From 2bfcec9620814a6f3d0163a174d7ba90efef369d Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Sat, 30 Jan 2010 19:48:57 -0800
Subject: Prevent brute force login attacks by reducing login attempts to 1 per
 minute after there have been 5 consecutive failed login attempts.

Fix for ticket #589.
---
 modules/gallery/helpers/gallery_installer.php | 22 +++++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

(limited to 'modules/gallery/helpers/gallery_installer.php')

diff --git a/modules/gallery/helpers/gallery_installer.php b/modules/gallery/helpers/gallery_installer.php
index d2378d64..cf701ed4 100644
--- a/modules/gallery/helpers/gallery_installer.php
+++ b/modules/gallery/helpers/gallery_installer.php
@@ -42,6 +42,14 @@ class gallery_installer {
                 KEY (`tags`))
                 DEFAULT CHARSET=utf8;");
 
+    $db->query("CREATE TABLE {failed_logins} (
+                `id` int(9) NOT NULL auto_increment,
+                `count` int(9) NOT NULL,
+                `name` varchar(255) NOT NULL,
+                `time` int(9) NOT NULL,
+                PRIMARY KEY (`id`))
+                DEFAULT CHARSET=utf8;");
+
     $db->query("CREATE TABLE {graphics_rules} (
                  `id` int(9) NOT NULL auto_increment,
                  `active` BOOLEAN default 0,
@@ -276,7 +284,7 @@ class gallery_installer {
     // @todo this string needs to be picked up by l10n_scanner
     module::set_var("gallery", "credits", "Powered by <a href=\"%url\">Gallery %version</a>");
     module::set_var("gallery", "simultaneous_upload_limit", 5);
-    module::set_version("gallery", 22);
+    module::set_version("gallery", 23);
   }
 
   static function upgrade($version) {
@@ -485,6 +493,17 @@ class gallery_installer {
       }
       module::set_version("gallery", $version = 23);
     }
+
+    if ($version = 23) {
+      $db->query("CREATE TABLE {failed_logins} (
+                  `id` int(9) NOT NULL auto_increment,
+                  `count` int(9) NOT NULL,
+                  `name` varchar(255) NOT NULL,
+                  `time` int(9) NOT NULL,
+                  PRIMARY KEY (`id`))
+                  DEFAULT CHARSET=utf8;");
+      module::set_version("gallery", $version = 24);
+    }
   }
 
   static function uninstall() {
@@ -493,6 +512,7 @@ class gallery_installer {
     $db->query("DROP TABLE IF EXISTS {access_intents}");
     $db->query("DROP TABLE IF EXISTS {graphics_rules}");
     $db->query("DROP TABLE IF EXISTS {incoming_translations}");
+    $db->query("DROP TABLE IF EXISTS {failed_logins}");
     $db->query("DROP TABLE IF EXISTS {items}");
     $db->query("DROP TABLE IF EXISTS {logs}");
     $db->query("DROP TABLE IF EXISTS {modules}");
-- 
cgit v1.2.3