Compare commits

..

2 Commits

Author SHA1 Message Date
Steve Allison 49812d9746 Fix missing () 2013-02-22 19:05:54 +00:00
Steve Allison 9af9edf09d No need for DB lookup during login unless 403 2013-02-22 19:02:27 +00:00
5 changed files with 9 additions and 32 deletions

View File

@ -5,7 +5,7 @@ Protects the Roundcube login page from bruteforce login attempts.
Original concept from the roundcube "security" plugin by Lazlo Westerhof.
Wanting to fix the shortfalls of that plugin led me to a rewrite.
Requires Roundcube 1.3 or higher.
Requires Roundcube 0.9-beta or higher.
FEATURES
-------------------
@ -34,13 +34,8 @@ Create an issue ticket at https://github.com/stalks/roundcube-defense/issues
HISTORY
--------------------
10.12.2017 -- Version 1.0
21.02.2013 -- Version 0.1
- initial release, functional, still bug checking
===================
Created by Steve Allison - https://www.nooblet.org/
Forked and upgraded by Inpos

View File

@ -46,7 +46,7 @@ class defense extends rcube_plugin {
*/
private function debug($string) {
if (!$this->debugEnabled) { return; }
rcube::write_log($this->logfile, $this->ipaddr . " # " . $string);
write_log($this->logfile, $this->ipaddr . " # " . $string);
}
/**
* Check if IP is matched against all IPs in array,
@ -148,7 +148,7 @@ class defense extends rcube_plugin {
// I can't seem to try/catch database entries so I have no details regarding error
$string = "Error communicating with database.";
$this->debug($string);
rcube::write_log('error', 'plugin::defense: ' . $string);
write_log('error', 'plugin::defense: ' . $string);
}
/**
* Return true if IP matches config whitelist
@ -258,7 +258,7 @@ class defense extends rcube_plugin {
$this->debugEnabled = $this->rc->config->get('defense_debug_enabled', false);
// set client ip
$this->ipaddr = rcube_utils::remote_ip();
$this->ipaddr = rcmail_remote_ip();
// Roundcube event hooks
$this->add_hook('template_object_loginform', array($this, 'hookLoginForm'));
@ -290,9 +290,9 @@ class defense extends rcube_plugin {
die();
}
if ($this->isBanned($this->ipaddr)) {
if ($this->ban_httpstatus) { $this->sendForbiddenHeader(); }
if (($this->ban_httpstatus) && ($this->isBanned($this->ipaddr))) {
$this->debug("IP already banned");
$this->sendForbiddenHeader();
}
$this->debug("Sending login form.");

View File

@ -1,6 +0,0 @@
<?php
$labels = array();
$labels['ipbanned'] = 'Вы заблокированы на %s';
?>

View File

@ -8,7 +8,7 @@ CREATE TABLE IF NOT EXISTS `defense` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`epoch` int(11) NOT NULL,
`type` tinyint(4) NOT NULL,
`ipaddr` varchar(256) NOT NULL,
`ipaddr` varchar(40) NOT NULL,
`data` text NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 AUTO_INCREMENT=30 ;

View File

@ -1,12 +0,0 @@
CREATE SEQUENCE defense_seq;
CREATE TABLE IF NOT EXISTS defense (
id int NOT NULL DEFAULT NEXTVAL ('defense_seq'),
epoch int NOT NULL,
type smallint NOT NULL,
ipaddr varchar(256) NOT NULL,
data text NOT NULL,
PRIMARY KEY (id)
) ;
ALTER SEQUENCE defense_seq RESTART WITH 30;