X-Git-Url: http://git.osdn.net/view?p=nucleus-jp%2Fnucleus-next.git;a=blobdiff_plain;f=nucleus%2Fplugins%2FNP_SecurityEnforcer.php;h=ca5017cda83b6e1b92a90461e3949ed9231906fd;hp=a66c1a8706ad530c712314ad4e803c47c1d4a903;hb=c90b0980cfa3e79cd4bc7eed551a64a5e2b02a5c;hpb=6575e866f3fd1938601432841d80f82e9d259265

diff --git a/nucleus/plugins/NP_SecurityEnforcer.php b/nucleus/plugins/NP_SecurityEnforcer.php
index a66c1a8..ca5017c 100644
--- a/nucleus/plugins/NP_SecurityEnforcer.php
+++ b/nucleus/plugins/NP_SecurityEnforcer.php
@@ -14,7 +14,11 @@ This program is distributed in the hope that it will be useful, but WITHOUT ANY
 WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
 PARTICULAR PURPOSE. See the GNU General Public License for more details.
 
+<<<<<<< HEAD
+* @version $Id: NP_SecurityEnforcer.php 1721 2012-03-31 10:18:25Z sakamocchi $
+=======
 * @version $Id: NP_SecurityEnforcer.php 1874 2012-06-17 07:27:38Z sakamocchi $
+>>>>>>> skinnable-master
 */
 class NP_SecurityEnforcer extends NucleusPlugin
 {
@@ -85,7 +89,11 @@ class NP_SecurityEnforcer extends NucleusPlugin
 		$this->createOption('login_lockout',		'_SECURITYENFORCER_OPT_LOGIN_LOCKOUT',		'text', '15');
 		
 		// create needed tables
+<<<<<<< HEAD
+		DB::execute("CREATE TABLE IF NOT EXISTS ". sql_table('plug_securityenforcer').
+=======
 		DB::execute('CREATE TABLE IF NOT EXISTS '. sql_table('plug_securityenforcer').
+>>>>>>> skinnable-master
 					" (login varchar(255),
 					   fails int(11) NOT NULL default '0',
 					   lastfail bigint NOT NULL default '0',
@@ -203,6 +211,14 @@ class NP_SecurityEnforcer extends NucleusPlugin
 		global $_SERVER;
 		$login = $data['login'];
 		$ip = $_SERVER['REMOTE_ADDR'];
+<<<<<<< HEAD
+		DB::execute("DELETE FROM " . sql_table('plug_securityenforcer') . " WHERE lastfail < " . (time() - ($this->login_lockout * 60)));
+		$query = "SELECT fails as result FROM " . sql_table('plug_securityenforcer') . " ";
+		$query .= 'WHERE login=' . DB::quoteValue($login);
+		$flogin = DB::getValue($query); 
+		$query = "SELECT fails as result FROM " . sql_table('plug_securityenforcer') . " ";
+		$query .= 'WHERE login=' . DB::quoteValue($ip);
+=======
 		
 		$query = "DELETE FROM %s WHERE lastfail < %d;";
 		$query = sprintf($query, sql_table('plug_securityenforcer'), (integer) (time() - ($this->login_lockout * 60)));
@@ -214,6 +230,7 @@ class NP_SecurityEnforcer extends NucleusPlugin
 		
 		$query = "SELECT fails as result FROM %s WHERE login=%s;";
 		$query = sprintf($query, sql_table('plug_securityenforcer'), DB::quoteValue($ip));
+>>>>>>> skinnable-master
 		$fip = DB::getValue($query); 
 		
 		if ( $flogin >= $this->max_failed_login || $fip >= $this->max_failed_login )
@@ -236,8 +253,13 @@ class NP_SecurityEnforcer extends NucleusPlugin
 		global $_SERVER;
 		$login = $data['username'];
 		$ip = $_SERVER['REMOTE_ADDR'];
+<<<<<<< HEAD
+		DB::execute("DELETE FROM " . sql_table('plug_securityenforcer') . " WHERE login=" . DB::quoteValue($login));
+		DB::execute("DELETE FROM " . sql_table('plug_securityenforcer') . " WHERE login=" . DB::quoteValue($ip));
+=======
 		DB::execute('DELETE FROM ' . sql_table('plug_securityenforcer') . ' WHERE login=' . DB::quoteValue($login));
 		DB::execute('DELETE FROM ' . sql_table('plug_securityenforcer') . ' WHERE login=' . DB::quoteValue($ip));
+>>>>>>> skinnable-master
 		return;
 	}
 	
@@ -251,6 +273,25 @@ class NP_SecurityEnforcer extends NucleusPlugin
 		global $_SERVER;
 		$login = $data['username'];
 		$ip = $_SERVER['REMOTE_ADDR'];
+<<<<<<< HEAD
+		$lres = DB::getValue("SELECT * FROM " . sql_table('plug_securityenforcer') . ' WHERE login=' . DB::quoteValue($login));
+		if ( $lres )
+		{
+			DB::execute("UPDATE " . sql_table('plug_securityenforcer') . " SET fails=fails+1, lastfail=" . time() . ' WHERE login=' . DB::quoteValue($login));
+		}
+		else
+		{
+			DB::execute("INSERT INTO " . sql_table('plug_securityenforcer') . ' (login,fails,lastfail) VALUES (' . DB::quoteValue($login) . ',1,' . time() . ')');
+		}
+		$lres = DB::getValue("SELECT * FROM " . sql_table('plug_securityenforcer') . " WHERE login='" . DB::quoteValue($ip) . "'");
+		if ( $lres )
+		{
+			DB::execute("UPDATE " . sql_table('plug_securityenforcer') . ' SET fails=fails+1, lastfail=' . time() . ' WHERE login=' . DB::quoteValue($ip));
+		}
+		else
+		{
+			DB::execute("INSERT INTO " . sql_table('plug_securityenforcer') . ' (login,fails,lastfail) VALUES (' . DB::quoteValue($ip) . ',1,' . time() . ')');
+=======
 		$lres = DB::getResult('SELECT * FROM ' . sql_table('plug_securityenforcer') . ' WHERE login=' . DB::quoteValue($login));
 		if ( $lres->rowCount() > 0 )
 		{
@@ -268,6 +309,7 @@ class NP_SecurityEnforcer extends NucleusPlugin
 		else
 		{
 			DB::execute('INSERT INTO ' . sql_table('plug_securityenforcer') . ' (login,fails,lastfail) VALUES (' . DB::quoteValue($ip) . ',1,' . time() . ')');
+>>>>>>> skinnable-master
 		}
 		return;
 	}
@@ -292,10 +334,17 @@ class NP_SecurityEnforcer extends NucleusPlugin
 			$complexity = 4;
 		}
 		
+<<<<<<< HEAD
+		$ucchars	= "[A-Z]";
+		$lcchars	= "[a-z]";
+		$numchars	= "[0-9]";
+		$ochars		= "[-~!@#$%^&*()_+=,.<>?:;|]";
+=======
 		$ucchars	= '[A-Z]';
 		$lcchars	= '[a-z]';
 		$numchars	= '[0-9]';
 		$ochars		= '[#-~!@\\$%^&*()_+=,.<>?:;|]';
+>>>>>>> skinnable-master
 		$chartypes	= array($ucchars, $lcchars, $numchars, $ochars);
 		$tot		= array(0,0,0,0);
 		$i			= 0;