 16)
- $value |= ord($hash[$i]) << 8;
- $output .= $range[($value >> 6) & 0x3f];
- if ($i++ >= 16)
- break;
- if ($i < 16)
- $value |= ord($hash[$i]) << 16;
- $output .= $range[($value >> 12) & 0x3f];
- if ($i++ >= 16)
- break;
- $output .= $range[($value >> 18) & 0x3f];
- }
-
- return $output;
- }
- function validatePasswordFlood($id_member, $password_flood_value = false, $was_correct = false)
- {
- global $cookiename, $sourcedir;
-
-
- require_once($sourcedir . '/Subs-Auth.php');
- setLoginCookie(-3600, 0);
- if (isset($_SESSION['login_' . $cookiename]))
- unset($_SESSION['login_' . $cookiename]);
-
- if (!$id_member)
- {
-
- redirectexit();
-
- fatal_lang_error('no_access', false);
- }
-
- if ($password_flood_value !== false)
- @list ($time_stamp, $number_tries) = explode('|', $password_flood_value);
-
- if (empty($number_tries) || empty($time_stamp))
- {
- $number_tries = 0;
- $time_stamp = time();
- }
-
- if (!empty($number_tries))
- {
-
- $number_tries = $time_stamp < time() - 20 ? 2 : $number_tries;
-
- if ($time_stamp < time() - 10)
- $time_stamp = time();
- }
- $number_tries++;
-
- if ($number_tries > 5)
- fatal_lang_error('login_threshold_brute_fail', 'critical');
-
- updateMemberData($id_member, array('passwd_flood' => $was_correct && $number_tries == 1 ? '' : $time_stamp . '|' . $number_tries));
- }
- ?>
|