diff --git a/plugins/box/users/languages/de.lang.php b/plugins/box/users/languages/de.lang.php
index 1502168..1b97691 100644
--- a/plugins/box/users/languages/de.lang.php
+++ b/plugins/box/users/languages/de.lang.php
@@ -63,5 +63,6 @@
'Your login details for :site_name' => 'Deine Login-Daten für :site_name',
'About Me' => 'Über Mich',
'Profile' => 'Profil',
+ 'You are banned for 10 minutes. Try again later' => 'You are banned for 10 minutes. Try again later',
)
);
diff --git a/plugins/box/users/languages/en.lang.php b/plugins/box/users/languages/en.lang.php
index f5acb50..b96718f 100644
--- a/plugins/box/users/languages/en.lang.php
+++ b/plugins/box/users/languages/en.lang.php
@@ -63,5 +63,6 @@
'Your login details for :site_name' => 'Your login details for :site_name',
'About Me' => 'About Me',
'Profile' => 'Profile',
+ 'You are banned for 10 minutes. Try again later' => 'You are banned for 10 minutes. Try again later',
)
);
diff --git a/plugins/box/users/languages/es.lang.php b/plugins/box/users/languages/es.lang.php
index f5c906c..a713ed2 100644
--- a/plugins/box/users/languages/es.lang.php
+++ b/plugins/box/users/languages/es.lang.php
@@ -63,5 +63,6 @@
'Your login details for :site_name' => 'Detalles para entrar en :site_name',
'About Me' => 'Sobre mi',
'Profile' => 'Perfil',
+ 'You are banned for 10 minutes. Try again later' => 'You are banned for 10 minutes. Try again later',
)
);
\ No newline at end of file
diff --git a/plugins/box/users/languages/fa.lang.php b/plugins/box/users/languages/fa.lang.php
index ead1eb2..6c37268 100644
--- a/plugins/box/users/languages/fa.lang.php
+++ b/plugins/box/users/languages/fa.lang.php
@@ -63,5 +63,6 @@
'Your login details for :site_name' => 'جزئیات ورود شما برای :site_name',
'About Me' => 'درباره من',
'Profile' => 'پروفایل',
+ 'You are banned for 10 minutes. Try again later' => 'You are banned for 10 minutes. Try again later',
)
);
diff --git a/plugins/box/users/languages/fr.lang.php b/plugins/box/users/languages/fr.lang.php
index f956884..48b0854 100644
--- a/plugins/box/users/languages/fr.lang.php
+++ b/plugins/box/users/languages/fr.lang.php
@@ -63,5 +63,6 @@
'Your login details for :site_name' => 'Vos identifiants de connexion pour :site_name',
'About Me' => 'A propos de moi',
'Profile' => 'Profil',
+ 'You are banned for 10 minutes. Try again later' => 'You are banned for 10 minutes. Try again later',
)
);
\ No newline at end of file
diff --git a/plugins/box/users/languages/hu.lang.php b/plugins/box/users/languages/hu.lang.php
index da004ca..34ee5d5 100644
--- a/plugins/box/users/languages/hu.lang.php
+++ b/plugins/box/users/languages/hu.lang.php
@@ -63,5 +63,6 @@
'Your login details for :site_name' => 'Belépési adatok a(z) :site_name weboldalhoz',
'About Me' => 'Rólam',
'Profile' => 'Profil',
+ 'You are banned for 10 minutes. Try again later' => 'You are banned for 10 minutes. Try again later',
)
);
\ No newline at end of file
diff --git a/plugins/box/users/languages/it.lang.php b/plugins/box/users/languages/it.lang.php
index 93d9bb2..a1fe2e7 100644
--- a/plugins/box/users/languages/it.lang.php
+++ b/plugins/box/users/languages/it.lang.php
@@ -60,5 +60,6 @@
'Your login details for :site_name' => 'I tuoi dati di accesso per :site_name',
'About Me' => 'Su di me',
'Profile' => 'Profilo',
+ 'You are banned for 10 minutes. Try again later' => 'You are banned for 10 minutes. Try again later',
)
);
diff --git a/plugins/box/users/languages/lt.lang.php b/plugins/box/users/languages/lt.lang.php
index 6dde2a1..3922bfa 100644
--- a/plugins/box/users/languages/lt.lang.php
+++ b/plugins/box/users/languages/lt.lang.php
@@ -62,5 +62,6 @@
'Your login details for :site_name' => 'Prisijungimo prie :site_name detalės',
'About Me' => 'Apie mane',
'Profile' => 'Profilis',
+ 'You are banned for 10 minutes. Try again later' => 'You are banned for 10 minutes. Try again later',
)
);
diff --git a/plugins/box/users/languages/pt-br.lang.php b/plugins/box/users/languages/pt-br.lang.php
index 9f27f5c..83b8a35 100644
--- a/plugins/box/users/languages/pt-br.lang.php
+++ b/plugins/box/users/languages/pt-br.lang.php
@@ -63,5 +63,6 @@
'Your login details for :site_name' => 'Seu novo login para o site :site_name',
'About Me' => 'Sobre mim',
'Profile' => 'Perfil',
+ 'You are banned for 10 minutes. Try again later' => 'You are banned for 10 minutes. Try again later',
)
);
diff --git a/plugins/box/users/languages/ru.lang.php b/plugins/box/users/languages/ru.lang.php
index aa4d938..418da16 100644
--- a/plugins/box/users/languages/ru.lang.php
+++ b/plugins/box/users/languages/ru.lang.php
@@ -61,5 +61,6 @@
'Your login details for :site_name' => 'Ваши данные для доступа к :site_name',
