diff options
author | Yorhel <git@yorhel.nl> | 2014-08-29 10:54:36 +0200 |
---|---|---|
committer | Yorhel <git@yorhel.nl> | 2014-08-29 10:54:36 +0200 |
commit | 9a1bd46a568094ff62cfc85bc488b116042718b8 (patch) | |
tree | e580afad4f318a1c5f4c98047beaa6796b3f14e3 /lib/VNDB/Handler/Users.pm | |
parent | c27d4e6b509a655d81e36469bb881afc287596e8 (diff) |
Throttle failed login attempts (10/day)
Diffstat (limited to 'lib/VNDB/Handler/Users.pm')
-rw-r--r-- | lib/VNDB/Handler/Users.pm | 21 |
1 files changed, 19 insertions, 2 deletions
diff --git a/lib/VNDB/Handler/Users.pm b/lib/VNDB/Handler/Users.pm index eb7e03ab..78c4103d 100644 --- a/lib/VNDB/Handler/Users.pm +++ b/lib/VNDB/Handler/Users.pm @@ -140,6 +140,20 @@ sub login { return $self->resRedirect('/') if $self->authInfo->{id}; + my $tm = $self->dbThrottleGet($self->normIP); + if($tm-time() > $self->{login_throttle}[1]) { + $self->htmlHeader(title => mt '_login_title'); + div class => 'mainbox'; + h1 mt '_login_title'; + div class => 'warning'; + h2 mt '_login_throttle_title'; + p; lit mt '_login_throttle_msg'; end; + end; + end 'div'; + $self->htmlFooter; + return; + } + my $frm; if($self->reqMethod eq 'POST') { return if !$self->authCheckCode; @@ -150,8 +164,11 @@ sub login { (my $ref = $self->reqHeader('Referer')||'/') =~ s/^\Q$self->{url}//; $ref = '/' if $ref =~ /^\/u\//; - return if !$frm->{_err} && $self->authLogin($frm->{usrname}, $frm->{usrpass}, $ref); - $frm->{_err} = [ 'login_failed' ] if !$frm->{_err}; + if(!$frm->{_err}) { + return if $self->authLogin($frm->{usrname}, $frm->{usrpass}, $ref); + $frm->{_err} = [ 'login_failed' ]; + $self->dbThrottleSet($self->normIP, $tm+$self->{login_throttle}[0]); + } } $self->htmlHeader(noindex => 1, title => mt '_login_title'); |