Unfortunately no one can be told what PunBB is - you have to see it for yourself.
You are not logged in. Please login or register.
Does anyone have some code already in use to prevent forgot password flooding?
The way 1.2.x works now there is nothing that keeps someone from entering a users email over and over requesting a new password.
I'll write this up for you real quick.
MySQL Query:
ALTER TABLE `users` ADD `last_pass_request` INT( 10 ) NOT NULLOpen Login.php
Find:
// Validate the email-address
$email = strtolower(trim($_POST['req_email']));
if (!is_valid_email($email))
message($lang_common['Invalid e-mail']);Add after:
$result = $db->query('SELECT 1 FROM '.$db->prefix.'users WHERE email=\''.$db->escape($email).'\' AND last_pass_request>'.(time() - 3600)) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
if ($db->num_rows($result))
message('A user has requested a new password too recently to send another. Please wait an hour or contact an admistrator.');
// Add the last password request for this email to the database
$db->query('UPDATE users SET last_pass_request="'.time().'" WHERE email="'.$db->escape($email).'"') or error('Unable to add last password request info to the database', __FILE__, __LINE__, $db->error());I tested and it worked on my local server. Let me know if there are any problems.
Last edited by Tieguy (2009-03-25 22:22:16)
Powered by PunBB, supported by Informer Technologies, Inc.
Currently installed 5 official extensions. Copyright © 2003–2009 PunBB.