Skip to content
This repository has been archived by the owner on Oct 27, 2024. It is now read-only.

Commit

Permalink
✅ Added login fail count
Browse files Browse the repository at this point in the history
The main page now displays the number of failed login attempts.

It will be reset with every successful login.
  • Loading branch information
anditv21 committed Oct 3, 2023
1 parent f890178 commit f7b3a18
Show file tree
Hide file tree
Showing 4 changed files with 51 additions and 26 deletions.
40 changes: 17 additions & 23 deletions DB.sql
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
-- https://www.phpmyadmin.net/
--
-- Host: localhost:3306
-- Generation Time: Aug 30, 2023 at 08:18 AM
-- Generation Time: Oct 03, 2023 at 08:51 AM
-- Server version: 10.5.19-MariaDB-0+deb11u2
-- PHP Version: 7.4.33

Expand Down Expand Up @@ -33,6 +33,14 @@ CREATE TABLE `invites` (
`createdAt` timestamp NULL DEFAULT current_timestamp()
) ENGINE=MyISAM DEFAULT CHARSET=latin1 COLLATE=latin1_swedish_ci;

--
-- Dumping data for table `invites`
--

INSERT INTO `invites` (`code`, `createdBy`, `createdAt`) VALUES
('PXZwJcXf5zQ6myPg0zjJ', 'admin', '2023-09-27 09:06:56'),
('yOh20NjgdZ5ruCtH1m8X', 'admin', '2023-09-27 09:06:56');

-- --------------------------------------------------------

--
Expand Down Expand Up @@ -62,13 +70,6 @@ CREATE TABLE `login` (
`note` varchar(255) NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;

--
-- Dumping data for table `login`
--

INSERT INTO `login` (`id`, `username`, `remembertoken`, `ip`, `browser`, `os`, `time`, `note`) VALUES
(24, 'admin', 'c40487c35dda33e0d55a078d79e98a02', 'localhost', 'Chrome', 'Windows 10', 'August 30 th, 9:45', 'none');

-- --------------------------------------------------------

--
Expand Down Expand Up @@ -101,13 +102,6 @@ CREATE TABLE `subscription` (
`createdAt` timestamp NULL DEFAULT current_timestamp()
) ENGINE=MyISAM DEFAULT CHARSET=latin1 COLLATE=latin1_swedish_ci;

--
-- Dumping data for table `subscription`
--

INSERT INTO `subscription` (`code`, `createdBy`, `createdAt`) VALUES
('1m-GZWRhSj71PBruwoHpvnl', 'admin', '2023-08-30 07:43:38');

-- --------------------------------------------------------

--
Expand Down Expand Up @@ -156,8 +150,7 @@ CREATE TABLE `userlogs` (
--

INSERT INTO `userlogs` (`id`, `username`, `action`, `browser`, `os`, `ip`, `time`) VALUES
(278, 'admin2', 'Flushed all logs', 'Chrome', 'Windows 10', 'localhost', 'August 12 th, 22:46'),
(337, 'admin', 'Flushed all logs', 'Chrome', 'Windows 10', 'localhost', 'August 30 th, 10:16');
(278, 'admin2', 'Flushed all logs', 'Chrome', 'Windows 10', 'localhost', 'August 12 th, 22:46');

-- --------------------------------------------------------

Expand Down Expand Up @@ -190,16 +183,17 @@ CREATE TABLE `users` (
`discord_access_token` varchar(255) DEFAULT NULL,
`discord_refresh_token` varchar(255) DEFAULT NULL,
`dcid` varchar(255) DEFAULT NULL,
`muted` int(1) NOT NULL DEFAULT 0
`muted` int(1) NOT NULL DEFAULT 0,
`loginfails` int(255) NOT NULL DEFAULT 0
) ENGINE=MyISAM DEFAULT CHARSET=latin1 COLLATE=latin1_swedish_ci;

--
-- Dumping data for table `users`
--

INSERT INTO `users` (`uid`, `username`, `displayname`, `password`, `hwid`, `admin`, `supp`, `sub`, `username_change`, `frozen`, `banned`, `invitedBy`, `createdAt`, `lastIP`, `currentLogin`, `lastLogin`, `banreason`, `resetcount`, `lastreset`, `invites`, `invitescount`, `discord_access_token`, `discord_refresh_token`, `dcid`, `muted`) VALUES
(1, 'admin', 'andi_arbeit', '$2y$10$7wOzYc.AXpXc1nE/b0IqLOsP2w1cK9LZXDUi6hoSyuWBDj3DoBjOK', 'e7b81f23-815f-433f-8cb7-bbb5c41596ef', 1, 1, '2023-08-01', NULL, 0, 0, '', '2022-07-05 22:04:37', 'localhost', '2023-08-30 09:45:18', '2023-08-30 08:18:45', 'none', 13, '2023-07-30', 26, 0, NULL, NULL, NULL, 0),
(2, 'admin2', NULL, '$argon2i$v=19$m=65536,t=4,p=1$dUNwRW5vNkJ1S1FubGJjRg$0hKtX7rVveuPpCeatmqb2iX55kEo/qBERXkZkiGGJ8E', NULL, 0, 0, '2089-04-28', NULL, 0, 0, 'System', '2023-07-01 14:06:00', 'localhost', '2023-08-13 12:49:39', '2023-08-12 22:49:20', 'none', 0, NULL, 15, 0, NULL, '', NULL, 0);
INSERT INTO `users` (`uid`, `username`, `displayname`, `password`, `hwid`, `admin`, `supp`, `sub`, `username_change`, `frozen`, `banned`, `invitedBy`, `createdAt`, `lastIP`, `currentLogin`, `lastLogin`, `banreason`, `resetcount`, `lastreset`, `invites`, `invitescount`, `discord_access_token`, `discord_refresh_token`, `dcid`, `muted`, `loginfails`) VALUES
(1, 'admin', 'andi_arbeit', '$2y$10$7wOzYc.AXpXc1nE/b0IqLOsP2w1cK9LZXDUi6hoSyuWBDj3DoBjOK', 'e7b81f23-815f-433f-8cb7-bbb5c41596ef', 1, 1, '2023-06-01', NULL, 0, 0, '', '2022-07-05 22:04:37', 'localhost', '2023-10-03 10:46:49', '2023-10-03 10:35:45', 'none', 13, '2023-07-30', 26, 0, NULL, NULL, '854024514781315082', 0, 0),
(2, 'admin2', NULL, '$argon2i$v=19$m=65536,t=4,p=1$dUNwRW5vNkJ1S1FubGJjRg$0hKtX7rVveuPpCeatmqb2iX55kEo/qBERXkZkiGGJ8E', NULL, 0, 0, '2089-04-28', NULL, 0, 0, 'System', '2023-07-01 14:06:00', 'localhost', '2023-08-13 12:49:39', '2023-08-12 22:49:20', 'none', 0, NULL, 15, 0, NULL, '', '1005948935690522665', 0, 0);

