diff options
| author | Horus3 | 2014-04-15 18:57:29 +0200 |
|---|---|---|
| committer | Horus3 | 2014-04-15 18:57:29 +0200 |
| commit | 34080a9121c4710610b2537175818aa1b9f4a6ce (patch) | |
| tree | 1f2d6622fadcc1cb4c83f7d1eedeffdf17dd9a35 | |
| parent | 0af7fafcd5a61eb1bd81c21eb93a99e3a4374648 (diff) | |
| download | jungegemeinde-34080a9121c4710610b2537175818aa1b9f4a6ce.tar.gz | |
Security bugfix: Checks now the last login attempt, not the first.
| -rwxr-xr-x | www/functions/func_login.php | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/www/functions/func_login.php b/www/functions/func_login.php index 166c835..63c7e61 100755 --- a/www/functions/func_login.php +++ b/www/functions/func_login.php @@ -93,16 +93,21 @@ function brutforce_protection($db){ } else { if($db->exec(" BEGIN TRANSACTION; - INSERT INTO banned_user (id, login_attemps, ip, session_id) VALUES (NULL, ".$_SESSION["login_attempts"].", ".$db->escapeString($remote_ip).", '".SQLite3::escapeString($session_id)."'); + INSERT INTO banned_user (id, login_attemps, ip, session_id, time) VALUES (NULL, ".$_SESSION["login_attempts"].", ".$db->escapeString($remote_ip).", '".SQLite3::escapeString($session_id)."', '".$time."'); COMMIT; - ")) + ")){ + return true; + } else { + return false; + } } } function check_if_banned($db){ + $remote_ip = $_SERVER["REMOTE_ADDR"]; $session_id = session_id(); - $check_db = $db->query("SELECT time, login_attempts, id FROM banned_user WHERE ip='".SQLite3::escapeString($remote_ip)."' OR session_id='".SQLite3::escapeString($session_id)."';"); + $check_db = $db->query("SELECT time, login_attempts, id FROM banned_user WHERE ip='".SQLite3::escapeString($remote_ip)."' OR session_id='".SQLite3::escapeString($session_id)."' ORDER BY id DESC;"); $check_ar = $check_db->fetchArray(SQLITE3_NUM); $log_at = $check_ar[1]; |