lindeas
/
jilo-web
1
1
Fork 0
Code Issues Pull Requests Packages Projects Releases 6 Wiki Activity

Ratelimits only failed login attempts

main
Yasen Pramatarov 2025-04-14 19:12:26 +03:00
parent 45181c11c5
commit 8d64bf7c6e
2 changed files with 10 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
app/classes/ratelimiter.php
View File

@ -427,7 +427,12 @@ class RateLimiter {
return $result['total_attempts'] < $this->autoBlacklistThreshold;
}
public function attempt($username, $ipAddress) {
public function attempt($username, $ipAddress, $failed = true) {
// Only record failed attempts
if (!$failed) {
return true;
}
// Record this attempt
$sql = "INSERT INTO {$this->authRatelimitTable} (ip_address, username) VALUES (:ip, :username)";
$stmt = $this->db->prepare($sql);

8
app/pages/login.php
View File

@ -201,8 +201,7 @@ try {
],
'password' => [
'type' => 'string',
'required' => true,
'min' => 8
'required' => true
]
];
@ -226,8 +225,8 @@ try {
throw new Exception(Feedback::get('LOGIN', 'TOO_MANY_ATTEMPTS')['message']);
}
// Record this attempt
$rateLimiter->attempt($username, $user_IP);
// Record this attempt before trying to login
$rateLimiter->attempt($username, $user_IP, false);
}
// Attempt login
@ -262,6 +261,7 @@ try {
if (isset($username)) {
$userId = $userObject->getUserId($username)[0]['id'] ?? 0;
$logObject->insertLog($userId, "Login: Failed login attempt for user \"$username\". IP: $user_IP. Reason: {$e->getMessage()}", 'user');
$rateLimiter->attempt($username, $user_IP);
}
}
}