query("SELECT password FROM user WHERE name='" . $safe_username . "';"); while($real_password_array = $real_password_db->fetchArray(SQLITE3_NUM)){ foreach($real_password_array as $secondelement){ $real_password=$secondelement; } } /*___Login___*/ if (!password_verify($password, $real_password)) { return LOGIN_PASSWORD; } if($db->exec(" BEGIN TRANSACTION; INSERT INTO log (id, user, login) VALUES (NULL, (SELECT id FROM user WHERE name='" . $username . "'), (SELECT strftime('%s', 'now'))); COMMIT; ")){ $id = user_id($db, $username); $_SESSION["login"] = true; $_SESSION["username"] = $username; $_SESSION["userid"] = $id; return LOGIN_SUCCESSFULL; } else { return LOGIN_DATABASE; } } function logout(){ if(session_destroy()){ return LOGOUT_SUCCESSFULL; } else { return LOGOUT_FAILURE; } } function brutforce_protection($db){ $_SESSION["login_attempts"] = $_SESSION["login_attempts"] - 1; if($_SESSION["login_attempts"] <= 0){ $remote_ip = $_SERVER["REMOTE_ADDR"]; $session_id = session_id(); $time = $_SERVER["REQUEST_TIME"]; if($db->exec(" BEGIN TRANSACTION; INSERT INTO banned_user (id, ip, session_id, time) VALUES (NULL, '".SQLite3::escapeString($remote_ip)."', '".SQLite3::escapeString($session_id)."', ".$time."); COMMIT; ")){ echo "You are banned. ;_;"; } exit; } } function check_if_banned($db){ $remote_ip = $_SERVER["REMOTE_ADDR"]; $session_id = session_id(); $check_db = $db->query("SELECT time FROM banned_user WHERE ip='".SQLite3::escapeString($remote_ip)."' OR session_id='".SQLite3::escapeString($session_id)."';"); $check_ar = $check_db->fetchArray(SQLITE3_NUM); $accepted_time = $_SERVER["REQUEST_TIME"] - 21600; // == 6h if($check_ar[0] < $accepted_time){ return false; // not longer banned } else { return true; // still banned } }