[SUCS Devel] [Git][sucssite/sso][master] 2 commits: Fix some ban logic to be nicer to legit people

Imran Hussain (@imranh) imranh at sucs.org
Wed Dec 22 22:04:17 GMT 2021 


Imran Hussain pushed to branch master at sucssite / sso


Commits:
dc4bc354 by Imran Hussain at 2021-12-22T22:02:17+00:00
Fix some ban logic to be nicer to legit people

- - - - -
48078284 by Imran Hussain at 2021-12-22T22:04:15+00:00
Merge branch 'ban-logic-fix' into 'master'

Fix some ban logic to be nicer to legit people

See merge request sucssite/sso!5
- - - - -


1 changed file:

- public/index.php


Changes:

=====================================
public/index.php
=====================================
@@ -35,8 +35,8 @@ $ipBan_result = $DB_CON->query("SELECT * FROM sessions WHERE ipaddr='${_SERVER["
 $ipBan_details = $ipBan_result->fetchArray();
 
 // if their last login attempt was less than 30 mins ago
-// 30 mins to really punish ban avoiders 
-if ($ipBan_details["lastfailedlogintime"] <= strtotime("-30 minutes")) {
+// 30 mins to really punish ban avoiders
+if ( $ipBan_details["id"] !== $SESSIONID && $ipBan_details["lastfailedlogintime"] >= strtotime("-30 minutes") ) {
 	$RATELIMITED = true;
 }
 
@@ -55,7 +55,8 @@ if ( $details["id"] === $SESSIONID && !$RATELIMITED) {
 	if ($details["iss_username"] !== null) {
 		$ISS_LOGIN = true;
 	}
-	if ($details["lastfailedlogintime"] <= strtotime("-10 minutes")) {
+	// every 10 minutes give people not clearing their cookies 1 more go
+	if ($details["failedlogincount"] >= 3 && $details["lastfailedlogintime"] <= strtotime("-10 minutes")) {
 		$details["failedlogincount"] = 2;
 	}
 	if ($details["failedlogincount"] >= 3) {
@@ -95,6 +96,9 @@ if ( isset($_POST["username"]) && isset($_POST["password"]) && !$RATELIMITED ) {
 		//do stuff for not authd peeps
 		$details["failedlogincount"] = $details["failedlogincount"] + 1;
 		$DB_CON->exec("UPDATE sessions SET failedlogincount=${details['failedlogincount']}, lastfailedlogintime=strftime('%s','now') WHERE id='${SESSIONID}'");
+		if ($details["failedlogincount"] >= 3) {
+			$RATELIMITED = true;
+		}
 	}
 
 } elseif ( isset($_COOKIE["sucssite_session"]) && !$RATELIMITED) {



View it on GitLab: https://projects.sucs.org/sucssite/sso/-/compare/4f4939e53a4a8cd40899ac00d62a178918fae8db...48078284ca8cb62283ffa99b6bbcc3b565c54d83

-- 
View it on GitLab: https://projects.sucs.org/sucssite/sso/-/compare/4f4939e53a4a8cd40899ac00d62a178918fae8db...48078284ca8cb62283ffa99b6bbcc3b565c54d83
You're receiving this email because of your account on projects.sucs.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sucs.org/pipermail/devel/attachments/20211222/95da8495/attachment-0001.html>

More information about the Devel mailing list