ThaMunsta/itflow
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #559 from wrongecho/login-warning-fix-2

Browse Source 
Re-add login fix from chandachewe10
This commit is contained in:
Johnny
2023-01-18 18:20:02 -05:00
committed by GitHub
parent 159586329f b2ccb53c44
commit 6eb51a487d
1 changed files with 7 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files
login.php
+2 -4
View File
@@ -28,7 +28,6 @@ if(isset($_POST['login'])){
// Check recent failed login attempts for this IP (more than 10 failed logins in 5 mins) // Check recent failed login attempts for this IP (more than 10 failed logins in 5 mins)
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT(log_id) AS failed_login_count FROM logs WHERE log_ip = '$ip' AND log_type = 'Login' AND log_action = 'Failed' AND log_created_at > (NOW() - INTERVAL 5 MINUTE)")); $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT(log_id) AS failed_login_count FROM logs WHERE log_ip = '$ip' AND log_type = 'Login' AND log_action = 'Failed' AND log_created_at > (NOW() - INTERVAL 5 MINUTE)"));
$failed_login_count = $row['failed_login_count']; $failed_login_count = $row['failed_login_count'];
// Login brute force check // Login brute force check
@@ -44,10 +43,9 @@ if(isset($_POST['login'])){
// Inform user // Inform user
$response = '<div class=\'alert alert-danger\'>IP Lockout - Please try again later.<button class=\'close\' data-dismiss=\'alert\'>&times;</button></div>'; $response = '<div class=\'alert alert-danger\'>IP Lockout - Please try again later.<button class=\'close\' data-dismiss=\'alert\'>&times;</button></div>';
}
} else {
// Passed login brute force check // Passed login brute force check
else{
$email = strip_tags(mysqli_real_escape_string($mysqli, $_POST['email'])); $email = strip_tags(mysqli_real_escape_string($mysqli, $_POST['email']));
$password = $_POST['password']; $password = $_POST['password'];
if (isset($_POST['current_code'])) { if (isset($_POST['current_code'])) {
@@ -55,7 +53,7 @@ if(isset($_POST['login'])){
} }
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM users LEFT JOIN user_settings on users.user_id = user_settings.user_id WHERE user_email = '$email' AND user_archived_at IS NULL AND user_status = 1")); $row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM users LEFT JOIN user_settings on users.user_id = user_settings.user_id WHERE user_email = '$email' AND user_archived_at IS NULL AND user_status = 1"));
if (password_verify($password, $row['user_password'])) { if ($row && password_verify($password, $row['user_password'])) {
// User variables // User variables
$token = $row['user_token']; $token = $row['user_token'];