'About Me' => 'Обо мне',
'Profile' => 'Профиль',
+ 'You are banned for 10 minutes. Try again later' => 'You are banned for 10 minutes. Try again later',
)
);
diff --git a/plugins/box/users/languages/sk.lang.php b/plugins/box/users/languages/sk.lang.php
index 7b64e9b..eb2752c 100644
--- a/plugins/box/users/languages/sk.lang.php
+++ b/plugins/box/users/languages/sk.lang.php
@@ -63,5 +63,6 @@
'Your login details for :site_name' => 'Vaše prihlasovacie detaily pre :site_name',
'About Me' => 'O mne',
'Profile' => 'Profil',
+ 'You are banned for 10 minutes. Try again later' => 'You are banned for 10 minutes. Try again later',
)
);
diff --git a/plugins/box/users/languages/sr-yu.lang.php b/plugins/box/users/languages/sr-yu.lang.php
index 2a722a2..063f927 100644
--- a/plugins/box/users/languages/sr-yu.lang.php
+++ b/plugins/box/users/languages/sr-yu.lang.php
@@ -63,5 +63,6 @@
'Your login details for :site_name' => 'Vaši podaci za logovanje na :site_name',
'About Me' => 'O meni',
'Profile' => 'Profil',
+ 'You are banned for 10 minutes. Try again later' => 'You are banned for 10 minutes. Try again later',
)
);
\ No newline at end of file
diff --git a/plugins/box/users/languages/uk.lang.php b/plugins/box/users/languages/uk.lang.php
index 5e50577..8848235 100644
--- a/plugins/box/users/languages/uk.lang.php
+++ b/plugins/box/users/languages/uk.lang.php
@@ -61,5 +61,6 @@
'Your login details for :site_name' => 'Ваші дані для доступу до :site_name',
'About Me' => 'Про мене',
'Profile' => 'Профіль',
+ 'You are banned for 10 minutes. Try again later' => 'You are banned for 10 minutes. Try again later',
)
);
diff --git a/plugins/box/users/users.plugin.php b/plugins/box/users/users.plugin.php
index 5a35e2b..361585a 100644
--- a/plugins/box/users/users.plugin.php
+++ b/plugins/box/users/users.plugin.php
@@ -383,31 +383,59 @@ class Users extends Frontend
// Login Form Submit
if (Request::post('login_submit')) {
- // Check csrf
- if (Security::check(Request::post('csrf'))) {
+ if (Cookie::get('login_attempts') && Cookie::get('login_attempts') >= 5) {
+
+ Notification::setNow('error', __('You are banned for 10 minutes. Try again later', 'users'));
- $user = Users::$users->select("[login='" . trim(Request::post('username')) . "']", null);
+ } else {
- if (count($user) !== 0) {
- if ($user['login'] == Request::post('username')) {
- if (trim($user['password']) == Security::encryptPassword(Request::post('password'))) {
- if ($user['role'] == 'admin' || $user['role'] == 'editor') {
- Session::set('admin', true);
+ // Check csrf
+ if (Security::check(Request::post('csrf'))) {
+
+ $user = Users::$users->select("[login='" . trim(Request::post('username')) . "']", null);
+
+ if (count($user) !== 0) {
+ if ($user['login'] == Request::post('username')) {
+ if (trim($user['password']) == Security::encryptPassword(Request::post('password'))) {
+ if ($user['role'] == 'admin' || $user['role'] == 'editor') {
+ Session::set('admin', true);
+ }
+ Session::set('user_id', (int) $user['id']);
+ Session::set('user_login', (string) $user['login']);
+ Session::set('user_role', (string) $user['role']);
+ Request::redirect(Site::url().'users/'.Session::get('user_id'));
+ } else {
+ Notification::setNow('error', __('Wrong username or password', 'users'));
+
+ if (Cookie::get('login_attempts')) {
+ if (Cookie::get('login_attempts') < 5) {
+ $attempts = Cookie::get('login_attempts') + 1;
+ Cookie::set('login_attempts', $attempts , 600);
+ } else {
+ Notification::setNow('error', __('You are banned for 10 minutes. Try again later', 'users'));
+ }
+ } else {
+ Cookie::set('login_attempts', 1, 600);
+ }
+ }
+ }
+ } else {
+ Notification::setNow('error', __('Wrong username or password', 'users'));
+
+ if (Cookie::get('login_attempts')) {
+ if (Cookie::get('login_attempts') < 5) {
+ $attempts = Cookie::get('login_attempts') + 1;
+ Cookie::set('login_attempts', $attempts , 600);
+ } else {
+ Notification::setNow('error', __('You are banned for 10 minutes. Try again later', 'users'));
}
- Session::set('user_id', (int) $user['id']);
- Session::set('user_login', (string) $user['login']);
- Session::set('user_role', (string) $user['role']);
- Request::redirect(Site::url().'users/'.Session::get('user_id'));
} else {
- Notification::setNow('error', __('Wrong username or password', 'users'));
+ Cookie::set('login_attempts', 1, 600);
}
}
- } else {
- Notification::setNow('error', __('Wrong username or password', 'users'));
- }
-
- } else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); }
+ } else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); }
+ }
}
View::factory('box/users/views/frontend/login')->display();