Treat every login failure with no password available as unique

When loginFailure() is called with NULL for the password argument, that indicates there was no password available (e.g. an aborted login attempt) - treat each of these as a unique (not duplicate) failed-login attempt. This'll trigger ban/filter thresholds sooner for clients that hammer servers and disconnect mid-login.

Treat every login failure with no password available as unique
1e9d5c2c · Rob Swindell · ade7841e · 1e9d5c2c
Commit 1e9d5c2c authored 4 years ago by Rob Swindell
--- a/src/sbbs3/userdat.c
+++ b/src/sbbs3/userdat.c
@@ -3253,7 +3253,7 @@ ulong loginFailure(link_list_t* list, const union xp_sockaddr* addr, const char*
 	if((node=login_attempted(list, addr)) != NULL) {
 		attempt=node->data;
 		/* Don't count consecutive duplicate attempts (same name and password): */
-		if((user!=NULL && strcmp(attempt->user,user)==0) && (pass==NULL || strcmp(attempt->pass,pass)==0))
+		if((user!=NULL && strcmp(attempt->user,user)==0) && (pass!=NULL && strcmp(attempt->pass,pass)==0))
 			attempt->dupes++;
 	}
 	SAFECOPY(attempt->prot,prot);