Commit 48078284 authored by Imran Hussain's avatar Imran Hussain
Browse files

Merge branch 'ban-logic-fix' into 'master'

Fix some ban logic to be nicer to legit people

See merge request !5
parents 4f4939e5 dc4bc354
Pipeline #822 passed with stages
in 1 minute and 55 seconds
......@@ -35,8 +35,8 @@ $ipBan_result = $DB_CON->query("SELECT * FROM sessions WHERE ipaddr='${_SERVER["
$ipBan_details = $ipBan_result->fetchArray();
// if their last login attempt was less than 30 mins ago
// 30 mins to really punish ban avoiders
if ($ipBan_details["lastfailedlogintime"] <= strtotime("-30 minutes")) {
// 30 mins to really punish ban avoiders
if ( $ipBan_details["id"] !== $SESSIONID && $ipBan_details["lastfailedlogintime"] >= strtotime("-30 minutes") ) {
$RATELIMITED = true;
}
......@@ -55,7 +55,8 @@ if ( $details["id"] === $SESSIONID && !$RATELIMITED) {
if ($details["iss_username"] !== null) {
$ISS_LOGIN = true;
}
if ($details["lastfailedlogintime"] <= strtotime("-10 minutes")) {
// every 10 minutes give people not clearing their cookies 1 more go
if ($details["failedlogincount"] >= 3 && $details["lastfailedlogintime"] <= strtotime("-10 minutes")) {
$details["failedlogincount"] = 2;
}
if ($details["failedlogincount"] >= 3) {
......@@ -95,6 +96,9 @@ if ( isset($_POST["username"]) && isset($_POST["password"]) && !$RATELIMITED ) {
//do stuff for not authd peeps
$details["failedlogincount"] = $details["failedlogincount"] + 1;
$DB_CON->exec("UPDATE sessions SET failedlogincount=${details['failedlogincount']}, lastfailedlogintime=strftime('%s','now') WHERE id='${SESSIONID}'");
if ($details["failedlogincount"] >= 3) {
$RATELIMITED = true;
}
}
} elseif ( isset($_COOKIE["sucssite_session"]) && !$RATELIMITED) {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment