Added limits for login attempts #104

admin/index.php

@@ -33,6 +33,12 @@ $users = new Table('users');
 // Admin login
 if (Request::post('login_submit')) {
 
+    if (Cookie::get('login_attempts') && Cookie::get('login_attempts') >= 5) {
+        
+        $login_error = __('You are banned for 10 minutes. Try again later', 'users');
+    
+    } else {
+
         $user = $users->select("[login='" . trim(Request::post('login')) . "']", null);
         if (count($user) !== 0) {
             if ($user['login'] == Request::post('login')) {
@@ -46,10 +52,34 @@ if (Request::post('login_submit')) {
                     }
                 } else {
                     $login_error = __('Wrong <b>username</b> or <b>password</b>', 'users');
+
+                    if (Cookie::get('login_attempts')) {
+                        if (Cookie::get('login_attempts') < 5) {
+                            $attempts = Cookie::get('login_attempts') + 1;
+                            Cookie::set('login_attempts', $attempts, 600);
+                        } else {
+                            $login_error = __('You are banned for 10 minutes. Try again later', 'users');
+                        }
+                    } else {
+                        Cookie::set('login_attempts', 1, 600);
+                    }
+
                 }
             }
         } else {
             $login_error = __('Wrong <b>username</b> or <b>password</b>', 'users');
+
+            if (Cookie::get('login_attempts')) {
+                if (Cookie::get('login_attempts') < 5) {
+                    $attempts = Cookie::get('login_attempts') + 1;
+                    Cookie::set('login_attempts', $attempts, 600);
+                } else {
+                    $login_error = __('You are banned for 10 minutes. Try again later', 'users');
+                }
+            } else {
+                Cookie::set('login_attempts', 1, 600);
+            }
+        }
     }
 }