From 6419201108e177b9547fda1fe9141989cf9db806 Mon Sep 17 00:00:00 2001
From: moehm
Date: Fri, 28 Mar 2014 22:39:47 +0100
Subject: Butforce protection, now banns malicious user.

---
 www/index.php | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

(limited to 'www/index.php')

diff --git a/www/index.php b/www/index.php
index d7adf38..be63506 100755
--- a/www/index.php
+++ b/www/index.php
@@ -14,8 +14,16 @@ if(!isset($_SESSION["banned"])){
 }
 
 if($_SESSION["banned"]){
-	echo "You are banned.";
-	exit;
+	if(check_if_banned($db)){
+		$_SESSION["banned"] = false;
+	} else {
+		echo "You are banned. ;_;";
+		exit;
+	}
+}
+
+if(!isset($_SESSION["login_attempts"])){
+	$_SESSION["login_attempts"] = 6;
 }
 
 if(empty($_GET)){
@@ -40,8 +48,12 @@ if(empty($_GET)){
 				if($_SERVER['REQUEST_METHOD'] == 'POST'){
 					$var = login($db);
 					if($var == LOGIN_SUCCESSFULL){
+						$_SESSION["login_attempts"] = 6;
 						header("Refresh: 0; ".$scheme.$_SERVER["HTTP_HOST"]."/".$_SESSION["username"]);
-						//account($db);
+					} elseif ($var == LOGIN_PASSWORD){
+						brutforce_protection($db);
+						print_login($var);
+
 					} else {
 						print_login($var);
 					}
-- 
cgit v1.2.3