From 2bfcec9620814a6f3d0163a174d7ba90efef369d Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Sat, 30 Jan 2010 19:48:57 -0800
Subject: Prevent brute force login attacks by reducing login attempts to 1 per
 minute after there have been 5 consecutive failed login attempts.

Fix for ticket #589.
---
 modules/gallery/controllers/login.php | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

(limited to 'modules/gallery/controllers')

diff --git a/modules/gallery/controllers/login.php b/modules/gallery/controllers/login.php
index cfe86cfb..1426f0d8 100644
--- a/modules/gallery/controllers/login.php
+++ b/modules/gallery/controllers/login.php
@@ -62,11 +62,10 @@ class Login_Controller extends Controller {
     if ($valid) {
       $user = identity::lookup_user_by_name($form->login->inputs["name"]->value);
       if (empty($user) || !identity::is_correct_password($user, $form->login->password->value)) {
-        log::warning(
-          "user",
-          t("Failed login for %name",
-            array("name" => $form->login->inputs["name"]->value)));
         $form->login->inputs["name"]->add_error("invalid_login", 1);
+        $name = $form->login->inputs["name"]->value;
+        log::warning("user", t("Failed login for %name", array("name" => $name)));
+        module::event("user_login_failed", $name);
         $valid = false;
       }
     }
-- 
cgit v1.2.3