Permalink
Browse files

ログインフォームのスパム対策

$_SERVER['HTTP_ACCEPT_LANGUAGE']を読み取れないクライアントにはログインフォームを表示しない・ログインを許可しない
  • Loading branch information...
1 parent ee36c53 commit b57a289144e3dac1a570c15ab91f126c98566bea @yama yama committed Nov 9, 2015
Showing with 9 additions and 0 deletions.
  1. +5 −0 nucleus/libs/ADMIN.php
  2. +4 −0 nucleus/libs/globalfunctions.php
@@ -138,6 +138,11 @@ function action_showlogin() {
function action_login($msg = '', $passvars = 1) {
global $member;
+ if(!isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {
+ header("HTTP/1.0 404 Not Found");
+ exit;
+ }
+
// skip to overview when allowed
if ($member->isLoggedIn() && $member->canLogin()) {
$this->action_overview();
@@ -240,6 +240,10 @@
// login/logout when required or renew cookies
if ($action == 'login') {
+ if(!isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {
+ header("HTTP/1.0 404 Not Found");
+ exit;
+ }
// Form Authentication
$login = postVar('login');
$pw = postVar('password');

0 comments on commit b57a289

Please sign in to comment.