Misterzym
/
CodeIgniter-Aauth
mirror of https://github.com/misterzym/CodeIgniter-Aauth.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

DDoS Protections fixes in `login()` 

- removed user get query from DDoS check in
 - fixed DDoS protection to update login_attempts if user not exist too
 - removed user get query from DDoS/reCAPTCHA check
 - fixed DDoS/reCAPTCHA proection to update login_attempts if user not exist too
 - added `get_login_attempts()` returns login_attempts as INT (used in `login()`)
develop
REJack 9 years ago
parent
116b2c0f09
commit
66622f640f
1 changed files with 24 additions and 23 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 47
      application/libraries/Aauth.php

47
application/libraries/Aauth.php
Unescape View File

@ -159,33 +159,12 @@ class Aauth {
} }
$db_identifier = 'email'; $db_identifier = 'email';
} }
/* if ($this->config_vars['ddos_protection'] && ! $this->update_login_attempts()) {
*
* User Verification
*
* Removed or !ctype_alnum($pass) from the IF statement
* It was causing issues with special characters in passwords
* and returning FALSE even if the password matches.
*/
$query = null;
$query = $this->aauth_db->where($db_identifier, $identifier);
$query = $this->aauth_db->get($this->config_vars['users']);
$row = $query->row();
// only email found and login attempts exceeded
if ($query->num_rows() > 0 && $this->config_vars['ddos_protection'] && ! $this->update_login_attempts()) {
$this->error($this->CI->lang->line('aauth_error_login_attempts_exceeded')); $this->error($this->CI->lang->line('aauth_error_login_attempts_exceeded'));
return FALSE; return FALSE;
} }
if($this->config_vars['ddos_protection'] && $this->config_vars['recaptcha_active'] && $this->get_login_attempts() >= $this->config_vars['recaptcha_login_attempts']){
//recaptcha login_attempts check
$query = null;
$query = $this->aauth_db->where($db_identifier, $identifier);
$query = $this->aauth_db->get($this->config_vars['users']);
$row = $query->row();
if($query->num_rows() > 0 && $this->config_vars['ddos_protection'] && $this->config_vars['recaptcha_active'] && $this->update_login_attempts() >= $this->config_vars['recaptcha_login_attempts']){
if($this->config_vars['use_cookies'] == TRUE){ if($this->config_vars['use_cookies'] == TRUE){
$reCAPTCHA_cookie = array( $reCAPTCHA_cookie = array(
'name' => 'reCAPTCHA', 'name' => 'reCAPTCHA',
@ -687,6 +666,28 @@ class Aauth {
} }
/**
* Get login attempt
* @return int
*/
public function get_login_attempts() {
$ip_address = $this->CI->input->ip_address();
$query = $this->aauth_db->where(
array(
'ip_address'=>$ip_address,
'timestamp >='=>strtotime("-".$this->config_vars['max_login_attempt_time_period'])
)
);
$query = $this->aauth_db->get( $this->config_vars['login_attempts'] );
if($query->num_rows() != 0){
$row = $query->row();
return $row->login_attempts;
}
return 0;
}
/** /**
* Update remember * Update remember
* Update amount of time a user is remembered for * Update amount of time a user is remembered for

Write Preview
Loading…
Cancel
Save