app/classes/ratelimitrer.php

@@ -92,11 +92,6 @@ class RateLimiter {
     }
 
     public function attempt($username, $ipAddress) {
-        // Skip rate limiting for whitelisted IPs
-        if ($this->isIpWhitelisted($ipAddress)) {
-            return true;
-        }
-
         // Clean old attempts
         $this->clearOldAttempts();
 
@@ -113,10 +108,10 @@ class RateLimiter {
     }
 
     public function tooManyAttempts($username, $ipAddress) {
-        $sql = "SELECT COUNT(*) as attempts
+        $sql = "SELECT COUNT(*) as attempts 
-                FROM {$this->tableName}
+                FROM {$this->tableName} 
-                WHERE ip_address = :ip
+                WHERE ip_address = :ip 
-                AND username = :username
+                AND username = :username 
                 AND attempted_at > datetime('now', '-' || :minutes || ' minutes')";
 
         $stmt = $this->db->prepare($sql);
@@ -131,7 +126,7 @@ class RateLimiter {
     }
 
     public function clearOldAttempts() {
-        $sql = "DELETE FROM {$this->tableName}
+        $sql = "DELETE FROM {$this->tableName} 
                 WHERE attempted_at < datetime('now', '-' || :minutes || ' minutes')";
 
         $stmt = $this->db->prepare($sql);
@@ -141,10 +136,10 @@ class RateLimiter {
     }
 
     public function getRemainingAttempts($username, $ipAddress) {
-        $sql = "SELECT COUNT(*) as attempts
+        $sql = "SELECT COUNT(*) as attempts 
-                FROM {$this->tableName}
+                FROM {$this->tableName} 
-                WHERE ip_address = :ip
+                WHERE ip_address = :ip 
-                AND username = :username
+                AND username = :username 
                 AND attempted_at > datetime('now', '-' || :minutes || ' minutes')";
 
         $stmt = $this->db->prepare($sql);