Fünf-Sekunden-Verzögerung bei falschem Login auch bei nicht existierendem Benutzernam...

diff --git a/SL/Auth.pm b/SL/Auth.pm
index a2e9832..cd16c8e 100644 (file)
--- a/SL/Auth.pm
+++ b/SL/Auth.pm
@@ -136,11 +136,11 @@ sub authenticate_root {
 sub authenticate {
   $main::lxdebug->enter_sub();
 
-  my $self = shift;
+  my ($self, $login, $password) = @_;
 
   $main::lxdebug->leave_sub();
 
-  my $result = $self->{authenticator}->authenticate(@_);
+  my $result = $login ? $self->{authenticator}->authenticate($login, $password) : ERR_USER;
   return OK if $result eq OK;
   sleep 5;
   return $result;

diff --git a/SL/Auth/Constants.pm b/SL/Auth/Constants.pm
index 8522713..5a44dc1 100644 (file)
--- a/SL/Auth/Constants.pm
+++ b/SL/Auth/Constants.pm
@@ -11,6 +11,7 @@ our %EXPORT_TAGS   = (
   ERR => [ qw(
     ERR_PASSWORD
     ERR_BACKEND
+    ERR_USER
   ) ],
   SESSION => [ qw(
     SESSION_OK
@@ -30,6 +31,7 @@ Exporter::export_ok_tags('all');
 
 use constant OK              =>   0;
 use constant ERR_PASSWORD    =>   1;
+use constant ERR_USER        =>   2;
 use constant ERR_BACKEND     => 100;
 
 use constant SESSION_OK      =>   0;

diff --git a/bin/mozilla/login.pl b/bin/mozilla/login.pl
index 4d3679c..03e6dd9 100644 (file)
--- a/bin/mozilla/login.pl
+++ b/bin/mozilla/login.pl
@@ -65,7 +65,7 @@ sub run {
     %::myconfig = $auth->read_user($form->{login}) if ($form->{login});
     $::locale   = Locale->new($::myconfig{countrycode}) if $::myconfig{countrycode};
 
-    if (!$::myconfig{login} || (SL::Auth::OK != $auth->authenticate($form->{login}, $form->{password}))) {
+    if (SL::Auth::OK != $auth->authenticate($::myconfig{login}, $form->{password})) {
       $form->{error_message} = $::locale->text('Incorrect username or password!');
       login_screen();
     } else {