mirror of
				https://github.com/Alamantus/Lexiconga.git
				synced 2025-10-26 05:56:43 +01:00 
			
		
		
		
	Add failed login lockout
This commit is contained in:
		
							parent
							
								
									cdc3673d84
								
							
						
					
					
						commit
						b50da238ae
					
				
					 2 changed files with 39 additions and 2 deletions
				
			
		|  | @ -2,3 +2,6 @@ | ||||||
| 
 | 
 | ||||||
| define('DB_USER', 'lexiconga_db_username'); | define('DB_USER', 'lexiconga_db_username'); | ||||||
| define('DB_PASSWORD', 'user_password'); | define('DB_PASSWORD', 'user_password'); | ||||||
|  | 
 | ||||||
|  | define('LOGIN_FAILURES_ALLOWED', 10); | ||||||
|  | define('LOGIN_FAILURES_LOCKOUT_MINUTES', 60); | ||||||
|  | @ -39,6 +39,26 @@ switch ($action) { | ||||||
|     ), 400); |     ), 400); | ||||||
|   } |   } | ||||||
|   case 'login': { |   case 'login': { | ||||||
|  |     session_start(); | ||||||
|  |     if (isset($_SESSION['unlock'])) { | ||||||
|  |       if (time() < $_SESSION['unlock']) { | ||||||
|  |         $seconds_left = ($_SESSION['unlock'] - time()); | ||||||
|  |         $minutes_left = floor($seconds_left / 60); | ||||||
|  |         $seconds_left = $seconds_left % 60; | ||||||
|  |         return Response::json(array( | ||||||
|  |           'data' => 'Too many failed login attempts. You must wait another ' | ||||||
|  |             . ($minutes_left > 0 ? $minutes_left . ' minutes ' : '') | ||||||
|  |             . ($minutes_left > 0 && $seconds_left > 0 ? 'and ' : '') | ||||||
|  |             . ($seconds_left > 0 ? $seconds_left . ' seconds ' : '') | ||||||
|  |             . 'until you can log in again.', | ||||||
|  |           'error' => true, | ||||||
|  |         ), 403); | ||||||
|  |       } else { | ||||||
|  |         unset($_SESSION['failures']); | ||||||
|  |         unset($_SESSION['unlock']); | ||||||
|  |       } | ||||||
|  |     } | ||||||
|  | 
 | ||||||
|     if (isset($request['email']) && isset($request['password'])) { |     if (isset($request['email']) && isset($request['password'])) { | ||||||
|       $user = new User(); |       $user = new User(); | ||||||
|       $user_data = $user->logIn($request['email'], $request['password']); |       $user_data = $user->logIn($request['email'], $request['password']); | ||||||
|  | @ -48,8 +68,22 @@ switch ($action) { | ||||||
|           'error' => false, |           'error' => false, | ||||||
|         ), 200); |         ), 200); | ||||||
|       } |       } | ||||||
|  | 
 | ||||||
|  |       if (!isset($_SESSION['failures'])) { | ||||||
|  |         $_SESSION['failures'] = 0; | ||||||
|  |       } | ||||||
|  |       $_SESSION['failures']++; | ||||||
|  | 
 | ||||||
|  |       if ($_SESSION['failures'] >= LOGIN_FAILURES_ALLOWED) { | ||||||
|  |         $_SESSION['unlock'] = time() + (LOGIN_FAILURES_LOCKOUT_MINUTES * 60); | ||||||
|         return Response::json(array( |         return Response::json(array( | ||||||
|         'data' => 'Could not log in: incorrect data', |           'data' => 'Too many failed login attempts. You must wait ' . LOGIN_FAILURES_LOCKOUT_MINUTES . ' minutes until you can log in again.', | ||||||
|  |           'error' => true, | ||||||
|  |         ), 403); | ||||||
|  |       } | ||||||
|  | 
 | ||||||
|  |       return Response::json(array( | ||||||
|  |         'data' => 'Incorrect email or password.<br>After ' . (LOGIN_FAILURES_ALLOWED - $_SESSION['failures']) . ' more failures, you will be locked out for ' . LOGIN_FAILURES_LOCKOUT_MINUTES . ' minutes.', | ||||||
|         'error' => true, |         'error' => true, | ||||||
|       ), 401); |       ), 401); | ||||||
|     } |     } | ||||||
|  |  | ||||||
		Loading…
	
	Add table
		
		Reference in a new issue