Prevent brute force login attacks by reducing login attempts to 1 per

minute after there have been 5 consecutive failed login attempts. Fix for ticket #589.
author: Bharat Mediratta <bharat@menalto.com> 2010-01-30 19:48:57 -0800
committer: Bharat Mediratta <bharat@menalto.com> 2010-01-30 19:48:57 -0800
commit: 2bfcec9620814a6f3d0163a174d7ba90efef369d (patch)
tree: aff296f37e108af420058e029fe107d0cde0bbb0 /modules/gallery/controllers
parent: 86fd81ef2661718914e1d4eb63108a864b6ac14c (diff)
1 files changed, 3 insertions, 4 deletions
diff --git a/modules/gallery/controllers/login.php b/modules/gallery/controllers/login.php
index cfe86cfb..1426f0d8 100644
--- a/modules/gallery/controllers/login.php
+++ b/modules/gallery/controllers/login.php
@@ -62,11 +62,10 @@ class Login_Controller extends Controller {
     if ($valid) {
       $user = identity::lookup_user_by_name($form->login->inputs["name"]->value);
       if (empty($user) || !identity::is_correct_password($user, $form->login->password->value)) {
-        log::warning(
-          "user",
-          t("Failed login for %name",
-            array("name" => $form->login->inputs["name"]->value)));
         $form->login->inputs["name"]->add_error("invalid_login", 1);
+        $name = $form->login->inputs["name"]->value;
+        log::warning("user", t("Failed login for %name", array("name" => $name)));
+        module::event("user_login_failed", $name);
         $valid = false;
       }
     }
author	Bharat Mediratta <bharat@menalto.com>	2010-01-30 19:48:57 -0800
committer	Bharat Mediratta <bharat@menalto.com>	2010-01-30 19:48:57 -0800
commit	2bfcec9620814a6f3d0163a174d7ba90efef369d (patch)
tree	aff296f37e108af420058e029fe107d0cde0bbb0 /modules/gallery/controllers
parent	86fd81ef2661718914e1d4eb63108a864b6ac14c (diff)