diff --git a/server/_user b/server/_user
index 65e38db..3a3e6a1 100644
--- a/server/_user
+++ b/server/_user
@@ -1,6 +1,6 @@
Unable to load database for user $user !
");
return null;
}
+
+ list($usec, $sec) = explode(" ", microtime());
+ $usec = $usec + $sec*1000;
+
+ try {
+ $last_time = $db->querySingle("SELECT last_access_time FROM conf");
+ if ($last_time <= $usec &&
+ ($usec - $last_time) < $REQUESTS_MIN_DELAY)
+ {
+ // Brute force ??
+ $db->close();
+ return null;
+ }
+ $db->query("UPDATE conf SET last_access_time=$usec");
+ $db->close();
+ $db = new SQLite3("./gpass.bdd", SQLITE3_OPEN_READONLY);
+ }
+ catch(Exception $e)
+ {
+ $db->close();
+ die("Unable to load database for user $user !
");
+ return null;
+ }
+
return $db;
}
@@ -45,7 +71,7 @@ echo "protocol=gpass-$PROTOCOL_VERSION\n";
if ($PKDBF2_LEVEL != 1000)
echo "pkdbf2_level=$PKDBF2_LEVEL\n";
-for ($i=0; isset($_POST["k$i"]); $i++)
+for ($i=0; $i<$MAX_PASSWORDS_PER_REQUEST && isset($_POST["k$i"]); $i++)
{
$statement->bindValue(":login", addslashes($_POST["k$i"]));
$result = $statement->execute();
diff --git a/server/conf.php b/server/conf.php
index 28c005c..dbc8844 100644
--- a/server/conf.php
+++ b/server/conf.php
@@ -1,6 +1,6 @@
\ No newline at end of file