Context Navigation

← Previous Changeset
Next Changeset →

Changeset 743

Timestamp:

08/13/07 05:15:48 (16 months ago)

Author:

raphael

Message:

Fixed #558: bruteforce protection is bogus
Fixed #552: wrong data in domain counters in reseller page
Fixed several errors in domain syntax checks
Fixed #559: error in /etc/courier/userdb home path for subdomains

Location:

trunk

Files:

: 1 removed
: 48 modified

CHANGELOG (modified) (1 diff)
engine/backup/ispcp-backup-all (modified) (1 diff)
engine/ispcp-mbox-mngr (modified) (1 diff)
gui/client/add_alias.php (modified) (2 diffs)
gui/client/add_mail_acc.php (modified) (2 diffs)
gui/client/catchall.php (modified) (1 diff)
gui/client/cronjobs_add.php (modified) (2 diffs)
gui/client/cronjobs_edit.php (modified) (2 diffs)
gui/client/puser_assign.php (modified) (3 diffs)
gui/client/puser_assign2.php (deleted)
gui/client/puser_gadd.php (modified) (2 diffs)
gui/client/sql_add_user.php (modified) (2 diffs)
gui/client/update_hp.php (modified) (4 diffs)
gui/include/client-functions.php (modified) (1 diff)
gui/include/i18n.php (modified) (2 diffs)
gui/include/input-checks.php (modified) (2 diffs)
gui/include/login-functions.php (modified) (4 diffs)
gui/include/login.php (modified) (5 diffs)
gui/include/lostpassword-functions.php (modified) (1 diff)
gui/include/reseller-functions.php (modified) (1 diff)
gui/include/sql.php (modified) (1 diff)
gui/include/system-message.php (modified) (2 diffs)
gui/lostpassword.php (modified) (2 diffs)
gui/orderpanel/package_info.php (modified) (1 diff)
gui/reseller/add_alias.php (modified) (1 diff)
gui/reseller/index.php (modified) (3 diffs)
gui/reseller/reseller_user_statistics.php (modified) (1 diff)
gui/themes/omega_original/client/add_mail_acc.tpl (modified) (7 diffs)
gui/themes/omega_original/client/create_catchall.tpl (modified) (1 diff)
language-files/cs_CZ.po (modified) (13 diffs)
language-files/da_DK.po (modified) (13 diffs)
language-files/de_DE.po (modified) (13 diffs)
language-files/en_GB.po (modified) (11 diffs)
language-files/es_AR.po (modified) (13 diffs)
language-files/es_ES.po (modified) (13 diffs)
language-files/fr_FR.po (modified) (13 diffs)
language-files/hu_HU.po (modified) (13 diffs)
language-files/ispCP.pot (modified) (11 diffs)
language-files/it_IT.po (modified) (13 diffs)
language-files/ja_JP.po (modified) (12 diffs)
language-files/nl_NL.po (modified) (13 diffs)
language-files/pl_PL.po (modified) (13 diffs)
language-files/pt_BR.po (modified) (13 diffs)
language-files/ro_RO.po (modified) (13 diffs)
language-files/ru_RU.po (modified) (13 diffs)
language-files/sk_SK.po (modified) (13 diffs)
language-files/th_TH.po (modified) (11 diffs)
language-files/tr_TR.po (modified) (13 diffs)
language-files/uk_UA.po (modified) (13 diffs)

Legend:

: Unmodified
: Added
: Removed

trunk/CHANGELOG

r742	r743
6	6	\| * gui: disable stats-alias in client menu \|
7	7	\_________________________________________________________________/
	8
	9	2007-08-12 Raphael Geissert
	10	- GUI:
	11	* Fixed #558: bruteforce protection is bogus
	12	* Fixed #552: wrong data in domain counters in reseller page
	13	* Fixed several errors in domain syntax checks
	14	- ENGINE:
	15	* Fixed #559: error in /etc/courier/userdb home path for subdomains
8	16
9	17	2007-08-06 Benedikt Heintel

trunk/engine/backup/ispcp-backup-all

r736	r743
290	290	if ($dbuser && $dbpass) {
291	291	my $db_backup_file = "$dmn_backup_dir/$db_name.sql";
292		my $db_backupcmd = "$main::cfg{'CMD_MYSQLDUMP'} --add-drop-table -u\'$dbuser\' -p\'$dbpass\' \'$db_name\' >\'$db_backup_file\'";
	292	my $db_backupcmd = "$main::cfg{'CMD_MYSQLDUMP'} --add-drop-table --allow-keywords --quote-names -u\'$dbuser\' -p\'$dbpass\' \'$db_name\' >\'$db_backup_file\'";
293	293	my $db_compresscmd = "$main::cfg{'CMD_BZIP'} --force \'$db_backup_file\'";
294	294	$rs = sys_command($db_backupcmd);

