Fixes bugs in login ratelimiting

app/classes/ratelimiter.php

@@ -115,7 +115,7 @@ class RateLimiter {
      * Get number of recent login attempts for an IP
      */
     public function getRecentAttempts($ip) {
-        $stmt = $this->db->prepare("SELECT COUNT(*) as attempts FROM {$this->authRatelimitTable} 
+        $stmt = $this->db->prepare("SELECT COUNT(*) as attempts FROM {$this->authRatelimitTable}
             WHERE ip_address = ? AND attempted_at > datetime('now', '-' || :minutes || ' minutes')");
         $stmt->execute([$ip, $this->decayMinutes]);
         $result = $stmt->fetch(PDO::FETCH_ASSOC);
@@ -574,7 +574,7 @@ class RateLimiter {
      * Clean old page requests
      */
     private function cleanOldPageRequests() {
-        $sql = "DELETE FROM {$this->pagesRatelimitTable} 
+        $sql = "DELETE FROM {$this->pagesRatelimitTable}
                 WHERE request_time < DATETIME('now', '-1 minute')";
 
         $stmt = $this->db->prepare($sql);

app/classes/user.php

@@ -104,9 +104,6 @@ class User {
         require_once __DIR__ . '/../helpers/logs.php';
         $ipAddress = getUserIP();
 
-        // Record attempt
-        $this->rateLimiter->attempt($username, $ipAddress);
-
         // Check rate limiting first
         if (!$this->rateLimiter->isAllowed($username, $ipAddress)) {
             $remainingTime = $this->rateLimiter->getDecayMinutes();

app/pages/login.php

@@ -224,9 +224,6 @@ try {
                 if ($rateLimiter->tooManyAttempts($username, $user_IP)) {
                     throw new Exception(Feedback::get('LOGIN', 'TOO_MANY_ATTEMPTS')['message']);
                 }
-
-                // Record this attempt before trying to login
-                $rateLimiter->attempt($username, $user_IP, false);
             }
 
             // Attempt login