failed-galleries/php-gallery
1
0
Fork 0
mirror of https://github.com/Fluffy-Bean/image-gallery.git synced 2024-12-28 18:36:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

Finalised Ban/Log system

Browse source
This commit is contained in:
Michał 2022-09-15 17:13:36 +00:00
parent 6f39ca7759
commit 8d291d0c7d
2 changed files with 177 additions and 145 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
account.php
View file

@ -72,7 +72,7 @@
?>
</div>
<br>
<h3>Bans/Timeouts</h3>
<h3>Bans</h3>
<div id="bans" class="bans">
<?php
// Reading images from table
@ -88,7 +88,7 @@
<p><?php echo $ban['id']; ?></p>
<p><?php echo $ban['ipaddress']; ?></p>
<p><?php echo $ban['reason']; ?></p>
<p><?php echo $ban['length']; ?></p>
<p><?php echo $ban['length']; ?> mins</p>
<?php
$log_time = new DateTime($ban['time']);
echo "<p>" . $log_time->format('d/m/Y H:i:s T') . "<br>" . $diff->time($ban['time']) . "</p>";

90
app/account/account.php
View file

@ -19,20 +19,10 @@ $user_ip = $user_info->get_ip();
|-------------------------------------------------------------
*/
if (isset($_POST['submit_login'])) {
/*
|-------------------------------------------------------------
| Set error status to 0
|-------------------------------------------------------------
| if there are more than 0 error, then they cannot submit a
| request
|-------------------------------------------------------------
*/
$error = 0;
$ban_query = mysqli_query($conn, "SELECT * FROM bans WHERE ipaddress = '$user_ip' ORDER BY id DESC LIMIT 1");
$sql = "SELECT * FROM bans WHERE ipaddress = '$user_ip' ORDER BY id DESC LIMIT 1";
$query = mysqli_query($conn, $sql);
while ($ban_check = mysqli_fetch_assoc($query)) {
while ($ban_check = mysqli_fetch_assoc($ban_query)) {
$ban_time = $ban_check['time'];
$ban_perm = $ban_check['permanent'];
}
@ -45,29 +35,36 @@ if (isset($_POST['submit_login'])) {
sniffleAdd('Bye bye!', 'You have been banned, contact the owner if you feel that this was a mistake', 'var(--red)', 'assets/icons/warning.svg');
</script>
<?php
$error += 1;
} elseif (($ban_diff / 60) <= 60) {
?>
<script>
sniffleAdd('Slow down!', 'You have attempted to login too many times in the last 10 minutes. Come back in <?php echo round(60-($ban_diff/60)); ?> minutes', 'var(--red)', 'assets/icons/warning.svg');
sniffleAdd('Slow down!', 'You have attempted to login/signup too many times in 10 minutes. Come back in <?php echo round(60-($ban_diff/60)); ?> minutes', 'var(--red)', 'assets/icons/warning.svg');
</script>
<?php
$error += 1;
} else {
$attemps = 0;
$log_query = mysqli_query($conn, "SELECT * FROM logs WHERE ipaddress = '$user_ip' ORDER BY id DESC LIMIT 5");
$sql = "SELECT * FROM logs WHERE ipaddress = '$user_ip' ORDER BY id DESC LIMIT 5";
$query = mysqli_query($conn, $sql);
while ($log_array = mysqli_fetch_assoc($query)) {
while ($log_array = mysqli_fetch_assoc($log_query)) {
$log_diff = time() - strtotime($log_array['time']);
if ($log_array['action'] == 'Failed to enter correct Password' && ($log_diff / 60) <= 10 ) {
if ($log_array['action'] == 'Failed to enter correct Password' && ($log_diff / 60) <= 10) {
$attemps += 1;
} elseif ($log_array['action'] == 'Failed to enter correct Invite Code' && ($log_diff / 60) <= 10) {
$attemps += 1;
}
}
if ($attemps >= 5) {
mysqli_query($conn,"INSERT INTO bans (ipaddress, reason, length, permanent) VALUES('$user_ip','Attempted password too many times', '60', '0')");
} else {
}
}
if ($error <= 0) {
// Checking if Username is empty
if (empty(trim($_POST["username"]))) {
?>
@ -92,8 +89,6 @@ if (isset($_POST['submit_login'])) {
$password = trim($_POST["password"]);
}
}
}
if ($error <= 0) {
// Prepare so SQL doesnt get spooked
@ -174,16 +169,52 @@ if (isset($_POST['submit_login'])) {
|-------------------------------------------------------------
*/
if (isset($_POST['submit_signup'])) {
/*
|-------------------------------------------------------------
| Set error status to 0
|-------------------------------------------------------------
| if there are more than 0 error, then they cannot submit a
| request
|-------------------------------------------------------------
*/
$error = 0;
$ban_query = mysqli_query($conn, "SELECT * FROM bans WHERE ipaddress = '$user_ip' ORDER BY id DESC LIMIT 1");
while ($ban_check = mysqli_fetch_assoc($ban_query)) {
$ban_time = $ban_check['time'];
$ban_perm = $ban_check['permanent'];
}
$ban_diff = time() - strtotime($ban_time);
if ($ban_perm) {
?>
<script>
sniffleAdd('Bye bye!', 'You have been banned, contact the owner if you feel that this was a mistake', 'var(--red)', 'assets/icons/warning.svg');
</script>
<?php
$error += 1;
} elseif (($ban_diff / 60) <= 60) {
?>
<script>
sniffleAdd('Slow down!', 'You have attempted to login/signup too many times in 10 minutes. Come back in <?php echo round(60-($ban_diff/60)); ?> minutes', 'var(--red)', 'assets/icons/warning.svg');
</script>
<?php
$error += 1;
} else {
$attemps = 0;
$log_query = mysqli_query($conn, "SELECT * FROM logs WHERE ipaddress = '$user_ip' ORDER BY id DESC LIMIT 5");
while ($log_array = mysqli_fetch_assoc($log_query)) {
$log_diff = time() - strtotime($log_array['time']);
if ($log_array['action'] == 'Failed to enter correct Password' && ($log_diff / 60) <= 10) {
$attemps += 1;
} elseif ($log_array['action'] == 'Failed to enter correct Invite Code' && ($log_diff / 60) <= 10) {
$attemps += 1;
}
}
if ($attemps >= 5) {
mysqli_query($conn,"INSERT INTO bans (ipaddress, reason, length, permanent) VALUES('$user_ip','Attempted password too many times', '60', '0')");
}
}
if ($error <= 0) {
if (empty(trim($_POST["username"]))) {
// Username not entered
?>
@ -326,6 +357,7 @@ if (isset($_POST['submit_signup'])) {
}
}
}
}
// Checking for errors
if ($error <= 0) {