From 84354b183d91d09d765957861df625a25d3d015d Mon Sep 17 00:00:00 2001 From: Yasen Pramatarov Date: Sat, 4 Jan 2025 11:46:07 +0200 Subject: [PATCH] Fixes SQLite syntax and login logic --- app/classes/ratelimiter.php | 12 ++++++------ app/pages/login.php | 14 ++++++-------- 2 files changed, 12 insertions(+), 14 deletions(-) diff --git a/app/classes/ratelimiter.php b/app/classes/ratelimiter.php index 058c904..9c63204 100644 --- a/app/classes/ratelimiter.php +++ b/app/classes/ratelimiter.php @@ -315,12 +315,12 @@ class RateLimiter { try { // Remove expired blacklist entries $stmt = $this->db->prepare("DELETE FROM {$this->blacklistTable} - WHERE expiry_time IS NOT NULL AND expiry_time < NOW()"); + WHERE expiry_time IS NOT NULL AND expiry_time < datetime('now')"); $stmt->execute(); // Clean old login attempts $stmt = $this->db->prepare("DELETE FROM {$this->ratelimitTable} - WHERE attempted_at < DATE_SUB(NOW(), INTERVAL :minutes MINUTE)"); + WHERE attempted_at < datetime('now', '-' || :minutes || ' minutes')"); $stmt->execute([':minutes' => $this->decayMinutes]); return true; @@ -353,7 +353,7 @@ class RateLimiter { $sql = "SELECT COUNT(*) as total_attempts FROM {$this->ratelimitTable} WHERE ip_address = :ip - AND attempted_at > DATE_SUB(NOW(), INTERVAL :minutes MINUTE)"; + AND attempted_at > datetime('now', '-' || :minutes || ' minutes')"; $stmt = $this->db->prepare($sql); $stmt->execute([ ':ip' => $ipAddress, @@ -395,7 +395,7 @@ class RateLimiter { FROM {$this->ratelimitTable} WHERE ip_address = :ip AND username = :username - AND attempted_at > DATE_SUB(NOW(), INTERVAL :minutes MINUTE)"; + AND attempted_at > datetime('now', '-' || :minutes || ' minutes')"; $stmt = $this->db->prepare($sql); $stmt->execute([ @@ -410,7 +410,7 @@ class RateLimiter { public function clearOldAttempts() { $sql = "DELETE FROM {$this->ratelimitTable} - WHERE attempted_at < DATE_SUB(NOW(), INTERVAL :minutes MINUTE)"; + WHERE attempted_at < datetime('now', '-' || :minutes || ' minutes')"; $stmt = $this->db->prepare($sql); $stmt->execute([ @@ -423,7 +423,7 @@ class RateLimiter { FROM {$this->ratelimitTable} WHERE ip_address = :ip AND username = :username - AND attempted_at > DATE_SUB(NOW(), INTERVAL :minutes MINUTE)"; + AND attempted_at > datetime('now', '-' || :minutes || ' minutes')"; $stmt = $this->db->prepare($sql); $stmt->execute([ diff --git a/app/pages/login.php b/app/pages/login.php index 271051b..c9a0523 100644 --- a/app/pages/login.php +++ b/app/pages/login.php @@ -58,17 +58,15 @@ try { $logObject->insertLog($user_id, "Login: User \"$username\" logged in. IP: $user_IP", 'user'); header('Location: ' . htmlspecialchars($app_root)); exit(); - - // login failed - } else { - $_SESSION['error'] = "Login failed."; - $user_id = $userObject->getUserId($username)[0]['id']; - $logObject->insertLog($user_id, "Login: Failed login attempt for user \"$username\". IP: $user_IP", 'user'); - header('Location: ' . htmlspecialchars($app_root)); - exit(); } } catch (Exception $e) { + // Log the failed attempt $error = $e->getMessage(); + if (isset($username)) { + $user_id = $userObject->getUserId($username)[0]['id'] ?? 0; + $logObject->insertLog($user_id, "Login: Failed login attempt for user \"$username\". IP: $user_IP. Reason: {$error}", 'user'); + } + include '../app/templates/block-message.php'; } } } catch (Exception $e) {