dépôts
/
lhc
/
web
/
wiklou.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
SECURITY: Do not allow botpassword login if account locked.
[lhc/web/wiklou.git]
/
includes
/
api
/
ApiLogin.php
diff --git
a/includes/api/ApiLogin.php
b/includes/api/ApiLogin.php
index
aa7e25e
..
14491da
100644
(file)
--- a/
includes/api/ApiLogin.php
+++ b/
includes/api/ApiLogin.php
@@
-1,9
+1,5
@@
<?php
/**
<?php
/**
- *
- *
- * Created on Sep 19, 2006
- *
* Copyright © 2006-2007 Yuri Astrakhan "<Firstname><Lastname>@gmail.com",
* Daniel Cannon (cannon dot danielc at gmail dot com)
*
* Copyright © 2006-2007 Yuri Astrakhan "<Firstname><Lastname>@gmail.com",
* Daniel Cannon (cannon dot danielc at gmail dot com)
*
@@
-134,7
+130,11
@@
class ApiLogin extends ApiBase {
$session = $status->getValue();
$authRes = 'Success';
$loginType = 'BotPassword';
$session = $status->getValue();
$authRes = 'Success';
$loginType = 'BotPassword';
- } elseif ( !$botLoginData[2] ) {
+ } elseif ( !$botLoginData[2] ||
+ $status->hasMessage( 'login-throttled' ) ||
+ $status->hasMessage( 'botpasswords-needs-reset' ) ||
+ $status->hasMessage( 'botpasswords-locked' )
+ ) {
$authRes = 'Failed';
$message = $status->getMessage();
LoggerFactory::getInstance( 'authentication' )->info(
$authRes = 'Failed';
$message = $status->getMessage();
LoggerFactory::getInstance( 'authentication' )->info(