Merge pull request #559 from wrongecho/login-warning-fix-2

Re-add login fix from chandachewe10

login.php

@@ -28,7 +28,6 @@ if(isset($_POST['login'])){
 
     // Check recent failed login attempts for this IP (more than 10 failed logins in 5 mins)
     $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT(log_id) AS failed_login_count FROM logs WHERE log_ip = '$ip' AND log_type = 'Login' AND log_action = 'Failed' AND log_created_at > (NOW() - INTERVAL 5 MINUTE)"));
-
     $failed_login_count = $row['failed_login_count'];
 
     // Login brute force check
@@ -44,10 +43,9 @@ if(isset($_POST['login'])){
 
         // Inform user
         $response = '<div class=\'alert alert-danger\'>IP Lockout - Please try again later.<button class=\'close\' data-dismiss=\'alert\'>&times;</button></div>';
-    }
 
+    } else {
         // Passed login brute force check
-    else{
         $email = strip_tags(mysqli_real_escape_string($mysqli, $_POST['email']));
         $password = $_POST['password'];
         if (isset($_POST['current_code'])) {
@@ -55,7 +53,7 @@ if(isset($_POST['login'])){
         }
 
         $row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM users LEFT JOIN user_settings on users.user_id = user_settings.user_id WHERE user_email = '$email' AND user_archived_at IS NULL AND user_status = 1"));
-        if (password_verify($password, $row['user_password'])) {
+        if ($row && password_verify($password, $row['user_password'])) {
 
             // User variables
             $token = $row['user_token'];