trunk/engine/ispcp-mbox-mngr

r716	r743
2531	2531	$hash_key = "$mail_acc\@$sub_name";
2532	2532
2533		$hash_value = "uid=$mbox_uid\|gid=$mbox_gid\|home=$virtual_mail_dir/$~~dmn~~_name/$mail_acc\|shell=/bin/false\|systempw=$rdata\|mail=$virtual_mail_dir/$sub_name/$mail_acc";
	2533	$hash_value = "uid=$mbox_uid\|gid=$mbox_gid\|home=$virtual_mail_dir/$sub_name/$mail_acc\|shell=/bin/false\|systempw=$rdata\|mail=$virtual_mail_dir/$sub_name/$mail_acc";
2534	2534
2535	2535	$rs = set_mta_hash_value($userdb_working_cfg, $hash_key, $hash_value);

trunk/gui/client/add_alias.php

r711	r743
188	188
189	189	$cr_user_id = $domain_id = get_user_domain_id($sql, $_SESSION['user_id']);
190		$alias_name = strtolower(~~clean_input($_POST['ndomain_name'])~~);
191		$mount_point = strtolower(~~clean_input($_POST['ndomain_mpoint'])~~);
	190	$alias_name = strtolower($_POST['ndomain_name']);
	191	$mount_point = strtolower($_POST['ndomain_mpoint']);
192	192	$forward = strtolower(clean_input($_POST['forward']));
193	193
…	…
209	209	//$mount_point = "/".$mount_point;
210	210
211		// Fisrt check i~~s the data~~ correct
	211	// Fisrt check if the data is correct
212	212	if (!chk_dname($alias_name)) {
213	213	$err_al = tr("Incorrect domain name syntax");

trunk/gui/client/add_mail_acc.php

r731	r743
405	405	}
406	406
407		if ($_POST['dmn_type'] === 'sub' && ~~$_POST['sub_id'] == 0~~) {
	407	if ($_POST['dmn_type'] === 'sub' && !isset($_POST['sub_id'])) {
408	408	set_page_message(tr('Subdomain list is empty! You can not add mail accounts!'));
409	409	return;
410	410	}
411	411
412		if ($_POST['dmn_type'] === 'als' && ~~$_POST['als_id'] == 0~~) {
413		set_page_message(tr('Alias list is empty! You can not add mail accounts!') ~~. $_POST['als_id']~~);
	412	if ($_POST['dmn_type'] === 'als' && !isset($_POST['als_id'])) {
	413	set_page_message(tr('Alias list is empty! You can not add mail accounts!'));
414	414	return;
415	415	}
416	416
417		if ($_POST['mail_type'] === 'forward' && ~~$_POST['forward_list'] === ''~~) {
418		set_page_message(tr('Forward list is empty!') ~~. $_POST['mail_type'] . $_POST['forward_list']~~);
	417	if ($_POST['mail_type'] === 'forward' && empty($_POST['forward_list'])) {
	418	set_page_message(tr('Forward list is empty!'));
419	419	return;
420	420	}
…	…
519	519	$tpl->assign(array('TR_CLIENT_ADD_MAIL_ACC_PAGE_TITLE' => tr('ISPCP - Client/Add Mail User'),
520	520	'THEME_COLOR_PATH' => "../themes/$theme_color",
521		'THEME_CHARSET' => tr('encoding'),
	521	'THEME_CHARSET' => tr('encoding'),
522	522	'ISPCP_LICENSE' => $cfg['ISPCP_LICENSE'],
523	523	'ISP_LOGO' => get_logo($_SESSION['user_id'])));

trunk/gui/client/catchall.php

r736	r743
77	77
78	78	if ($mail_status === $cfg['ITEM_ADD_STATUS']) {
79		return array(tr('N/A'), '#');
	79	return array(tr('N/A'), '#');//Addition in progress
80	80	} else if ($mail_status === $cfg['ITEM_OK_STATUS']) {
81	81	return array(tr('Delete CatchAll'), "delete_catchall.php?id=$mail_id");

