jeans/WLED
jeans/WLED
1
0
Fork 0
mirror of https://github.com/wled/WLED.git synced 2025-07-19 16:56:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

Prevent brute force PIN guessing.

Browse Source
This commit is contained in:
Blaz Kristan 2022-03-03 18:49:32 +01:00
parent 2283c7a926
commit 03710f1fd2
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
wled00/wled_server.cpp
View File

@ -507,7 +507,8 @@ void serveSettings(AsyncWebServerRequest* request, bool post)
subPage = 252; // require PIN subPage = 252; // require PIN
} }
if (subPage == 1 && wifiLock && otaLock) // if OTA locked or too frequent PIN entry requests fail hard
if ((subPage == 1 && wifiLock && otaLock) || (post && !correctPIN && millis()-lastEditTime < 3000))
{ {
serveMessage(request, 500, "Access Denied", F("Please unlock OTA in security settings!"), 254); return; serveMessage(request, 500, "Access Denied", F("Please unlock OTA in security settings!"), 254); return;
} }
@ -527,7 +528,7 @@ void serveSettings(AsyncWebServerRequest* request, bool post)
case 6: strcpy_P(s, PSTR("Security")); if (doReboot) strcpy_P(s2, PSTR("Rebooting, please wait ~10 seconds...")); break; case 6: strcpy_P(s, PSTR("Security")); if (doReboot) strcpy_P(s2, PSTR("Rebooting, please wait ~10 seconds...")); break;
case 7: strcpy_P(s, PSTR("DMX")); break; case 7: strcpy_P(s, PSTR("DMX")); break;
case 8: strcpy_P(s, PSTR("Usermods")); break; case 8: strcpy_P(s, PSTR("Usermods")); break;
case 252: strcpy_P(s, correctPIN ? PSTR("PIN accepted") : PSTR("PIN rejected")); case 252: strcpy_P(s, correctPIN ? PSTR("PIN accepted") : PSTR("PIN rejected")); break;
} }
if (subPage != 252) strcat_P(s, PSTR(" settings saved.")); if (subPage != 252) strcat_P(s, PSTR(" settings saved."));