From 99a7f470b93d35717f8d5979d05da6cf05a1dd20 Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Tue, 2 Feb 2010 21:48:01 -0800
Subject: Protect password changes against brute force attacks.

---
 modules/gallery/helpers/auth.php | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

(limited to 'modules/gallery/helpers/auth.php')

diff --git a/modules/gallery/helpers/auth.php b/modules/gallery/helpers/auth.php
index 16f8915a..717cf40a 100644
--- a/modules/gallery/helpers/auth.php
+++ b/modules/gallery/helpers/auth.php
@@ -78,10 +78,16 @@ class auth_Core {
     }
   }
 
+  static function validate_too_many_failed_password_changes($password_input) {
+    if (self::too_many_failed_logins(identity::active_user()->name)) {
+      $password_input->add_error("too_many_failed_password_changes", 1);
+    }
+  }
+
   /**
    * Record a failed login for this user
    */
-  static function record_failed_login($name) {
+  static function record_failed_auth_attempts($name) {
     $failed_login = ORM::factory("failed_login")
       ->where("name", "=", $name)
       ->find();
@@ -96,7 +102,7 @@ class auth_Core {
   /**
    * Clear any failed logins for this user
    */
-  static function record_successful_login($user) {
+  static function clear_failed_logins($user) {
     db::build()
       ->delete("failed_logins")
       ->where("name", "=", $user->name)
-- 
cgit v1.2.3