deny user login in less than 3 second, to prevent flooding and race condition of multilogin checking.

git-svn-id: http://opensvn.csie.org/pttbbs/trunk/pttbbs@3337 63ad8ddf-47c3-0310-b6dd-a9e9d9715204

1 files changed, 6 insertions, 3 deletions

diff --git a/cacheserver/utmpserver2.c b/cacheserver/utmpserver2.c
index 00e12eaa..3e68a174 100644
--- a/cacheserver/utmpserver2.c
+++ b/cacheserver/utmpserver2.c
@@ -29,8 +29,9 @@ int action_frequently(int uid)
     static time_t flood_base_minute;
     static time_t flood_base_hour;
     static struct {
-	unsigned short minute_count;
-	unsigned short hour_count;
+	unsigned short lastlogin; // truncated time_t
+	unsigned char minute_count;
+	unsigned char hour_count;
     } flooding[MAX_USERS];
 
     if(minute!=flood_base_minute) {
@@ -44,7 +45,8 @@ int action_frequently(int uid)
 	flood_base_hour=hour;
     }
 
-    if(flooding[uid].minute_count>30 ||
+    if(abs(flooding[uid].lastlogin-(unsigned short)now)<=3 ||
+	    flooding[uid].minute_count>30 ||
 	    flooding[uid].hour_count>60) {
 	count_flooding++;
 	return 2;
@@ -52,6 +54,7 @@ int action_frequently(int uid)
 
     flooding[uid].minute_count++;
     flooding[uid].hour_count++;
+    flooding[uid].lastlogin=now;
 
     if(flooding[uid].minute_count>5 ||
 	    flooding[uid].hour_count>20) {