tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Minor fixes

This commit is contained in:
Alejandro Gallardo Escobar 2014-12-11 18:43:30 +01:00
parent 7d1894e2ca
commit 85830e0b79
1 changed files with 14 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
pandora_console/index.php
View File

@ -191,15 +191,14 @@ if (! isset ($config['id_user'])) {
if (isset ($_SESSION['prepared_login_da']['id_user']) if (isset ($_SESSION['prepared_login_da']['id_user'])
&& isset ($_SESSION['prepared_login_da']['timestamp'])) { && isset ($_SESSION['prepared_login_da']['timestamp'])) {
$config["prepared_login_da"] = $_SESSION["prepared_login_da"];
// The user has a maximum of 5 minutes to introduce the double auth code // The user has a maximum of 5 minutes to introduce the double auth code
$dauth_period = SECONDS_2MINUTES; $dauth_period = SECONDS_2MINUTES;
$now = time(); $now = time();
$dauth_time = $config['prepared_login_da']['timestamp']; $dauth_time = $_SESSION['prepared_login_da']['timestamp'];
if ($now - $dauth_period < $dauth_time) { if ($now - $dauth_period < $dauth_time) {
// Nick // Nick
$nick = $config["prepared_login_da"]['id_user']; $nick = $_SESSION["prepared_login_da"]['id_user'];
// Code // Code
$code = (string) get_parameter_post ("auth_code"); $code = (string) get_parameter_post ("auth_code");
@ -215,6 +214,10 @@ if (! isset ($config['id_user'])) {
$login_screen = 'double_auth'; $login_screen = 'double_auth';
// Error message // Error message
$config["auth_error"] = __("Invalid code"); $config["auth_error"] = __("Invalid code");
if (!isset($_SESSION['prepared_login_da']['attempts']))
$_SESSION['prepared_login_da']['attempts'] = 0;
$_SESSION['prepared_login_da']['attempts']++;
} }
} }
else { else {
@ -222,11 +225,15 @@ if (! isset ($config['id_user'])) {
$login_screen = 'double_auth'; $login_screen = 'double_auth';
// Error message // Error message
$config["auth_error"] = __("The code shouldn't be empty"); $config["auth_error"] = __("The code shouldn't be empty");
if (!isset($_SESSION['prepared_login_da']['attempts']))
$_SESSION['prepared_login_da']['attempts'] = 0;
$_SESSION['prepared_login_da']['attempts']++;
} }
} }
else { else {
// Expired login // Expired login
unset ($_SESSION['prepared_login_da'], $config["prepared_login_da"]); unset ($_SESSION['prepared_login_da']);
// Error message // Error message
$config["auth_error"] = __('Expired login'); $config["auth_error"] = __('Expired login');
@ -253,7 +260,7 @@ if (! isset ($config['id_user'])) {
$login_failed = true; $login_failed = true;
require_once ('general/login_page.php'); require_once ('general/login_page.php');
db_pandora_audit("Logon Failed", "Invalid double auth login: " db_pandora_audit("Logon Failed", "Invalid double auth login: "
.$_SESSION['remote_addr'], $_SESSION['remote_addr']); .$_SERVER['REMOTE_ADDR'], $_SERVER['REMOTE_ADDR']);
while (@ob_end_flush ()); while (@ob_end_flush ());
exit ("</html>"); exit ("</html>");
} }
@ -318,7 +325,8 @@ if (! isset ($config['id_user'])) {
// Store this values in the session to know if the user login was correct // Store this values in the session to know if the user login was correct
$_SESSION['prepared_login_da'] = array( $_SESSION['prepared_login_da'] = array(
'id_user' => $nick_in_db, 'id_user' => $nick_in_db,
'timestamp' => time() 'timestamp' => time(),
'attempts' => 0
); );
// Load the page to introduce the double auth code // Load the page to introduce the double auth code