Slight changes, fix lockout vuln

2016-09-30 21:28:26 -04:00 · 2016-09-30 21:28:26 -04:00 · 0c77843ea7
commit 0c77843ea7
parent 5c53ce7991
2 changed files with 11 additions and 5 deletions
--- a/admin/index.php
+++ b/admin/index.php
@ -287,7 +287,7 @@ function print_login()
 	?>
 <div class="login-box">
    <div class="login-logo">
-        <?php echo $hesklang['staff_login_title']; ?>
+        <?php echo $hesk_settings['hesk_title']; ?>
    </div>
    <div class="login-box-body">
        <div class="loginError">
@ -296,6 +296,9 @@ function print_login()
            hesk_handle_messages();
            ?>
        </div>
+        <h4 class="login-box-msg">
+            <?php echo $hesklang['staff_login_title']; ?>
+        </h4>
        <form class="form-horizontal" role="form" action="index.php" method="post" name="form1">
            <?php
            $has_error = '';
--- a/admin/password.php
+++ b/admin/password.php
@ -39,7 +39,6 @@ require(HESK_PATH . 'inc/common.inc.php');
 // Connect to database and check for brute force attempts
 hesk_load_database_functions();
 hesk_dbConnect();
-hesk_limitBfAttempts();

 $modsForHesk_settings = mfh_getSettings();

@ -113,6 +112,7 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') {
            }
        }
    }
+    hesk_limitBfAttempts();

    // Get email
    $email = hesk_validateEmail(hesk_POST('email'), 'ERR', 0) or $hesk_error_buffer['email'] = $hesklang['enter_valid_email'];
@ -241,9 +241,12 @@ require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
 ?>
 <div class="login-box">
    <div class="login-logo">
-        <?php echo $hesklang['passr']; ?>
+        <?php echo $hesk_settings['hesk_title']; ?>
    </div>
    <div class="login-box-body">
+        <h4 class="login-box-msg">
+            <?php echo $hesklang['passr']; ?>
+        </h4>
        <form action="password.php" method="post" name="form1" class="form-horizontal" role="form">
            <?php
            /* This will handle error, success and notice messages */
@ -291,8 +294,8 @@ require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
                                        play_again: "<?php echo hesk_slashJS($hesklang['play_again']); ?>",
                                        cant_hear_this: "<?php echo hesk_slashJS($hesklang['cant_hear_this']); ?>",
                                        incorrect_try_again: "<?php echo hesk_slashJS($hesklang['incorrect_try_again']); ?>",
-                                        image_alt_text: "<?php echo hesk_slashJS($hesklang['image_alt_text']); ?>",
-                                    },
+                                        image_alt_text: "<?php echo hesk_slashJS($hesklang['image_alt_text']); ?>"
+                                    }
                                };
                            </script>
                        <?php