Skip to content

Commit

Permalink
DDoS Protections fixes in login()
Browse files Browse the repository at this point in the history
 - removed user get query from DDoS check in
 - fixed DDoS protection to update login_attempts if user not exist too
 - removed user get query from DDoS/reCAPTCHA check
 - fixed DDoS/reCAPTCHA proection to update login_attempts if user not exist too
 - added `get_login_attempts()` returns login_attempts as INT (used in `login()`)
  • Loading branch information
REJack committed Jun 2, 2016
1 parent 116b2c0 commit 66622f6
Showing 1 changed file with 24 additions and 23 deletions.
47 changes: 24 additions & 23 deletions application/libraries/Aauth.php
Original file line number Diff line number Diff line change
Expand Up @@ -159,33 +159,12 @@ public function login($identifier, $pass, $remember = FALSE, $totp_code = NULL)
}
$db_identifier = 'email';
}
/*
*
* User Verification
*
* Removed or !ctype_alnum($pass) from the IF statement
* It was causing issues with special characters in passwords
* and returning FALSE even if the password matches.
*/

$query = null;
$query = $this->aauth_db->where($db_identifier, $identifier);
$query = $this->aauth_db->get($this->config_vars['users']);
$row = $query->row();

// only email found and login attempts exceeded
if ($query->num_rows() > 0 && $this->config_vars['ddos_protection'] && ! $this->update_login_attempts()) {
if ($this->config_vars['ddos_protection'] && ! $this->update_login_attempts()) {

$this->error($this->CI->lang->line('aauth_error_login_attempts_exceeded'));
return FALSE;
}

//recaptcha login_attempts check
$query = null;
$query = $this->aauth_db->where($db_identifier, $identifier);
$query = $this->aauth_db->get($this->config_vars['users']);
$row = $query->row();
if($query->num_rows() > 0 && $this->config_vars['ddos_protection'] && $this->config_vars['recaptcha_active'] && $this->update_login_attempts() >= $this->config_vars['recaptcha_login_attempts']){
if($this->config_vars['ddos_protection'] && $this->config_vars['recaptcha_active'] && $this->get_login_attempts() >= $this->config_vars['recaptcha_login_attempts']){
if($this->config_vars['use_cookies'] == TRUE){
$reCAPTCHA_cookie = array(
'name' => 'reCAPTCHA',
Expand Down Expand Up @@ -687,6 +666,28 @@ public function update_login_attempts() {

}

/**
* Get login attempt
* @return int
*/
public function get_login_attempts() {
$ip_address = $this->CI->input->ip_address();
$query = $this->aauth_db->where(
array(
'ip_address'=>$ip_address,
'timestamp >='=>strtotime("-".$this->config_vars['max_login_attempt_time_period'])
)
);
$query = $this->aauth_db->get( $this->config_vars['login_attempts'] );

if($query->num_rows() != 0){
$row = $query->row();
return $row->login_attempts;
}

return 0;
}

/**
* Update remember
* Update amount of time a user is remembered for
Expand Down

0 comments on commit 66622f6

Please sign in to comment.