Netsyms/Mods-for-HESK-Netsyms
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Slight changes, fix lockout vuln

Browse Source
This commit is contained in:
Mike Koch 2016-09-30 21:28:26 -04:00
parent 5c53ce7991
commit 0c77843ea7
2 changed files with 11 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
admin/index.php
View File

@ -287,7 +287,7 @@ function print_login()
?> ?>
<div class="login-box"> <div class="login-box">
<div class="login-logo"> <div class="login-logo">
<?php echo $hesklang['staff_login_title']; ?> <?php echo $hesk_settings['hesk_title']; ?>
</div> </div>
<div class="login-box-body"> <div class="login-box-body">
<div class="loginError"> <div class="loginError">
@ -296,6 +296,9 @@ function print_login()
hesk_handle_messages(); hesk_handle_messages();
?> ?>
</div> </div>
<h4 class="login-box-msg">
<?php echo $hesklang['staff_login_title']; ?>
</h4>
<form class="form-horizontal" role="form" action="index.php" method="post" name="form1"> <form class="form-horizontal" role="form" action="index.php" method="post" name="form1">
<?php <?php
$has_error = ''; $has_error = '';

11
admin/password.php
View File

@ -39,7 +39,6 @@ require(HESK_PATH . 'inc/common.inc.php');
// Connect to database and check for brute force attempts // Connect to database and check for brute force attempts
hesk_load_database_functions(); hesk_load_database_functions();
hesk_dbConnect(); hesk_dbConnect();
hesk_limitBfAttempts();
$modsForHesk_settings = mfh_getSettings(); $modsForHesk_settings = mfh_getSettings();
@ -113,6 +112,7 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') {
} }
} }
} }
hesk_limitBfAttempts();
// Get email // Get email
$email = hesk_validateEmail(hesk_POST('email'), 'ERR', 0) or $hesk_error_buffer['email'] = $hesklang['enter_valid_email']; $email = hesk_validateEmail(hesk_POST('email'), 'ERR', 0) or $hesk_error_buffer['email'] = $hesklang['enter_valid_email'];
@ -241,9 +241,12 @@ require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
?> ?>
<div class="login-box"> <div class="login-box">
<div class="login-logo"> <div class="login-logo">
<?php echo $hesklang['passr']; ?> <?php echo $hesk_settings['hesk_title']; ?>
</div> </div>
<div class="login-box-body"> <div class="login-box-body">
<h4 class="login-box-msg">
<?php echo $hesklang['passr']; ?>
</h4>
<form action="password.php" method="post" name="form1" class="form-horizontal" role="form"> <form action="password.php" method="post" name="form1" class="form-horizontal" role="form">
<?php <?php
/* This will handle error, success and notice messages */ /* This will handle error, success and notice messages */
@ -291,8 +294,8 @@ require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
play_again: "<?php echo hesk_slashJS($hesklang['play_again']); ?>", play_again: "<?php echo hesk_slashJS($hesklang['play_again']); ?>",
cant_hear_this: "<?php echo hesk_slashJS($hesklang['cant_hear_this']); ?>", cant_hear_this: "<?php echo hesk_slashJS($hesklang['cant_hear_this']); ?>",
incorrect_try_again: "<?php echo hesk_slashJS($hesklang['incorrect_try_again']); ?>", incorrect_try_again: "<?php echo hesk_slashJS($hesklang['incorrect_try_again']); ?>",
image_alt_text: "<?php echo hesk_slashJS($hesklang['image_alt_text']); ?>", image_alt_text: "<?php echo hesk_slashJS($hesklang['image_alt_text']); ?>"
}, }
}; };
</script> </script>
<?php <?php