DDoS Protections fixes in login()

- removed user get query from DDoS check in - fixed DDoS protection to update login_attempts if user not exist too - removed user get query from DDoS/reCAPTCHA check - fixed DDoS/reCAPTCHA proection to update login_attempts if user not exist too - added `get_login_attempts()` returns login_attempts as INT (used in `login()`)
emreakay · Jun 2, 2016 · 66622f6 · 66622f6
1 parent 116b2c0
commit 66622f6
Showing 1 changed file with 24 additions and 23 deletions.
diff --git a/application/libraries/Aauth.php b/application/libraries/Aauth.php
@@ -159,33 +159,12 @@ public function login($identifier, $pass, $remember = FALSE, $totp_code = NULL)
 			}
 			$db_identifier = 'email';
  		}
-		/*
-		*
-		* User Verification
-		*
-		* Removed or !ctype_alnum($pass) from the IF statement
-		* It was causing issues with special characters in passwords
-		* and returning FALSE even if the password matches.
-		*/
-
-		$query = null;
-		$query = $this->aauth_db->where($db_identifier, $identifier);
-		$query = $this->aauth_db->get($this->config_vars['users']);
-		$row = $query->row();
-
-		// only email found and login attempts exceeded
-		if ($query->num_rows() > 0 && $this->config_vars['ddos_protection'] && ! $this->update_login_attempts()) {
+		if ($this->config_vars['ddos_protection'] && ! $this->update_login_attempts()) {
 
 			$this->error($this->CI->lang->line('aauth_error_login_attempts_exceeded'));
 			return FALSE;
 		}
-
-		//recaptcha login_attempts check
-		$query = null;
-		$query = $this->aauth_db->where($db_identifier, $identifier);
-		$query = $this->aauth_db->get($this->config_vars['users']);
-		$row = $query->row();
-		if($query->num_rows() > 0 && $this->config_vars['ddos_protection'] && $this->config_vars['recaptcha_active'] && $this->update_login_attempts() >= $this->config_vars['recaptcha_login_attempts']){
+		if($this->config_vars['ddos_protection'] && $this->config_vars['recaptcha_active'] && $this->get_login_attempts() >= $this->config_vars['recaptcha_login_attempts']){
 			if($this->config_vars['use_cookies'] == TRUE){
 				$reCAPTCHA_cookie = array(
 					'name'	 => 'reCAPTCHA',
@@ -687,6 +666,28 @@ public function update_login_attempts() {
 
 	}
 
+	/**
+	 * Get login attempt
+	 * @return int
+	 */
+	public function get_login_attempts() {
+		$ip_address = $this->CI->input->ip_address();
+		$query = $this->aauth_db->where(
+			array(
+				'ip_address'=>$ip_address,
+				'timestamp >='=>strtotime("-".$this->config_vars['max_login_attempt_time_period'])
+			)
+		);
+		$query = $this->aauth_db->get( $this->config_vars['login_attempts'] );
+
+		if($query->num_rows() != 0){
+			$row = $query->row();
+			return $row->login_attempts;
+		}
+
+		return 0;
+	}
+
 	/**
 	 * Update remember
 	 * Update amount of time a user is remembered for