GNUsocial
/
gnu-social
4
0
Fork 1
Code Issues Releases Wiki Activity

$this->client_ip was not always set in AntiBrutePlugin onEndCheckPassword

This commit is contained in:
Mikael Nordfeldth 2015-06-05 15:34:14 +02:00
parent dee4ca37ab
commit 94f5247f91
1 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
plugins/AntiBrute/AntiBrutePlugin.php
View File

@ -9,6 +9,13 @@ class AntiBrutePlugin extends Plugin {
const FAILED_LOGIN_IP_SECTION = 'failed_login_ip';
public function initialize()
{
// This probably needs some work. For example with IPv6 you can easily generate new IPs...
$client_ip = common_client_ip();
$this->client_ip = $client_ip[0] ?: $client_ip[1]; // [0] is proxy, [1] should be the real IP
}
public function onStartCheckPassword($nickname, $password, &$authenticatedUser)
{
if (common_is_email($nickname)) {
@ -22,9 +29,6 @@ class AntiBrutePlugin extends Plugin {
return true;
}
// This probably needs some work. For example with IPv6 you can easily generate new IPs...
$client_ip = common_client_ip();
$this->client_ip = $client_ip[0] ?: $client_ip[1]; // [0] is proxy, [1] should be the real IP
$this->failed_attempts = (int)$this->unauthed_user->getPref(self::FAILED_LOGIN_IP_SECTION, $this->client_ip);
switch (true) {
case $this->failed_attempts >= 5: