summaryrefslogtreecommitdiff
path: root/www/functions
diff options
context:
space:
mode:
Diffstat (limited to 'www/functions')
-rwxr-xr-xwww/functions/func_login.php36
1 files changed, 34 insertions, 2 deletions
diff --git a/www/functions/func_login.php b/www/functions/func_login.php
index e5b7aab..0f9f3e6 100755
--- a/www/functions/func_login.php
+++ b/www/functions/func_login.php
@@ -51,6 +51,38 @@ function logout(){
}
}
-function brutforce_protection(){
- $_SESSION["login_attempts"] = $_SESSION["login_attempts"] + 1;
+function brutforce_protection($db){
+ $_SESSION["login_attempts"] = $_SESSION["login_attempts"] - 1;
+
+ if($_SESSION["login_attempts"] <= 0){
+ $_SESSION["banned"] = true;
+ $remote_ip = $_SERVER["REMOTE_ADDR"];
+ $session_id = session_id();
+ $time = $_SERVER["REQUEST_TIME"];
+
+ if($db->exec("
+ BEGIN TRANSACTION;
+ INSERT INTO banned_user (id, ip, session_id, time) VALUES (NULL, '".SQLite3::escapeString($remote_ip)."', '".SQLite3::escapeString($session_id)."', ".$time.";
+ COMMIT;
+ ")){
+ echo "You are banned. ;_;":
+ }
+ exit;
+ }
+}
+
+function check_if_banned($db){
+
+ $remote_ip = $_SERVER["REMOTE_ADDR"];
+ $session_id = session_id();
+ $check_db = $db->query("SELECT time FROM banned_user WHERE ip='".SQLite3::escapeString($remote_ip)."' OR session_id='".SQLite3::escapeString($session_id)."';");
+ $check_ar = $check_db->fetchArray(SQLITE3_NUM)
+
+ $accepted_time = $_SERVER["REQUEST_TIME"] - 21600; // == 6h
+
+ if($check_ar[0] < $accepted_time){
+ return true; // not longer banned
+ } else {
+ return false; // still banned
+ }
}