trunk/gui/client/cronjobs_add.php

r731	r743
37	37	'TR_CLIENT_CRONJOBS_TITLE' => tr('ISPCP - Client/Cronjob Manager'),
38	38	'THEME_COLOR_PATH' => "../themes/$theme_color",
39		'THEME_CHARSET' => tr('encoding'),
	39	'THEME_CHARSET' => tr('encoding'),
40	40	'ISPCP_LICENSE' => $cfg['ISPCP_LICENSE'],
41	41	'ISP_LOGO' => get_logo($_SESSION['user_id'])
…	…
85	85	'TR_HOUR' => tr('Hour(s):'),
86	86	'TR_DAY' => tr('Day(s):'),
87		'TR_MONTHS' => tr('Months(s):'),
	87	'TR_MONTHS' => tr('Month(s):'),
88	88	'TR_WEEKDAYS' => tr('Weekday(s):'),
89	89	'TR_ADD' => tr('Add'),

trunk/gui/client/cronjobs_edit.php

r731	r743
37	37	'TR_CLIENT_CRONJOBS_TITLE' => tr('ISPCP - Client/Cronjob Manager'),
38	38	'THEME_COLOR_PATH' => "../themes/$theme_color",
39		'THEME_CHARSET' => tr('encoding'),
	39	'THEME_CHARSET' => tr('encoding'),
40	40	'ISPCP_LICENSE' => $cfg['ISPCP_LICENSE'],
41	41	'ISP_LOGO' => get_logo($_SESSION['user_id'])
…	…
93	93	'TR_HOUR' => tr('Hour(s):'),
94	94	'TR_DAY' => tr('Day(s):'),
95		'TR_MONTHS' => tr('Months(s):'),
	95	'TR_MONTHS' => tr('Month(s):'),
96	96	'TR_WEEKDAYS' => tr('Weekday(s):'),
97	97	'TR_UPDATE' => tr('Update'),

trunk/gui/client/puser_assign.php

r731	r743
45	45	array(
46	46	'THEME_COLOR_PATH' => "../themes/$theme_color",
47		'THEME_CHARSET' => tr('encoding'),
	47	'THEME_CHARSET' => tr('encoding'),
48	48	'ISPCP_LICENSE' => $cfg['ISPCP_LICENSE'],
49	49	'ISP_LOGO' => get_logo($_SESSION['user_id'])
…	…
240	240	check_for_lock_file();
241	241	send_request();
242		set_page_message(tr('User was assigned to ~~group')." - ".$rs -> fields['ugroup']~~);
	242	set_page_message(tr('User was assigned to the %s group', $rs -> fields['ugroup']));
243	243
244	244	} else {
…	…
309	309
310	310
311		set_page_message(tr('User was deleted from ~~group ')."- ".$rs -> fields['ugroup']~~);
	311	set_page_message(tr('User was deleted from the %s group ', $rs -> fields['ugroup']));
312	312
313	313	} else {

trunk/gui/client/puser_gadd.php

r731	r743
47	47	'TR_CLIENT_WEBTOOLS_PAGE_TITLE' => tr('ISPCP - Client/Webtools'),
48	48	'THEME_COLOR_PATH' => "../themes/$theme_color",
49		'THEME_CHARSET' => tr('encoding'),
	49	'THEME_CHARSET' => tr('encoding'),
50	50	'ISPCP_LICENSE' => $cfg['ISPCP_LICENSE'],
51	51	'ISP_LOGO' => get_logo($_SESSION['user_id'])
…	…
124	124	} else {
125	125
126		set_page_message(tr('Group already exist !'));
	126	set_page_message(tr('Group already exists!'));
127	127	return;
128	128	}

trunk/gui/client/sql_add_user.php

r730	r743
274	274	//
275	275	if (preg_match("/[%\|\?]+/", $db_user)) {
276		set_page_message(tr('Wildcards as % and ? are not allowed!'));
	276	set_page_message(tr('Wildcards as %% and ? are not allowed!'));
277	277	return;
278	278	}
…	…
376	376	$tpl -> assign(array('TR_CLIENT_SQL_ADD_USER_PAGE_TITLE' => tr('ISPCP - Client/Add SQL User'),
377	377	'THEME_COLOR_PATH' => "../themes/$theme_color",
378		'THEME_CHARSET' => tr('encoding'),
	378	'THEME_CHARSET' => tr('encoding'),
379	379	'ISPCP_LICENSE' => $cfg['ISPCP_LICENSE'],
380	380	'ISP_LOGO' => get_logo($_SESSION['user_id'])));

