From 3ddde73259384914a96ce3b764f311e46f9bb376 Mon Sep 17 00:00:00 2001
From: kcwu <kcwu@63ad8ddf-47c3-0310-b6dd-a9e9d9715204>
Date: Sat, 8 Apr 2006 14:22:10 +0000
Subject: deny user login in less than 3 second, to prevent flooding and race
 condition of multilogin checking.

git-svn-id: http://opensvn.csie.org/pttbbs/trunk/pttbbs@3337 63ad8ddf-47c3-0310-b6dd-a9e9d9715204
---
 cacheserver/utmpserver2.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

(limited to 'cacheserver')

diff --git a/cacheserver/utmpserver2.c b/cacheserver/utmpserver2.c
index 00e12eaa..3e68a174 100644
--- a/cacheserver/utmpserver2.c
+++ b/cacheserver/utmpserver2.c
@@ -29,8 +29,9 @@ int action_frequently(int uid)
     static time_t flood_base_minute;
     static time_t flood_base_hour;
     static struct {
-	unsigned short minute_count;
-	unsigned short hour_count;
+	unsigned short lastlogin; // truncated time_t
+	unsigned char minute_count;
+	unsigned char hour_count;
     } flooding[MAX_USERS];
 
     if(minute!=flood_base_minute) {
@@ -44,7 +45,8 @@ int action_frequently(int uid)
 	flood_base_hour=hour;
     }
 
-    if(flooding[uid].minute_count>30 ||
+    if(abs(flooding[uid].lastlogin-(unsigned short)now)<=3 ||
+	    flooding[uid].minute_count>30 ||
 	    flooding[uid].hour_count>60) {
 	count_flooding++;
 	return 2;
@@ -52,6 +54,7 @@ int action_frequently(int uid)
 
     flooding[uid].minute_count++;
     flooding[uid].hour_count++;
+    flooding[uid].lastlogin=now;
 
     if(flooding[uid].minute_count>5 ||
 	    flooding[uid].hour_count>20) {
-- 
cgit v1.2.3