r92884 MediaWiki - Code Review archive

Repository:MediaWiki
Revision:r92883‎ | r92884 | r92885 >
Date:20:58, 22 July 2011
Author:aaron
Status:ok
Tags:
Comment:
Refactored code out into incLoginThrottle/clearLoginThrottle functions (for use by SpecialChangePassword et al)
Modified paths:
  • /trunk/phase3/includes/specials/SpecialUserlogin.php (modified) (history)

Diff [purge]

Index: trunk/phase3/includes/specials/SpecialUserlogin.php
@@ -449,7 +449,7 @@
450450 * creation.
451451 */
452452 public function authenticateUserData() {
453 - global $wgUser, $wgAuth, $wgMemc;
 453+ global $wgUser, $wgAuth;
454454
455455 if ( $this->mUsername == '' ) {
456456 return self::NO_NAME;
@@ -470,22 +470,9 @@
471471 return self::NEED_TOKEN;
472472 }
473473
474 - global $wgPasswordAttemptThrottle;
475 -
476 - $throttleCount = 0;
477 - if ( is_array( $wgPasswordAttemptThrottle ) ) {
478 - $throttleKey = wfMemcKey( 'password-throttle', wfGetIP(), md5( $this->mUsername ) );
479 - $count = $wgPasswordAttemptThrottle['count'];
480 - $period = $wgPasswordAttemptThrottle['seconds'];
481 -
482 - $throttleCount = $wgMemc->get( $throttleKey );
483 - if ( !$throttleCount ) {
484 - $wgMemc->add( $throttleKey, 1, $period ); // start counter
485 - } elseif ( $throttleCount < $count ) {
486 - $wgMemc->incr( $throttleKey );
487 - } elseif ( $throttleCount >= $count ) {
488 - return self::THROTTLED;
489 - }
 474+ $throttleCount = self::incLoginThrottle( $this->mUsername );
 475+ if ( $throttleCount === true ) {
 476+ return self::THROTTLED;
490477 }
491478
492479 // Validate the login token
@@ -579,8 +566,8 @@
580567 $wgUser = $u;
581568
582569 // Please reset throttle for successful logins, thanks!
583 - if( $throttleCount ) {
584 - $wgMemc->delete( $throttleKey );
 570+ if ( $throttleCount ) {
 571+ self::clearLoginThrottle( $this->mUsername );
585572 }
586573
587574 if ( $isAutoCreated ) {
@@ -594,6 +581,46 @@
595582 return $retval;
596583 }
597584
 585+ /*
 586+ * Increment the login attempt throttle hit count for a user
 587+ * and then check if the (username,IP) combination is throttled.
 588+ * @param $username string The user name
 589+ * @return Bool|Integer The integer hit count or True if it is already at the limit
 590+ */
 591+ public function incLoginThrottle( $username ) {
 592+ global $wgPasswordAttemptThrottle, $wgMemc;
 593+
 594+ $throttleCount = 0;
 595+ if ( is_array( $wgPasswordAttemptThrottle ) ) {
 596+ $throttleKey = wfMemcKey( 'password-throttle', wfGetIP(), md5( $username ) );
 597+ $count = $wgPasswordAttemptThrottle['count'];
 598+ $period = $wgPasswordAttemptThrottle['seconds'];
 599+
 600+ $throttleCount = $wgMemc->get( $throttleKey );
 601+ if ( !$throttleCount ) {
 602+ $wgMemc->add( $throttleKey, 1, $period ); // start counter
 603+ } elseif ( $throttleCount < $count ) {
 604+ $wgMemc->incr( $throttleKey );
 605+ } elseif ( $throttleCount >= $count ) {
 606+ return true;
 607+ }
 608+ }
 609+
 610+ return $throttleCount;
 611+ }
 612+
 613+ /*
 614+ * Clear the login attempt throttle hit count for a user
 615+ * @param $username string The user name
 616+ * @return void
 617+ */
 618+ public function clearLoginThrottle( $username ) {
 619+ global $wgMemc;
 620+
 621+ $throttleKey = wfMemcKey( 'password-throttle', wfGetIP(), md5( $username ) );
 622+ $wgMemc->delete( $throttleKey );
 623+ }
 624+
598625 /**
599626 * Attempt to automatically create a user on login. Only succeeds if there
600627 * is an external authentication method which allows it.

Follow-up revisions

RevisionCommit summaryAuthorDate
r92886Follow-up r92884: mark these functions staticaaron21:04, 22 July 2011
r92887Fix for r86482: throttle password attempts for SpecialChangePassword (uses r9...aaron21:06, 22 July 2011
r92894Improved r92884 comments a bit on second thoughtaaron21:18, 22 July 2011
r92935MFT r92907,r92894,r92887,r92886,r92884: password reset page fixes. Tweaked to...aaron09:25, 23 July 2011
r94446MFT to REL1_18:...hashar09:27, 14 August 2011

Status & tagging log