From 549dffeef49ae25c89d4d1cc6c71c715edfb753f Mon Sep 17 00:00:00 2001
From: Andreas Baumann <mail@andreasbaumann.cc>
Date: Sun, 3 May 2015 15:39:25 +0200
Subject: some better sleeping on security critical errors

---
 src/user.cpp                 | 11 ++++++-----
 templates/not_found_404.tmpl |  2 +-
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/src/user.cpp b/src/user.cpp
index 6180c9d..942684f 100644
--- a/src/user.cpp
+++ b/src/user.cpp
@@ -52,6 +52,8 @@ void user::login( )
 			session( )["username"] = c.login.username.value( );
 			session( ).expose( "username" );
 			response( ).set_redirect_header( cms.root( ) );
+		} else {
+			booster::ptime::sleep( booster::ptime( 5, 0 ) );
 		}
 	}
 	
@@ -94,6 +96,8 @@ void user::register_user( )
 			} else {
 				response( ).set_redirect_header( cms.root( ) + "/confirm_register" );
 			}
+		} else {
+			booster::ptime::sleep( booster::ptime( 5, 0 ) );
 		}
 	}
 	
@@ -113,6 +117,8 @@ void user::confirm_register( )
 				booster::ptime::sleep( booster::ptime( 5, 0 ) );
 				c.confirm_register.code.valid( false );
 			}			
+		} else {
+			booster::ptime::sleep( booster::ptime( 5, 0 ) );
 		}
 	}
 
@@ -301,7 +307,6 @@ login_form::login_form( apps::strusCms &cms  )
 bool login_form::validate( )
 {
 	if( !form::validate( ) ) {
-		booster::ptime::sleep( booster::ptime( 5, 0 ) );
 		return false;
 	}
 
@@ -309,7 +314,6 @@ bool login_form::validate( )
 		username.valid( false );
 		password.valid( false );
 		password.clear( );
-		booster::ptime::sleep( booster::ptime( 5, 0 ) );
 		return false;
 	}
 		
@@ -358,7 +362,6 @@ bool register_user_form::validate( )
 		username.valid( false );
 		password.valid( false );
 		username.error_message( "Username is taken" );
-		booster::ptime::sleep( booster::ptime( 5, 0 ) );
 		return false;
 	}
 
@@ -366,14 +369,12 @@ bool register_user_form::validate( )
 		password.valid( false );
 		password2.valid( false );
 		password2.error_message( "Passwords didn't match" );
-		booster::ptime::sleep( booster::ptime( 5, 0 ) );
 		return false;
 	}
 
 	if( captcha.value( ).compare( cms.user.last_captcha ) != 0 ) {
 		captcha.valid( false );
 		captcha.clear( );
-		booster::ptime::sleep( booster::ptime( 5, 0 ) );
 		return false;
 	}
 		
diff --git a/templates/not_found_404.tmpl b/templates/not_found_404.tmpl
index 4d7f4e0..01699d3 100644
--- a/templates/not_found_404.tmpl
+++ b/templates/not_found_404.tmpl
@@ -9,7 +9,7 @@
 <% template page_content() %>  
 	<div>
 		We are sorry to inform you that somebody run away with
-		your page at URL <%= url %>.
+		your page at URL '<%= url %>'.
 	</div>
 <% end template %>  
 
-- 
cgit v1.2.3-54-g00ecf