Nemcio/Grav-Admin-Plugin
1
0
Fork 0
mirror of https://github.com/getgrav/grav-plugin-admin.git synced 2026-05-06 20:47:04 +02:00
Code Issues Packages Projects Releases Activity

Added rate limiting for login and forgot password

Browse Source
This commit is contained in:
Andy Miller
2017-08-28 14:24:48 -06:00
parent 0c11df8f67
commit 87d4c28b4a
3 changed files with 24 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
classes/admin.php
View File

@@ -350,6 +350,17 @@ class Admin
*/
public function authenticate($data, $post)
{
$count = $this->grav['config']->get('plugins.login.max_login_count', 5);
$interval = $this->grav['config']->get('plugins.login.max_login_interval', 10);
$login = $this->grav['login'];
if ($login->isUserRateLimited($this->user, 'login_attempts', $count, $interval)) {
$this->setMessage($this->translate(['PLUGIN_LOGIN.TOO_MANY_LOGIN_ATTEMPTS', $interval]), 'error');
$this->grav->redirect($post['redirect']);
return true;
}
if (!$this->user->authenticated && isset($data['username']) && isset($data['password'])) {
// Perform RegEX check on submitted username to check for emails
if (filter_var($data['username'], FILTER_VALIDATE_EMAIL)) {
@@ -385,12 +396,9 @@ class Admin
}
$user->authenticated = true;
$this->login->resetRateLimits($user,'login_attempts');
if ($user->authorize('admin.login')) {
$this->user = $this->session->user = $user;
/** @var Grav $grav */