Adds back auto-blacklisting in rate limiter

2025-02-23 19:35:38 +02:00 · 2025-02-23 19:35:38 +02:00 · ecad8e2801
parent 4a18c344c8
commit ecad8e2801
1 changed files with 15 additions and 1 deletions
--- a/app/classes/ratelimiter.php
+++ b/app/classes/ratelimiter.php
@ -461,7 +461,21 @@ class RateLimiter {
        $stmt->execute([':ip' => $ipAddress]);
        $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);

-        return $result['attempts'] >= $this->maxAttempts;
+        $tooMany = $result['attempts'] >= $this->maxAttempts;
+
+        // Auto-blacklist if too many attempts
+        if ($tooMany) {
+            $this->addToBlacklist(
+                $ipAddress,
+                false,
+                'Auto-blacklisted due to excessive login attempts',
+                'system',
+                null,
+                $this->autoBlacklistDuration
+            );
+        }
+
+        return $tooMany;
    }

    public function clearOldAttempts() {