diff --git a/APPL/FAC/fac_verify.inc b/APPL/FAC/fac_verify.inc index 6d7921a413..a8451838f5 100644 --- a/APPL/FAC/fac_verify.inc +++ b/APPL/FAC/fac_verify.inc @@ -1492,7 +1492,7 @@ function DumpCollection(pCollection, title) var line = "" + pCollection.key(i); // + " type: " + typeof pCollection(i) + " cons: " + pCollection(i).constructor if (typeof pCollection(i) != "object" || pCollection(i) === null || !pCollection.HasKeys) { - line += "" + Server.HTMLEncode(String(pCollection(i))) + line += "" + Server.HTMLEncode(String(pCollection(i))).replace(/\n/g, "
"); } else { diff --git a/APPL/Shared/Login.inc b/APPL/Shared/Login.inc index 0f10508261..96b8e083be 100644 --- a/APPL/Shared/Login.inc +++ b/APPL/Shared/Login.inc @@ -556,6 +556,64 @@ function tryLogin(username, wachtwoord, params) if (username.indexOf("\\") > -1) username = username.split("\\")[1]; // strip domain name + // Brute force protection + S_login_attempts = 5; // daarboven lockout + S_login_lockout_delay = 0.2; // zoveel seconde * 2^attempts + S_login_lockout_delayfactor = 2; // De basis van de delay-groei + S_login_lockout_expire = 15; // zoveel minuten + + var lockout_name = customerId + "_LOGINATTEMPTS"; + var dtExpire = new Date(); + dtExpire.setMinutes(dtExpire.getMinutes() - S_login_lockout_expire); + + Application.Lock(); + { + var lockout = myJSON.parse(Application(lockout_name) || "[]"); + var found = 0; + for (var i = 0; i < lockout.length; i++) + { + var lockdata = lockout[i]; + if (lockdata.lastdate < dtExpire) // Als laatste fout poging 15 minuten geleden is vergeten we alles + { + lockout.splice(i, 1); // verwijderen + i--; + continue; + } + if (lockdata.username == username.toLowerCase()) + { + found = true; + lockdata.count ++; + lockdata.lastdate = new Date(); + } + } + if (!found) + { + lockdata = { username: username.toLowerCase(), + count: 1, + firstdate: new Date(), + lastdate: new Date() + } + lockout.push(lockdata); + } + Application(lockout_name) = JSON.stringify(lockout).replace(/\{/g, "\n{"); + } + Application.UnLock(); + + if (lockdata.count > S_login_attempts) + { + var dtRetry = new Date(); + dtRetry.setMinutes(dtRetry.getMinutes() + S_login_lockout_expire); + login_fail_reason = "To many failed login attempts for {0}.\nPlease wait until {1} before trying again.".format(username, toISODateTimeString(dtRetry)); + return false; + } + if (lockdata.count > 1) + { + var oSLNKDWF = new ActiveXObject("SLNKDWF.About"); + // maximaal 80 seconde slapen, anders ASP-timeout + var sleepsec = Math.min(80, S_login_lockout_delay * Math.pow(S_login_lockout_delayfactor, lockdata.count - 1)); + oSLNKDWF.Sleep(1000 * sleepsec); + } + var logins = []; if (S("login_use_email")) { @@ -618,6 +676,24 @@ function tryLogin(username, wachtwoord, params) /* global */ otp_user_key = oRs("prs_perslid_key").Value; oRs.Close(); + + if (user_key > 0) + { // Success! Wis eventuele lockout + Application.Lock(); + var lockout = myJSON.parse(Application(lockout_name) || "[]"); + for (var i = 0; i < lockout.length; i++) + { + var lockdata = lockout[i]; + if (lockdata.username == username.toLowerCase()) + { + lockout.splice(i, 1); // verwijderen + i--; + } + } + Application(lockout_name) = JSON.stringify(lockout); + Application.UnLock(); + } + return true; }