Add two new protections : REQUESTS_MIN_DELAY and MAX_PASSWORDS_PER_REQUEST (see conf.php)

server/_user

@@ -1,6 +1,6 @@
 <?php
 /*
-  Copyright (C) 2013-2014 Grégory Soutadé
+  Copyright (C) 2013-2015 Grégory Soutadé
   
   This file is part of gPass.
   
@@ -22,14 +22,40 @@ include("conf.php");
 
 function load_database()
 {
+    global $REQUESTS_MIN_DELAY;
+
     try {
-        $db = new SQLite3("./gpass.bdd", SQLITE3_OPEN_READONLY);
+        $db = new SQLite3("./gpass.bdd", SQLITE3_OPEN_READWRITE);
     }
     catch(Exception $e)
     {
         die("<b>Unable to load database for user $user !</b><br/>");
         return null;
     }
+
+    list($usec, $sec) = explode(" ", microtime());
+    $usec = $usec + $sec*1000;
+
+    try {
+        $last_time = $db->querySingle("SELECT last_access_time FROM conf");
+        if ($last_time <= $usec &&
+        ($usec - $last_time) < $REQUESTS_MIN_DELAY)
+        {
+            // Brute force ??
+            $db->close();
+            return null;
+        }
+        $db->query("UPDATE conf SET last_access_time=$usec");
+        $db->close();
+        $db = new SQLite3("./gpass.bdd", SQLITE3_OPEN_READONLY);
+    }
+    catch(Exception $e)
+    {
+        $db->close();
+        die("<b>Unable to load database for user $user !</b><br/>");
+        return null;
+    }
+
     return $db;
 }
 
@@ -45,7 +71,7 @@ echo "protocol=gpass-$PROTOCOL_VERSION\n";
 if ($PKDBF2_LEVEL != 1000)
     echo "pkdbf2_level=$PKDBF2_LEVEL\n";
 
-for ($i=0; isset($_POST["k$i"]); $i++)
+for ($i=0; $i<$MAX_PASSWORDS_PER_REQUEST && isset($_POST["k$i"]); $i++)
 {
     $statement->bindValue(":login", addslashes($_POST["k$i"]));
     $result = $statement->execute();