trunk/gui/client/update_hp.php

r731	r743
155	155	$i = 0;
156	156	while (!$rs->EOF) {
157		~~$details = $rs->fields['props']~~;
158		list($hp_php, $hp_cgi, $hp_sub, $hp_als, $hp_mail, $hp_ftp, $hp_sql_db, $hp_sql_user, $hp_traff, $hp_disk) = explode(";", $details);
	157	list($hp_php, $hp_cgi, $hp_sub, $hp_als, $hp_mail, $hp_ftp, $hp_sql_db, $hp_sql_user, $hp_traff, $hp_disk) = explode(";", $rs->fields['props']);
	158
159	159	$details = '';
	160
160	161	if ($hp_php === '_yes_') {
161	162	$details = tr('PHP Support: enabled') . "<br>";
…	…
167	168	if ($hp_cgi === '_yes_') {
168	169	$cgi = "yes";
169		$details ~~= $details . " " .~~ tr('CGI Support: enabled') . "<br>";
	170	$details .= tr('CGI Support: enabled') . "<br>";
170	171	} else {
171	172	$cgi = "no";
172		$details ~~= $details . " " .~~ tr('CGI Support: disabled') . "<br>";
	173	$details .= tr('CGI Support: disabled') . "<br>";
173	174	}
174	175	if (is_numeric(gen_num_limit_msg($hp_disk))) {
175		$hdd_usage = tr('~~HDD~~') . ": " . sizeit(gen_num_limit_msg($hp_disk * 1024 * 1024)) . "<br>";
176		} else {
177		$hdd_usage = tr('~~HDD~~') . ": " . gen_num_limit_msg($hp_disk) . "<br>";
	176	$hdd_usage = tr('Disk limit') . ": " . sizeit(gen_num_limit_msg($hp_disk * 1024 * 1024)) . "<br>";
	177	} else {
	178	$hdd_usage = tr('Disk limit') . ": " . gen_num_limit_msg($hp_disk) . "<br>";
178	179	}
179	180
180	181	if (is_numeric(gen_num_limit_msg($hp_traff))) {
181		$traffic_usage = tr('Traffic') . ": " . sizeit(gen_num_limit_msg($hp_traff * 1024 * 1024));
182		} else {
183		$traffic_usage = tr('Traffic') . ": " . gen_num_limit_msg($hp_traff * 1024 * 1024);
184		}
185
186		$details = $details . " " . tr('Aliases') . ": " . gen_num_limit_msg($hp_als) . "<br>" . tr('Subdomains') . ": " . gen_num_limit_msg($hp_sub) . "<br>" . tr('Emails') . ": " . gen_num_limit_msg($hp_mail) . "<br>" . tr('FTPs') . ": " . gen_num_limit_msg($hp_ftp) . "<br>" . tr('SQL Databases') . " " . gen_num_limit_msg($hp_sql_db) . "<br>" . tr('SQL Users') . ": " . gen_num_limit_msg($hp_sql_user) . "<br>" . $hdd_usage . $traffic_usage;
	182	$traffic_usage = tr('Traffic limit') . ": " . sizeit(gen_num_limit_msg($hp_traff * 1024 * 1024));
	183	} else {
	184	$traffic_usage = tr('Traffic limit') . ": " . gen_num_limit_msg($hp_traff * 1024 * 1024);
	185	}
	186
	187	$details .= tr('Aliases') . ": " . gen_num_limit_msg($hp_als) . "<br>";
	188	$details .= tr('Subdomains') . ": " . gen_num_limit_msg($hp_sub) . "<br>";
	189	$details .= tr('Emails') . ": " . gen_num_limit_msg($hp_mail) . "<br>";
	190	$details .= tr('FTPs') . ": " . gen_num_limit_msg($hp_ftp) . "<br>";
	191	$details .= tr('SQL Databases') . ": " . gen_num_limit_msg($hp_sql_db) . "<br>";
	192	$details .= tr('SQL Users') . ": " . gen_num_limit_msg($hp_sql_user) . "<br>";
	193	$details .= $hdd_usage . $traffic_usage;
187	194
188	195	$price = $rs->fields['price'];
…	…
259	266	}
260	267
261		~~global $cfg;~~
262	268	$theme_color = $cfg['USER_INITIAL_THEME'];
263	269	$tpl->assign(
…	…
265	271	'TR_CLIENT_UPDATE_HP' => tr('ISPCP - Update hosting plan'),
266	272	'THEME_COLOR_PATH' => "../themes/$theme_color",
267		'THEME_CHARSET' => tr('encoding'),
	273	'THEME_CHARSET' => tr('encoding'),
268	274	'ISPCP_LICENSE' => $cfg['ISPCP_LICENSE'],
269	275	'ISP_LOGO' => get_logo($_SESSION['user_id'])

