diff options
| author | root | 2014-04-15 20:03:48 +0200 |
|---|---|---|
| committer | root | 2014-04-15 20:03:48 +0200 |
| commit | b4e9313612dd341e43e5dc998469ec346adea8c6 (patch) | |
| tree | 49f4ab238cf03d09b58ee9ef883f2e41f3e418a1 /www/functions | |
| parent | 34080a9121c4710610b2537175818aa1b9f4a6ce (diff) | |
| download | jungegemeinde-b4e9313612dd341e43e5dc998469ec346adea8c6.tar.gz | |
Added failure page and fixed brutforce protection.
Diffstat (limited to 'www/functions')
| -rwxr-xr-x | www/functions/func_login.php | 19 | ||||
| -rwxr-xr-x | www/functions/func_user.php | 6 |
2 files changed, 17 insertions, 8 deletions
diff --git a/www/functions/func_login.php b/www/functions/func_login.php index 63c7e61..ccd99db 100755 --- a/www/functions/func_login.php +++ b/www/functions/func_login.php @@ -28,7 +28,7 @@ function login($db){ } } - if (!password_verify($password, $real_password)) { + if (password_verify($password, $real_password)) { $log_in = true; } } @@ -38,6 +38,7 @@ function login($db){ return LOGIN_PASSWORD; } + $id = user_id($db, $username); $banned_db = $db->query("SELECT 1 FROM banned_user WHERE user=".$id); $banned_ar = $banned_db->fetchArray(SQLITE3_NUM); @@ -93,7 +94,7 @@ function brutforce_protection($db){ } else { if($db->exec(" BEGIN TRANSACTION; - INSERT INTO banned_user (id, login_attemps, ip, session_id, time) VALUES (NULL, ".$_SESSION["login_attempts"].", ".$db->escapeString($remote_ip).", '".SQLite3::escapeString($session_id)."', '".$time."'); + INSERT INTO banned_user (id, login_attempts, ip, session_id, time) VALUES (NULL, ".$_SESSION["login_attempts"].", '".$db->escapeString($remote_ip)."', '".SQLite3::escapeString($session_id)."', '".$time."'); COMMIT; ")){ return true; @@ -111,14 +112,18 @@ function check_if_banned($db){ $check_ar = $check_db->fetchArray(SQLITE3_NUM); $log_at = $check_ar[1]; - $_SESSION["login_attempts"] = $log_at; + if($log_at){ + $_SESSION["login_attempts"] = $log_at; + } $accepted_time = $_SERVER["REQUEST_TIME"] - 21600; // == 6h $db->exec("DELETE FROM banned_user WHERE time<'".$accepted_time."'"); - if($log_at == 0 && ($check_ar[0] < $accepted_time)){ - return false; // not longer banned - } else { - return true; // still banned + if($log_at <= 0){ + if($check_ar[0] >= $accepted_time){ + return true; // still banned + } } + + return false; // not longer banned } diff --git a/www/functions/func_user.php b/www/functions/func_user.php index d9e202d..8efd104 100755 --- a/www/functions/func_user.php +++ b/www/functions/func_user.php @@ -290,7 +290,11 @@ function user_id($db, $user){ } $owner = $owner_ar[0]; - return $owner; + if($owner != ""){ + return $owner; + } else { + return false; + } } function change_username($db, $oldname, $newname){ |