Adds rate limiting to the login page
parent
fee0616ca4
commit
f549940249
|
|
@ -22,49 +22,53 @@ try {
|
||||||
$dbWeb = connectDB($config);
|
$dbWeb = connectDB($config);
|
||||||
|
|
||||||
if ( $_SERVER['REQUEST_METHOD'] == 'POST' ) {
|
if ( $_SERVER['REQUEST_METHOD'] == 'POST' ) {
|
||||||
$username = $_POST['username'];
|
try {
|
||||||
$password = $_POST['password'];
|
$username = $_POST['username'];
|
||||||
|
$password = $_POST['password'];
|
||||||
|
|
||||||
// login successful
|
// login successful
|
||||||
if ( $userObject->login($username, $password) ) {
|
if ( $userObject->login($username, $password) ) {
|
||||||
// if remember_me is checked, max out the session
|
// if remember_me is checked, max out the session
|
||||||
if (isset($_POST['remember_me'])) {
|
if (isset($_POST['remember_me'])) {
|
||||||
// 30*24*60*60 = 30 days
|
// 30*24*60*60 = 30 days
|
||||||
$cookie_lifetime = 30 * 24 * 60 * 60;
|
$cookie_lifetime = 30 * 24 * 60 * 60;
|
||||||
$setcookie_lifetime = time() + 30 * 24 * 60 * 60;
|
$setcookie_lifetime = time() + 30 * 24 * 60 * 60;
|
||||||
$gc_maxlifetime = 30 * 24 * 60 * 60;
|
$gc_maxlifetime = 30 * 24 * 60 * 60;
|
||||||
|
} else {
|
||||||
|
// 0 - session end on browser close
|
||||||
|
// 1440 - 24 minutes (default)
|
||||||
|
$cookie_lifetime = 0;
|
||||||
|
$setcookie_lifetime = 0;
|
||||||
|
$gc_maxlifetime = 1440;
|
||||||
|
}
|
||||||
|
|
||||||
|
// set session lifetime and cookies
|
||||||
|
setcookie('username', $username, [
|
||||||
|
'expires' => $setcookie_lifetime,
|
||||||
|
'path' => $config['folder'],
|
||||||
|
'domain' => $config['domain'],
|
||||||
|
'secure' => isset($_SERVER['HTTPS']),
|
||||||
|
'httponly' => true,
|
||||||
|
'samesite' => 'Strict'
|
||||||
|
]);
|
||||||
|
|
||||||
|
// redirect to index
|
||||||
|
$_SESSION['notice'] = "Login successful";
|
||||||
|
$user_id = $userObject->getUserId($username)[0]['id'];
|
||||||
|
$logObject->insertLog($user_id, "Login: User \"$username\" logged in. IP: $user_IP", 'user');
|
||||||
|
header('Location: ' . htmlspecialchars($app_root));
|
||||||
|
exit();
|
||||||
|
|
||||||
|
// login failed
|
||||||
} else {
|
} else {
|
||||||
// 0 - session end on browser close
|
$_SESSION['error'] = "Login failed.";
|
||||||
// 1440 - 24 minutes (default)
|
$user_id = $userObject->getUserId($username)[0]['id'];
|
||||||
$cookie_lifetime = 0;
|
$logObject->insertLog($user_id, "Login: Failed login attempt for user \"$username\". IP: $user_IP", 'user');
|
||||||
$setcookie_lifetime = 0;
|
header('Location: ' . htmlspecialchars($app_root));
|
||||||
$gc_maxlifetime = 1440;
|
exit();
|
||||||
}
|
}
|
||||||
|
} catch (Exception $e) {
|
||||||
// set session lifetime and cookies
|
$error = $e->getMessage();
|
||||||
setcookie('username', $username, [
|
|
||||||
'expires' => $setcookie_lifetime,
|
|
||||||
'path' => $config['folder'],
|
|
||||||
'domain' => $config['domain'],
|
|
||||||
'secure' => isset($_SERVER['HTTPS']),
|
|
||||||
'httponly' => true,
|
|
||||||
'samesite' => 'Strict'
|
|
||||||
]);
|
|
||||||
|
|
||||||
// redirect to index
|
|
||||||
$_SESSION['notice'] = "Login successful";
|
|
||||||
$user_id = $userObject->getUserId($username)[0]['id'];
|
|
||||||
$logObject->insertLog($user_id, "Login: User \"$username\" logged in. IP: $user_IP", 'user');
|
|
||||||
header('Location: ' . htmlspecialchars($app_root));
|
|
||||||
exit();
|
|
||||||
|
|
||||||
// login failed
|
|
||||||
} else {
|
|
||||||
$_SESSION['error'] = "Login failed.";
|
|
||||||
$user_id = $userObject->getUserId($username)[0]['id'];
|
|
||||||
$logObject->insertLog($user_id, "Login: Failed login attempt for user \"$username\". IP: $user_IP", 'user');
|
|
||||||
header('Location: ' . htmlspecialchars($app_root));
|
|
||||||
exit();
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
} catch (Exception $e) {
|
} catch (Exception $e) {
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue