Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
sucssite
sso
Commits
48078284
Commit
48078284
authored
Dec 22, 2021
by
Imran Hussain
Browse files
Merge branch 'ban-logic-fix' into 'master'
Fix some ban logic to be nicer to legit people See merge request
!5
parents
4f4939e5
dc4bc354
Pipeline
#822
passed with stages
in 1 minute and 55 seconds
Changes
1
Pipelines
1
Hide whitespace changes
Inline
Side-by-side
public/index.php
View file @
48078284
...
...
@@ -35,8 +35,8 @@ $ipBan_result = $DB_CON->query("SELECT * FROM sessions WHERE ipaddr='${_SERVER["
$ipBan_details
=
$ipBan_result
->
fetchArray
();
// if their last login attempt was less than 30 mins ago
// 30 mins to really punish ban avoiders
if
(
$ipBan_details
[
"lastfailedlogintime"
]
<
=
strtotime
(
"-30 minutes"
))
{
// 30 mins to really punish ban avoiders
if
(
$ipBan_details
[
"id"
]
!==
$SESSIONID
&&
$ipBan_details
[
"lastfailedlogintime"
]
>
=
strtotime
(
"-30 minutes"
)
)
{
$RATELIMITED
=
true
;
}
...
...
@@ -55,7 +55,8 @@ if ( $details["id"] === $SESSIONID && !$RATELIMITED) {
if
(
$details
[
"iss_username"
]
!==
null
)
{
$ISS_LOGIN
=
true
;
}
if
(
$details
[
"lastfailedlogintime"
]
<=
strtotime
(
"-10 minutes"
))
{
// every 10 minutes give people not clearing their cookies 1 more go
if
(
$details
[
"failedlogincount"
]
>=
3
&&
$details
[
"lastfailedlogintime"
]
<=
strtotime
(
"-10 minutes"
))
{
$details
[
"failedlogincount"
]
=
2
;
}
if
(
$details
[
"failedlogincount"
]
>=
3
)
{
...
...
@@ -95,6 +96,9 @@ if ( isset($_POST["username"]) && isset($_POST["password"]) && !$RATELIMITED ) {
//do stuff for not authd peeps
$details
[
"failedlogincount"
]
=
$details
[
"failedlogincount"
]
+
1
;
$DB_CON
->
exec
(
"UPDATE sessions SET failedlogincount=${details['failedlogincount']}, lastfailedlogintime=strftime('%s','now') WHERE id='${SESSIONID}'"
);
if
(
$details
[
"failedlogincount"
]
>=
3
)
{
$RATELIMITED
=
true
;
}
}
}
elseif
(
isset
(
$_COOKIE
[
"sucssite_session"
])
&&
!
$RATELIMITED
)
{
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment