Added limits for login attempts #104

2025-08-09 14:47:04 +02:00 · 2013-06-30 16:27:33 +03:00
parent 2c34eb68d4
commit 63b2bf2255
1 changed files with 43 additions and 13 deletions
--- a/admin/index.php
+++ b/admin/index.php
@@ -33,23 +33,53 @@ $users = new Table('users');
 // Admin login
 if (Request::post('login_submit')) {
-    $user = $users->select("[login='" . trim(Request::post('login')) . "']", null);
+    if (Cookie::get('login_attempts') && Cookie::get('login_attempts') >= 5) {
-    if (count($user) !== 0) {
+        
-        if ($user['login'] == Request::post('login')) {
+        $login_error = __('You are banned for 10 minutes. Try again later', 'users');
-            if (trim($user['password']) == Security::encryptPassword(Request::post('password'))) {
+    
-                if ($user['role'] == 'admin' || $user['role'] == 'editor') {
+    } else {
-                    Session::set('admin', true);
+
-                    Session::set('user_id', (int) $user['id']);
+        $user = $users->select("[login='" . trim(Request::post('login')) . "']", null);
-                    Session::set('user_login', (string) $user['login']);
+        if (count($user) !== 0) {
-                    Session::set('user_role', (string) $user['role']);
+            if ($user['login'] == Request::post('login')) {
-                    Request::redirect('index.php');
+                if (trim($user['password']) == Security::encryptPassword(Request::post('password'))) {
                    if ($user['role'] == 'admin' || $user['role'] == 'editor') {
                        Session::set('admin', true);
                        Session::set('user_id', (int) $user['id']);
                        Session::set('user_login', (string) $user['login']);
                        Session::set('user_role', (string) $user['role']);
                        Request::redirect('index.php');
                    }
                } else {
                    $login_error = __('Wrong <b>username</b> or <b>password</b>', 'users');
                    if (Cookie::get('login_attempts')) {
                        if (Cookie::get('login_attempts') < 5) {
                            $attempts = Cookie::get('login_attempts') + 1;
                            Cookie::set('login_attempts', $attempts, 600);
                        } else {
                            $login_error = __('You are banned for 10 minutes. Try again later', 'users');
                        }
                    } else {
                        Cookie::set('login_attempts', 1, 600);
                    }
                }
            }
        } else {
            $login_error = __('Wrong <b>username</b> or <b>password</b>', 'users');
            if (Cookie::get('login_attempts')) {
                if (Cookie::get('login_attempts') < 5) {
                    $attempts = Cookie::get('login_attempts') + 1;
                    Cookie::set('login_attempts', $attempts, 600);
                } else {
                    $login_error = __('You are banned for 10 minutes. Try again later', 'users');
                }
            } else {
-                $login_error = __('Wrong <b>username</b> or <b>password</b>', 'users');
+                Cookie::set('login_attempts', 1, 600);
            }
        }
    } else {
        $login_error = __('Wrong <b>username</b> or <b>password</b>', 'users');
    }
 }