From: Moritz Bunkus Date: Mon, 28 Feb 2011 11:45:21 +0000 (+0100) Subject: Fünf-Sekunden-Verzögerung bei falschem Login auch bei nicht existierendem Benutzernam... X-Git-Tag: release-2.6.3~63 X-Git-Url: http://wagnertech.de/git?a=commitdiff_plain;h=686cba236f263c4df78e1f454a15c2f129055878;p=kivitendo-erp.git Fünf-Sekunden-Verzögerung bei falschem Login auch bei nicht existierendem Benutzernamen erzwingen --- diff --git a/SL/Auth.pm b/SL/Auth.pm index a2e98322f..cd16c8e0b 100644 --- a/SL/Auth.pm +++ b/SL/Auth.pm @@ -136,11 +136,11 @@ sub authenticate_root { sub authenticate { $main::lxdebug->enter_sub(); - my $self = shift; + my ($self, $login, $password) = @_; $main::lxdebug->leave_sub(); - my $result = $self->{authenticator}->authenticate(@_); + my $result = $login ? $self->{authenticator}->authenticate($login, $password) : ERR_USER; return OK if $result eq OK; sleep 5; return $result; diff --git a/SL/Auth/Constants.pm b/SL/Auth/Constants.pm index 852271338..5a44dc1e3 100644 --- a/SL/Auth/Constants.pm +++ b/SL/Auth/Constants.pm @@ -11,6 +11,7 @@ our %EXPORT_TAGS = ( ERR => [ qw( ERR_PASSWORD ERR_BACKEND + ERR_USER ) ], SESSION => [ qw( SESSION_OK @@ -30,6 +31,7 @@ Exporter::export_ok_tags('all'); use constant OK => 0; use constant ERR_PASSWORD => 1; +use constant ERR_USER => 2; use constant ERR_BACKEND => 100; use constant SESSION_OK => 0; diff --git a/bin/mozilla/login.pl b/bin/mozilla/login.pl index 4d3679c78..03e6dd947 100644 --- a/bin/mozilla/login.pl +++ b/bin/mozilla/login.pl @@ -65,7 +65,7 @@ sub run { %::myconfig = $auth->read_user($form->{login}) if ($form->{login}); $::locale = Locale->new($::myconfig{countrycode}) if $::myconfig{countrycode}; - if (!$::myconfig{login} || (SL::Auth::OK != $auth->authenticate($form->{login}, $form->{password}))) { + if (SL::Auth::OK != $auth->authenticate($::myconfig{login}, $form->{password})) { $form->{error_message} = $::locale->text('Incorrect username or password!'); login_screen(); } else {