diff options
| author | Horus3 | 2014-04-16 13:43:34 +0200 |
|---|---|---|
| committer | Horus3 | 2014-04-16 13:43:34 +0200 |
| commit | b70acc4bce1450a726cf50a2f2f09539d74252b0 (patch) | |
| tree | fd8b70beb7bbe57534137f3b19ea7c0f6fa0191a /www/functions | |
| parent | 3dc852b163daba5fa59499215f8b725a6f0a39eb (diff) | |
| download | files.iamfabulous.de-b70acc4bce1450a726cf50a2f2f09539d74252b0.tar.gz | |
Improved brutforce protection and added ban page.
Diffstat (limited to 'www/functions')
| -rwxr-xr-x | www/functions/func_login.php | 49 |
1 files changed, 36 insertions, 13 deletions
diff --git a/www/functions/func_login.php b/www/functions/func_login.php index a4d4696..afd116c 100755 --- a/www/functions/func_login.php +++ b/www/functions/func_login.php @@ -54,19 +54,29 @@ function logout(){ function brutforce_protection($db){ $_SESSION["login_attempts"] = $_SESSION["login_attempts"] - 1; + $remote_ip = $_SERVER["REMOTE_ADDR"]; + $session_id = session_id(); + $time = $_SERVER["REQUEST_TIME"]; + if($_SESSION["login_attempts"] <= 0){ - $remote_ip = $_SERVER["REMOTE_ADDR"]; - $session_id = session_id(); - $time = $_SERVER["REQUEST_TIME"]; - if($db->exec(" + $db->exec(" BEGIN TRANSACTION; INSERT INTO banned_user (id, ip, session_id, time) VALUES (NULL, '".SQLite3::escapeString($remote_ip)."', '".SQLite3::escapeString($session_id)."', ".$time."); COMMIT; - ")){ - echo "You are banned. ;_;"; - } - exit; + ") + banned(); + + } else { + if($db->exec(" + BEGIN TRANSACTION; + INSERT INTO banned_user (id, login_attemps, ip, session_id, time) VALUES (NULL, ".$_SESSION["login_attempts"].", ".$db->escapeString($remote_ip).", '".SQLite3::escapeString($session_id) ."', '".$time."'); + COMMIT; + ")){ + return true; + } else { + return false; + } } } @@ -74,14 +84,27 @@ function check_if_banned($db){ $remote_ip = $_SERVER["REMOTE_ADDR"]; $session_id = session_id(); - $check_db = $db->query("SELECT time FROM banned_user WHERE ip='".SQLite3::escapeString($remote_ip)."' OR session_id='".SQLite3::escapeString($session_id)."';"); + $check_db = $db->query("SELECT time, login_attempts, id FROM banned_user WHERE ip='".SQLite3::escapeString($remote_ip)."' OR session_id='".SQLite3::escapeString($session_id)."' ORDER BY id DESC;"); $check_ar = $check_db->fetchArray(SQLITE3_NUM); + $log_at = $check_ar[1]; + if($log_at){ + $_SESSION["login_attempts"] = $log_at; + } + $accepted_time = $_SERVER["REQUEST_TIME"] - 21600; // == 6h + $db->exec("DELETE FROM banned_user WHERE time<'".$accepted_time."'"); - if($check_ar[0] < $accepted_time){ - return false; // not longer banned - } else { - return true; // still banned + if($log_at <= 0) + if ($check_ar[0] >= $accepted_time){ + return true; // still banned + } } + + return false; // not longer banned +} + +function banned(){ + header("Refresh: 0; ".$GLOBALS["scheme"].$_SERVER["HTTP_HOST"]."/banned"); + exit; } |