trunk/gui/include/client-functions.php

r734	r743
576	576
577	577	function user_trans_item_status($item_status) {
578		global $cfg;
579
580		if ($item_status === $cfg['ITEM_ADD_STATUS']) {
581		return tr('Addition in progress');
582		} else if ($item_status === $cfg['ITEM_OK_STATUS']) {
583		return tr('OK');
584		} else if ($item_status === $cfg['ITEM_CHANGE_STATUS']) {
585		return tr('Modification in progress');
586		} else if ($item_status === $cfg['ITEM_DELETE_STATUS']) {
587		return tr('Deletion in progress');
588		} else {
589		return tr('Unknown Error');
590		}
	578
	579	//DEPRECATED
	580	return translate_dmn_status($item_status);
591	581	}
592	582

trunk/gui/include/i18n.php

r727	r743
17	17	* http://opensource.org \| osi@opensource.org
18	18	**/
	19
	20	function curlang($newlang = null) {
	21
	22	static $language = null;
	23
	24	$_language = $language;
	25
	26	if ($language === null && ($newlang === null \|\| $newlang == false)) {
	27	// autodetect
	28	$newlang = true;
	29	}
	30
	31	if ($newlang !== null && $newlang != false) {
	32	if ($newlang === true) {
	33	$newlang = (isset($_SESSION['user_def_lang'])) ? $_SESSION['user_def_lang'] : $cfg['USER_INITIAL_LANG'];
	34	}
	35
	36	$language = $newlang;
	37	}
	38
	39	return ($_language !== null)? $_language : $language;
	40
	41	}
19	42
20	43	/**
…	…
38	61	}
39	62
40		$lang = ~~(isset($_SESSION['user_def_lang'])) ? $_SESSION['user_def_lang'] : $cfg['USER_INITIAL_LANG']~~;
	63	$lang = curlang();
41	64	$encoding = 'UTF-8';
42	65

trunk/gui/include/input-checks.php

r739	r743
312	312
313	313	$match = array();
314		if (!preg_match("/^([~~[^a-z0-9^A-Z^��~~\-]*)([A-Za-z0-9])$/D", $data, $match))
315		return FALSE;
316
317		if (preg_match("/\-\-/", $match[2]))
318		return FALSE;
	314	if (!preg_match("/^([A-Za-z0-9])([a-z0-9A-Z\-]*)([A-Za-z0-9])$/D", $data, $match))
	315	return FALSE;
	316
	317	/*if (preg_match("/\-\-/", $match[2]))
	318	return FALSE;*/
319	319
320	320	return TRUE;
…	…
337	337	return false;
338	338	}
339
	339
340	340	if (!rsl_full_domain_check($dname))
341	341	return FALSE;

