Commit f54ae3f81da4712fba23d7fbd2c05f354fb37f18
1 parent
b5cf956a
Mitigation d'attaque bruteforce
C'est toujours mieux que rien
Showing
1 changed file
with
3 additions
and
0 deletions
Show diff stats
api/utilisateur/connexion.php
| ... | ... | @@ -28,9 +28,11 @@ if (donne("login") && donne("mdp")) { |
| 28 | 28 | $requete->bind_result($mdpHash); |
| 29 | 29 | if ($requete->fetch()) { |
| 30 | 30 | if (!password_verify(donne("mdp"), $mdpHash)) { |
| 31 | + sleep(1); | |
| 31 | 32 | retour("identifiants_invalides"); // Mot de passe incorrect |
| 32 | 33 | } |
| 33 | 34 | } else { |
| 35 | + sleep(1); | |
| 34 | 36 | retour("identifiants_invalides"); // Identifiant inconnu |
| 35 | 37 | } |
| 36 | 38 | $requete->close(); |
| ... | ... | @@ -47,6 +49,7 @@ if (donne("login") && donne("mdp")) { |
| 47 | 49 | } |
| 48 | 50 | $requete->bind_result($login); |
| 49 | 51 | if (!$requete->fetch()) { |
| 52 | + sleep(1); | |
| 50 | 53 | retour("carte_inconnue"); |
| 51 | 54 | } |
| 52 | 55 | $requete->close(); | ... | ... |