From 2c34eb68d43a8790c45d53a49c523e694e0416f3 Mon Sep 17 00:00:00 2001 From: Awilum Date: Sun, 30 Jun 2013 16:27:01 +0300 Subject: [PATCH] Added limits for login attempts #104 --- plugins/box/users/languages/de.lang.php | 1 + plugins/box/users/languages/en.lang.php | 1 + plugins/box/users/languages/es.lang.php | 1 + plugins/box/users/languages/fa.lang.php | 1 + plugins/box/users/languages/fr.lang.php | 1 + plugins/box/users/languages/hu.lang.php | 1 + plugins/box/users/languages/it.lang.php | 1 + plugins/box/users/languages/lt.lang.php | 1 + plugins/box/users/languages/pt-br.lang.php | 1 + plugins/box/users/languages/ru.lang.php | 1 + plugins/box/users/languages/sk.lang.php | 1 + plugins/box/users/languages/sr-yu.lang.php | 1 + plugins/box/users/languages/uk.lang.php | 1 + plugins/box/users/users.plugin.php | 64 ++++++++++++++++------ 14 files changed, 59 insertions(+), 18 deletions(-) diff --git a/plugins/box/users/languages/de.lang.php b/plugins/box/users/languages/de.lang.php index 1502168..1b97691 100644 --- a/plugins/box/users/languages/de.lang.php +++ b/plugins/box/users/languages/de.lang.php @@ -63,5 +63,6 @@ 'Your login details for :site_name' => 'Deine Login-Daten für :site_name', 'About Me' => 'Über Mich', 'Profile' => 'Profil', + 'You are banned for 10 minutes. Try again later' => 'You are banned for 10 minutes. Try again later', ) ); diff --git a/plugins/box/users/languages/en.lang.php b/plugins/box/users/languages/en.lang.php index f5acb50..b96718f 100644 --- a/plugins/box/users/languages/en.lang.php +++ b/plugins/box/users/languages/en.lang.php @@ -63,5 +63,6 @@ 'Your login details for :site_name' => 'Your login details for :site_name', 'About Me' => 'About Me', 'Profile' => 'Profile', + 'You are banned for 10 minutes. Try again later' => 'You are banned for 10 minutes. Try again later', ) ); diff --git a/plugins/box/users/languages/es.lang.php b/plugins/box/users/languages/es.lang.php index f5c906c..a713ed2 100644 --- a/plugins/box/users/languages/es.lang.php +++ b/plugins/box/users/languages/es.lang.php @@ -63,5 +63,6 @@ 'Your login details for :site_name' => 'Detalles para entrar en :site_name', 'About Me' => 'Sobre mi', 'Profile' => 'Perfil', + 'You are banned for 10 minutes. Try again later' => 'You are banned for 10 minutes. Try again later', ) ); \ No newline at end of file diff --git a/plugins/box/users/languages/fa.lang.php b/plugins/box/users/languages/fa.lang.php index ead1eb2..6c37268 100644 --- a/plugins/box/users/languages/fa.lang.php +++ b/plugins/box/users/languages/fa.lang.php @@ -63,5 +63,6 @@ 'Your login details for :site_name' => 'جزئیات ورود شما برای :site_name', 'About Me' => 'درباره من', 'Profile' => 'پروفایل', + 'You are banned for 10 minutes. Try again later' => 'You are banned for 10 minutes. Try again later', ) ); diff --git a/plugins/box/users/languages/fr.lang.php b/plugins/box/users/languages/fr.lang.php index f956884..48b0854 100644 --- a/plugins/box/users/languages/fr.lang.php +++ b/plugins/box/users/languages/fr.lang.php @@ -63,5 +63,6 @@ 'Your login details for :site_name' => 'Vos identifiants de connexion pour :site_name', 'About Me' => 'A propos de moi', 'Profile' => 'Profil', + 'You are banned for 10 minutes. Try again later' => 'You are banned for 10 minutes. Try again later', ) ); \ No newline at end of file diff --git a/plugins/box/users/languages/hu.lang.php b/plugins/box/users/languages/hu.lang.php index da004ca..34ee5d5 100644 --- a/plugins/box/users/languages/hu.lang.php +++ b/plugins/box/users/languages/hu.lang.php @@ -63,5 +63,6 @@ 'Your login details for :site_name' => 'Belépési adatok a(z) :site_name weboldalhoz', 'About Me' => 'Rólam', 'Profile' => 'Profil', + 'You are banned for 10 minutes. Try again later' => 'You are banned for 10 minutes. Try again later', ) ); \ No newline at end of file diff --git a/plugins/box/users/languages/it.lang.php b/plugins/box/users/languages/it.lang.php index 93d9bb2..a1fe2e7 100644 --- a/plugins/box/users/languages/it.lang.php +++ b/plugins/box/users/languages/it.lang.php @@ -60,5 +60,6 @@ 'Your login details for :site_name' => 'I tuoi dati di accesso per :site_name', 'About Me' => 'Su di me', 'Profile' => 'Profilo', + 'You are banned for 10 minutes. Try again later' => 'You are banned for 10 minutes. Try again later', ) ); diff --git a/plugins/box/users/languages/lt.lang.php b/plugins/box/users/languages/lt.lang.php index 6dde2a1..3922bfa 100644 --- a/plugins/box/users/languages/lt.lang.php +++ b/plugins/box/users/languages/lt.lang.php @@ -62,5 +62,6 @@ 'Your login details for :site_name' => 'Prisijungimo prie :site_name detalės', 'About Me' => 'Apie mane', 'Profile' => 'Profilis', + 'You are banned for 10 minutes. Try again later' => 'You are banned for 10 minutes. Try again later', ) ); diff --git a/plugins/box/users/languages/pt-br.lang.php b/plugins/box/users/languages/pt-br.lang.php index 9f27f5c..83b8a35 100644 --- a/plugins/box/users/languages/pt-br.lang.php +++ b/plugins/box/users/languages/pt-br.lang.php @@ -63,5 +63,6 @@ 'Your login details for :site_name' => 'Seu novo login para o site :site_name', 'About Me' => 'Sobre mim', 'Profile' => 'Perfil', + 'You are banned for 10 minutes. Try again later' => 'You are banned for 10 minutes. Try again later', ) ); diff --git a/plugins/box/users/languages/ru.lang.php b/plugins/box/users/languages/ru.lang.php index aa4d938..418da16 100644 --- a/plugins/box/users/languages/ru.lang.php +++ b/plugins/box/users/languages/ru.lang.php @@ -61,5 +61,6 @@ 'Your login details for :site_name' => 'Ваши данные для доступа к :site_name', 'About Me' => 'Обо мне', 'Profile' => 'Профиль', + 'You are banned for 10 minutes. Try again later' => 'You are banned for 10 minutes. Try again later', ) ); diff --git a/plugins/box/users/languages/sk.lang.php b/plugins/box/users/languages/sk.lang.php index 7b64e9b..eb2752c 100644 --- a/plugins/box/users/languages/sk.lang.php +++ b/plugins/box/users/languages/sk.lang.php @@ -63,5 +63,6 @@ 'Your login details for :site_name' => 'Vaše prihlasovacie detaily pre :site_name', 'About Me' => 'O mne', 'Profile' => 'Profil', + 'You are banned for 10 minutes. Try again later' => 'You are banned for 10 minutes. Try again later', ) ); diff --git a/plugins/box/users/languages/sr-yu.lang.php b/plugins/box/users/languages/sr-yu.lang.php index 2a722a2..063f927 100644 --- a/plugins/box/users/languages/sr-yu.lang.php +++ b/plugins/box/users/languages/sr-yu.lang.php @@ -63,5 +63,6 @@ 'Your login details for :site_name' => 'Vaši podaci za logovanje na :site_name', 'About Me' => 'O meni', 'Profile' => 'Profil', + 'You are banned for 10 minutes. Try again later' => 'You are banned for 10 minutes. Try again later', ) ); \ No newline at end of file diff --git a/plugins/box/users/languages/uk.lang.php b/plugins/box/users/languages/uk.lang.php index 5e50577..8848235 100644 --- a/plugins/box/users/languages/uk.lang.php +++ b/plugins/box/users/languages/uk.lang.php @@ -61,5 +61,6 @@ 'Your login details for :site_name' => 'Ваші дані для доступу до :site_name', 'About Me' => 'Про мене', 'Profile' => 'Профіль', + 'You are banned for 10 minutes. Try again later' => 'You are banned for 10 minutes. Try again later', ) ); diff --git a/plugins/box/users/users.plugin.php b/plugins/box/users/users.plugin.php index 5a35e2b..361585a 100644 --- a/plugins/box/users/users.plugin.php +++ b/plugins/box/users/users.plugin.php @@ -383,31 +383,59 @@ class Users extends Frontend // Login Form Submit if (Request::post('login_submit')) { - // Check csrf - if (Security::check(Request::post('csrf'))) { + if (Cookie::get('login_attempts') && Cookie::get('login_attempts') >= 5) { + + Notification::setNow('error', __('You are banned for 10 minutes. Try again later', 'users')); - $user = Users::$users->select("[login='" . trim(Request::post('username')) . "']", null); + } else { - if (count($user) !== 0) { - if ($user['login'] == Request::post('username')) { - if (trim($user['password']) == Security::encryptPassword(Request::post('password'))) { - if ($user['role'] == 'admin' || $user['role'] == 'editor') { - Session::set('admin', true); + // Check csrf + if (Security::check(Request::post('csrf'))) { + + $user = Users::$users->select("[login='" . trim(Request::post('username')) . "']", null); + + if (count($user) !== 0) { + if ($user['login'] == Request::post('username')) { + if (trim($user['password']) == Security::encryptPassword(Request::post('password'))) { + if ($user['role'] == 'admin' || $user['role'] == 'editor') { + Session::set('admin', true); + } + Session::set('user_id', (int) $user['id']); + Session::set('user_login', (string) $user['login']); + Session::set('user_role', (string) $user['role']); + Request::redirect(Site::url().'users/'.Session::get('user_id')); + } else { + Notification::setNow('error', __('Wrong username or password', 'users')); + + if (Cookie::get('login_attempts')) { + if (Cookie::get('login_attempts') < 5) { + $attempts = Cookie::get('login_attempts') + 1; + Cookie::set('login_attempts', $attempts , 600); + } else { + Notification::setNow('error', __('You are banned for 10 minutes. Try again later', 'users')); + } + } else { + Cookie::set('login_attempts', 1, 600); + } + } + } + } else { + Notification::setNow('error', __('Wrong username or password', 'users')); + + if (Cookie::get('login_attempts')) { + if (Cookie::get('login_attempts') < 5) { + $attempts = Cookie::get('login_attempts') + 1; + Cookie::set('login_attempts', $attempts , 600); + } else { + Notification::setNow('error', __('You are banned for 10 minutes. Try again later', 'users')); } - Session::set('user_id', (int) $user['id']); - Session::set('user_login', (string) $user['login']); - Session::set('user_role', (string) $user['role']); - Request::redirect(Site::url().'users/'.Session::get('user_id')); } else { - Notification::setNow('error', __('Wrong username or password', 'users')); + Cookie::set('login_attempts', 1, 600); } } - } else { - Notification::setNow('error', __('Wrong username or password', 'users')); - } - - } else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); } + } else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); } + } } View::factory('box/users/views/frontend/login')->display();