diff options
| author | moehm | 2014-03-28 22:39:47 +0100 |
|---|---|---|
| committer | moehm | 2014-03-28 22:39:47 +0100 |
| commit | 6419201108e177b9547fda1fe9141989cf9db806 (patch) | |
| tree | 40e86d5b787b4b9e10f65c40d8dc91794d0b2bfb /www/functions | |
| parent | ed5dabd4df988f63d300fa4ed6cc388990b0fdfb (diff) | |
| download | files.iamfabulous.de-6419201108e177b9547fda1fe9141989cf9db806.tar.gz | |
Butforce protection, now banns malicious user.
Diffstat (limited to 'www/functions')
| -rwxr-xr-x | www/functions/func_login.php | 36 |
1 files changed, 34 insertions, 2 deletions
diff --git a/www/functions/func_login.php b/www/functions/func_login.php index e5b7aab..0f9f3e6 100755 --- a/www/functions/func_login.php +++ b/www/functions/func_login.php @@ -51,6 +51,38 @@ function logout(){ } } -function brutforce_protection(){ - $_SESSION["login_attempts"] = $_SESSION["login_attempts"] + 1; +function brutforce_protection($db){ + $_SESSION["login_attempts"] = $_SESSION["login_attempts"] - 1; + + if($_SESSION["login_attempts"] <= 0){ + $_SESSION["banned"] = true; + $remote_ip = $_SERVER["REMOTE_ADDR"]; + $session_id = session_id(); + $time = $_SERVER["REQUEST_TIME"]; + + if($db->exec(" + BEGIN TRANSACTION; + INSERT INTO banned_user (id, ip, session_id, time) VALUES (NULL, '".SQLite3::escapeString($remote_ip)."', '".SQLite3::escapeString($session_id)."', ".$time."; + COMMIT; + ")){ + echo "You are banned. ;_;": + } + exit; + } +} + +function check_if_banned($db){ + + $remote_ip = $_SERVER["REMOTE_ADDR"]; + $session_id = session_id(); + $check_db = $db->query("SELECT time FROM banned_user WHERE ip='".SQLite3::escapeString($remote_ip)."' OR session_id='".SQLite3::escapeString($session_id)."';"); + $check_ar = $check_db->fetchArray(SQLITE3_NUM) + + $accepted_time = $_SERVER["REQUEST_TIME"] - 21600; // == 6h + + if($check_ar[0] < $accepted_time){ + return true; // not longer banned + } else { + return false; // still banned + } } |