From ecad8e2801c711294e012b15b76885b944db4b74 Mon Sep 17 00:00:00 2001
From: Yasen Pramatarov <yasen@lindeas.com>
Date: Sun, 23 Feb 2025 19:35:38 +0200
Subject: [PATCH] Adds back auto-blacklisting in rate limiter

---
 app/classes/ratelimiter.php | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/app/classes/ratelimiter.php b/app/classes/ratelimiter.php
index d912076..5ee17af 100644
--- a/app/classes/ratelimiter.php
+++ b/app/classes/ratelimiter.php
@@ -461,7 +461,21 @@ class RateLimiter {
         $stmt->execute([':ip' => $ipAddress]);
         $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
 
-        return $result['attempts'] >= $this->maxAttempts;
+        $tooMany = $result['attempts'] >= $this->maxAttempts;
+
+        // Auto-blacklist if too many attempts
+        if ($tooMany) {
+            $this->addToBlacklist(
+                $ipAddress,
+                false,
+                'Auto-blacklisted due to excessive login attempts',
+                'system',
+                null,
+                $this->autoBlacklistDuration
+            );
+        }
+
+        return $tooMany;
     }
 
     public function clearOldAttempts() {