# HG changeset patch
# User Dan
# Date 1261042315 18000
# Node ID 71cb87b7dc3f510c28ebdc1890e1bb8b44a1a072
# Parent d5474f54a525725d98754551458235201b2879c0
ACP: Added lockout management feature
diff -r d5474f54a525 -r 71cb87b7dc3f includes/sessions.php
--- a/includes/sessions.php Thu Dec 17 04:29:55 2009 -0500
+++ b/includes/sessions.php Thu Dec 17 04:31:55 2009 -0500
@@ -737,19 +737,19 @@
'lockout_policy' => 'disable'
);
- if ( $lockout_data['lockout_policy'] != 'disable' && !defined('IN_ENANO_INSTALL') )
+ if ( $lockout_data['policy'] != 'disable' && !defined('IN_ENANO_INSTALL') )
{
$ipaddr = $db->escape($_SERVER['REMOTE_ADDR']);
// increment fail count
- $this->sql('INSERT INTO '.table_prefix.'lockout(ipaddr, timestamp, action) VALUES(\'' . $ipaddr . '\', ' . time() . ', \'credential\');');
- $lockout_data['lockout_fails']++;
+ $this->sql('INSERT INTO '.table_prefix.'lockout(ipaddr, timestamp, action, username) VALUES(\'' . $ipaddr . '\', ' . time() . ', \'credential\', \'' . $db->escape($username) . '\');');
+ $lockout_data['fails']++;
return array(
'success' => false,
- 'error' => ( $lockout_data['lockout_fails'] >= $lockout_data['lockout_threshold'] ) ? 'locked_out' : 'invalid_credentials',
- 'lockout_threshold' => $lockout_data['lockout_threshold'],
- 'lockout_duration' => ( $lockout_data['lockout_duration'] ),
- 'lockout_fails' => $lockout_data['lockout_fails'],
- 'lockout_policy' => $lockout_data['lockout_policy']
+ 'error' => ( $lockout_data['fails'] >= $lockout_data['threshold'] ) ? 'locked_out' : 'invalid_credentials',
+ 'lockout_threshold' => $lockout_data['threshold'],
+ 'lockout_duration' => ( $lockout_data['duration'] ),
+ 'lockout_fails' => $lockout_data['fails'],
+ 'lockout_policy' => $lockout_data['policy']
);
}
@@ -866,7 +866,7 @@
{
$ipaddr = $db->escape($_SERVER['REMOTE_ADDR']);
// increment fail count
- $this->sql('INSERT INTO '.table_prefix.'lockout(ipaddr, timestamp, action) VALUES(\'' . $ipaddr . '\', ' . time() . ', \'credential\');');
+ $this->sql('INSERT INTO '.table_prefix.'lockout(ipaddr, timestamp, action) VALUES(\'' . $ipaddr . '\', ' . time() . ', \'credential\', \'' . $db->escape($username) . '\');');
}
return array(
@@ -981,7 +981,7 @@
if(!is_int($user_id))
die('Somehow an SQL injection attempt crawled into our session registrar! (1)');
if(!is_int($level))
- die('Somehow an SQL injection attempt crawled into our session registrar! (2)');
+ die(var_dump($level) . '
Somehow an SQL injection attempt crawled into our session registrar! (2)');
// Update RAM
$this->user_id = $user_id;
diff -r d5474f54a525 -r 71cb87b7dc3f install/schemas/mysql_stage2.sql
--- a/install/schemas/mysql_stage2.sql Thu Dec 17 04:29:55 2009 -0500
+++ b/install/schemas/mysql_stage2.sql Thu Dec 17 04:31:55 2009 -0500
@@ -274,6 +274,7 @@
ipaddr varchar(40) NOT NULL,
action ENUM('credential', 'level') NOT NULL DEFAULT 'credential',
timestamp int(12) NOT NULL DEFAULT 0,
+ username varchar(255) NOT NULL DEFAULT '',
PRIMARY KEY ( id )
) CHARACTER SET `utf8` COLLATE `utf8_bin`;
diff -r d5474f54a525 -r 71cb87b7dc3f install/schemas/postgresql_stage2.sql
--- a/install/schemas/postgresql_stage2.sql Thu Dec 17 04:29:55 2009 -0500
+++ b/install/schemas/postgresql_stage2.sql Thu Dec 17 04:31:55 2009 -0500
@@ -275,6 +275,7 @@
ipaddr varchar(40) NOT NULL,
action varchar(20) NOT NULL DEFAULT 'credential',
timestamp int NOT NULL DEFAULT 0,
+ username varchar(255) NOT NULL DEFAULT '',
CHECK ( action IN ('credential', 'level') ),
PRIMARY KEY ( id )
);
diff -r d5474f54a525 -r 71cb87b7dc3f install/schemas/upgrade/1.1.6-1.1.7-mysql.sql
--- a/install/schemas/upgrade/1.1.6-1.1.7-mysql.sql Thu Dec 17 04:29:55 2009 -0500
+++ b/install/schemas/upgrade/1.1.6-1.1.7-mysql.sql Thu Dec 17 04:31:55 2009 -0500
@@ -1,2 +1,4 @@
ALTER TABLE {{TABLE_PREFIX}}users_extra ADD COLUMN date_format varchar(32) NOT NULL DEFAULT 'F d, Y';