--
-- Indexes for dumped tables
Expand Down Expand Up @@ -267,7 +261,7 @@ ALTER TABLE `users`
-- AUTO_INCREMENT for table `login`
--
ALTER TABLE `login`
MODIFY `id` int(11) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=25;
MODIFY `id` int(11) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=37;

--
-- AUTO_INCREMENT for table `shoutbox`
Expand All @@ -279,7 +273,7 @@ ALTER TABLE `shoutbox`
-- AUTO_INCREMENT for table `userlogs`
--
ALTER TABLE `userlogs`
MODIFY `id` int(11) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=338;
MODIFY `id` int(11) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=385;

--
-- AUTO_INCREMENT for table `users`
Expand Down
4 changes: 4 additions & 0 deletions src/app/controllers/UserController.php
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ public function createUserSession($user)
Session::set("banned", (int) $user->banned);
Session::set("invitedBy", $user->invitedBy);
Session::set("createdAt", $user->createdAt);
Session::set("loginfails", $user->loginfails);
}

public function gettokenarray()
Expand Down Expand Up @@ -71,6 +72,7 @@ public function getresetcount($uid)
{
return $this->gethwidcount($uid);
}

public function getresetdate($uid)
{
return $this->getlastreset($uid);
Expand Down Expand Up @@ -195,8 +197,10 @@ public function loginUser($data)
$_SESSION["username"] = $username;
$this->log($username, "Logged in", auth_logs);
$this->loglogin();
$this->resetfails($username);
Util::redirect("/index.php");
} else {
$this->loginfail($username);
return "Username/Password is wrong.";
}
}
Expand Down
21 changes: 21 additions & 0 deletions src/app/models/UsersModel.php
Original file line number Diff line number Diff line change
Expand Up @@ -251,6 +251,27 @@ protected function addrememberToken($token, $username)
$this->statement->execute([$username, $token, $ip, $browser, $os, $time, "none"]);
}

protected function loginfail($username)
{
$this->prepare('SELECT * FROM `users` WHERE `username` = ?');
$this->statement->execute([$username]);
$row = $this->statement->fetch();

if (!$row) {
return false;
}
else {
$this->prepare('UPDATE `users` SET `loginfails` = `loginfails` + 1 WHERE `username` = ?');
$this->statement->execute([$username]);
}
}

protected function resetfails($username)
{
$this->prepare('UPDATE `users` SET `loginfails` = 0 WHERE `username` = ?');
$this->statement->execute([$username]);
}

// Register - Sends data to DB
protected function register($username, $hashedPassword, $invCode)
{
Expand Down
12 changes: 9 additions & 3 deletions src/index.php
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,14 @@
Util::display("Last login: {$formatted_date} from ");
?>
<em onclick="copyToClipboard('<?php Util::display($user->getlastip()); ?>')" title='Click to copy' data-toggle='tooltip' data-placement='top' class='spoiler'><?php Util::display($user->getlastip()); ?></em>

<?php
$loginfails = Session::get("loginfails");
if ($loginfails > 0) : ?>
<br>
<em style="color: red"; >Security Warning: <?php Util::display(Util::securevar($loginfails)); ?> failed login attempts <img title="" data-toggle="tooltip" data-placement="top" src="assets/img/warning.png" width="15" height="15" data-original-title="Resets after every successful login."></em>

<?php endif; ?>
</div>
</div>

Expand All @@ -71,9 +79,7 @@
if ($System->getSystemData()->frozen == 1) : ?>
<div class="col-12 mt-3 mb-2">
<div class="alert alert-primary" role="alert">
<b style="color: #6cc312;"><?php Util::display(
"WARNING: ALL SUBSCRIPTIONS ARE CURRENTLY FROZEN! ($time days since frozen)"
); ?></b>
<b style="color: #6cc312;"><?php Util::display("WARNING: ALL SUBSCRIPTIONS ARE CURRENTLY FROZEN! ($time days since frozen)"); ?></b>
</div>
</div>
<?php endif;
Expand Down

0 comments on commit f7b3a18

Please sign in to comment.