trunk/gui/include/login-functions.php

r707	r743
64	64	}
65	65
66		function unblock($ttl = 30) {
67		global $sql;
68
69		$boundary = time() - $ttl * 60;
70		$query = "DELETE FROM login WHERE user_name is NULL AND lastaccess < '" . $boundary . "'";
	66	function unblock($timeout = null, $type = 'bruteforce') {
	67	global $sql, $cfg;
	68
	69	if ($timeout === null) {
	70	$timeout = $cfg['BRUTEFORCE_BLOCK_TIME'];
	71	}
	72
	73	$timeout = time() - ($timeout * 60);
	74
	75	switch ($type) {
	76	case 'bruteforce':
	77	$query = "UPDATE login SET login_count='1' WHERE login_count > " . $cfg['BRUTEFORCE_MAX_LOGIN'] . " AND lastaccess < " . $timeout . " AND user_name is NULL";
	78	break;
	79	case 'captcha':
	80	$query = "UPDATE login SET captcha_count='1' WHERE captcha_count > " . $cfg['BRUTEFORCE_MAX_CAPTCHA'] . " AND lastaccess < " . $timeout . " AND user_name is NULL";
	81	break;
	82	default:
	83	die('FIXME: '.__FILE__.':'.__LINE__);
	84	break;
	85	}
71	86
72	87	exec_query($sql, $query, array());
…	…
74	89	}
75	90
76		function is_ipaddr_blocked($ipaddr) {
77		global $sql, $cfg;
78
79		$query = "SELECT * FROM login WHERE ipaddr='" . $ipaddr . "' AND login_count='" . $cfg['BRUTEFORCE_MAX_LOGIN'] . "' OR captcha_count='" . $cfg['BRUTEFORCE_MAX_CAPTCHA'] . "'";
80		$res = exec_query($sql, $query, array());
81
82		if ($res -> RecordCount() == 1) {
83		return TRUE;
84		}
85
86		return FALSE;
87		}
88
89		function check_ipaddr($ipaddr, $type = "brutefoce") {
90		global $sql, $cfg;
	91	function is_ipaddr_blocked($ipaddr = null, $type = 'bruteforce', $autodeny = false) {
	92	global $sql, $cfg;
	93
	94	if ($ipaddr === null) {
	95	$ipaddr = getipaddr();
	96	}
	97
	98	switch ($type) {
	99	case 'bruteforce':
	100	$query = "SELECT * FROM login WHERE ipaddr='" . $ipaddr . "' AND login_count='" . $cfg['BRUTEFORCE_MAX_LOGIN'] . "'";
	101	break;
	102	case 'captcha':
	103	$query = "SELECT * FROM login WHERE ipaddr='" . $ipaddr . "' AND captcha_count='" . $cfg['BRUTEFORCE_MAX_CAPTCHA'] . "'";
	104	break;
	105	default:
	106	die('FIXME: '.__FILE__.':'.__LINE__);
	107	break;
	108	}
	109	$res = exec_query($sql, $query, array());
	110
	111	if ($res -> RecordCount() == 0) {
	112	return false;
	113	} else if (!$autodeny) {
	114	return true;
	115	}
	116
	117	deny_access();
	118	}
	119
	120	function check_ipaddr($ipaddr = null, $type = "brutefoce") {
	121	global $sql, $cfg;
	122
	123	if (!$cfg['BRUTEFORCE'])
	124	return false;
	125
	126	if ($ipaddr === null) {
	127	$ipaddr = getipaddr();
	128	}
91	129
92	130	$sess_id = session_id();
…	…
95	133
96	134	if ($res->RecordCount() == 0) {
97		$query = "INSERT INTO login (session_id, ipaddr, lastaccess, login_count, captcha_count) VALUES ('" . $sess_id . "','" . $ipaddr . "',UNIX_TIMESTAMP(),'~~1', '1~~')";
98		exec_query($sql, $query, array());
	135	$query = "INSERT INTO login (session_id, ipaddr, lastaccess, login_count, captcha_count) VALUES ('" . $sess_id . "','" . $ipaddr . "',UNIX_TIMESTAMP(),'?', '?')";
	136	exec_query($sql, $query, array((int)($type=='bruteforce'),(int)($type=='captcha')));
99	137	return false;
100	138	}
101
102		~~if (!$cfg['BRUTEFORCE'])~~
103		~~return false;~~
104	139
105	140	$data = $res->FetchRow();
…	…
109	144	$capchacount = $data['captcha_count'];
110	145
111		if ($logincount > ($cfg['BRUTEFORCE_MAX_LOGIN'])) {
112
113		if (($lastaccess + 1800) < time()) {
114		if ($type == "bruteforce") {
115		$query = "UPDATE login SET lastaccess=UNIX_TIMESTAMP(), login_count='1' WHERE ipaddr='" . $ipaddr . "' AND user_name is NULL";
116		}
117		else {
118		$query = "UPDATE login SET lastaccess=UNIX_TIMESTAMP(), captcha_count='1' WHERE ipaddr='" . $ipaddr . "' AND user_name is NULL";
119
120		}
121		exec_query($sql, $query, array());
122		return false;
123		}
124		block_ipaddr($ipaddr);
	146	if ($type == 'bruteforce' && $logincount > $cfg['BRUTEFORCE_MAX_LOGIN']) {
	147	block_ipaddr($ipaddr, 'Login');
	148	}
	149
	150	if ($type == 'captcha' && $logincount > $cfg['BRUTEFORCE_MAX_CAPTCHA']) {
	151	block_ipaddr($ipaddr, 'CAPTCHA');
125	152	}
126	153
127	154	if ($cfg['BRUTEFORCE_BETWEEN']) {
128	155	$btime = $lastaccess + $cfg['BRUTEFORCE_BETWEEN_TIME'];
129		}
130		else {
	156	} else {
131	157	$btime = 0;
132	158	}
133	159
134	160	if ($btime < time()) {
	161