ALTER TABLE {{TABLE_PREFIX}}users_extra ADD COLUMN time_format varchar(32) NOT NULL DEFAULT 'G:i';
+ALTER TABLE {{TABLE_PREFIX}}lockout ADD COLUMN username varchar(255) NOT NULL DEFAULT '';
+
diff -r d5474f54a525 -r 71cb87b7dc3f install/schemas/upgrade/1.1.6-1.1.7-postgresql.sql
--- a/install/schemas/upgrade/1.1.6-1.1.7-postgresql.sql Thu Dec 17 04:29:55 2009 -0500
+++ b/install/schemas/upgrade/1.1.6-1.1.7-postgresql.sql Thu Dec 17 04:31:55 2009 -0500
@@ -1,2 +1,4 @@
ALTER TABLE {{TABLE_PREFIX}}users_extra ADD COLUMN date_format varchar(32) NOT NULL DEFAULT 'F d, Y';
ALTER TABLE {{TABLE_PREFIX}}users_extra ADD COLUMN time_format varchar(32) NOT NULL DEFAULT 'G:i';
+ALTER TABLE {{TABLE_PREFIX}}lockout ADD COLUMN username varchar(255) NOT NULL DEFAULT '';
+
diff -r d5474f54a525 -r 71cb87b7dc3f language/english/admin.json
--- a/language/english/admin.json Thu Dec 17 04:29:55 2009 -0500
+++ b/language/english/admin.json Thu Dec 17 04:31:55 2009 -0500
@@ -235,16 +235,33 @@
stat_lastupdate_never: 'Never',
heading_alerts: 'Active alerts',
+
msg_demo_title: 'Enano is running in demo mode.',
msg_demo_body: 'If you borked something up, or if you\'re done testing, you can reset this site. The site is reset automatically once every two hours. When a reset is performed, all custom modifications to the site are lost and replaced with default values.',
+
msg_install_files_title: 'Installer files found',
msg_install_files_body: 'Please delete the install/ directory from your Enano installation folder – it contains sensitive tools that might allow your site to be compromised.',
+
heading_updates: 'Check for updates',
msg_updates_info: 'The Enano team will on occasion release new versions of Enano. We always recommend that you run the latest available version because many releases contain security patches. Enano checks for updates by looking at an XML file and doesn\'t share any information about your site.',
btn_check_updates: 'Check for updates',
+
heading_inactive_users: 'Users are awaiting activation',
msg_inactive_users_one: '1 user has requested manual account activation. You can activate the account by going to the User Manager.',
msg_inactive_users_plural: '%num_users% users have requested manual account activation. You can activate those accounts by going to the User Manager.',
+
+ msg_users_locked_out: 'Active IP address lockouts',
+ msg_users_locked_out_hint: 'The following IP addresses have been automatically locked out from login attempts. You can delete these active lockouts, if you choose.',
+ th_locked_out_ip: 'IP address',
+ th_locked_out_username: 'Username (most recent attempt)',
+ th_locked_out_status: 'Status',
+ th_locked_out_time: 'Time remaining',
+ lbl_locked_out_warned: 'Warned (failures: %fail_count%)',
+ lbl_locked_out_banned: 'Locked out',
+ btn_lockout_unblock: 'Unblock',
+ btn_lockout_clear: 'Clear',
+ msg_lockout_clear_success: 'The IP address %ip% has been cleared from the active lockout list.',
+
heading_docs: 'Enano documentation',
msg_docs_info: 'The Enano administrator\'s handbook is maintained as a wiki. It will help you get started with Enano and learn about how we do things differently.',
heading_support: 'Get support',
diff -r d5474f54a525 -r 71cb87b7dc3f language/english/core.json
--- a/language/english/core.json Thu Dec 17 04:29:55 2009 -0500
+++ b/language/english/core.json Thu Dec 17 04:31:55 2009 -0500
@@ -801,6 +801,10 @@
unit_months: 'months',
unit_year: 'year',
unit_years: 'years',
+ unit_minute: 'minute',
+ unit_minutes: 'minutes',
+ unit_minute_short: 'min',
+ unit_minutes_short: 'mins'
}
}
};
diff -r d5474f54a525 -r 71cb87b7dc3f plugins/SpecialAdmin.php
--- a/plugins/SpecialAdmin.php Thu Dec 17 04:29:55 2009 -0500
+++ b/plugins/SpecialAdmin.php Thu Dec 17 04:31:55 2009 -0500
@@ -671,7 +671,7 @@
get('acpgc_field_passminimum_hint'); ?>