From 0d50fa0a8cbb5c19ce0dd389682222ead3691bac Mon Sep 17 00:00:00 2001
From: ljm42 <larry_meaney@iname.com>
Date: Thu, 24 Mar 2022 12:18:55 -0700
Subject: [PATCH] fix: password lockouts not being cleared properly

---
 plugins/dynamix/include/.login.php | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/plugins/dynamix/include/.login.php b/plugins/dynamix/include/.login.php
index cc5cc67e8..c03740999 100644
--- a/plugins/dynamix/include/.login.php
+++ b/plugins/dynamix/include/.login.php
@@ -31,6 +31,12 @@ function fileWrite($file, $text) {
         fclose($fp);
     }
 }
+function isValidTimeStamp($timestamp)
+{
+    return ((string) (int) $timestamp === $timestamp) 
+        && ($timestamp <= PHP_INT_MAX)
+        && ($timestamp >= ~PHP_INT_MAX);
+}
 
 $maxfails = 3;
 $cooldown = 15*60;
@@ -44,16 +50,16 @@ if (!empty($_POST['username']) && !empty($_POST['password'])) {
     $fails = explode("\n", trim($failtext));
     $time = time();
 
-    // remove entries older than $cooldown minutes
+    // remove entries older than $cooldown minutes, and entries that are not timestamps
     $updatefails = false;
     foreach ((array) $fails as $key => $value) {
-        if ($value && $time - $value > $cooldown) {
+        if ( !isValidTimeStamp($value) || ($time - $value > $cooldown) || ($value > $time) ) {
             unset ($fails[$key]);
             $updatefails = true;
         }
     }
     if ($updatefails) {
-        $failtext = implode("\n", $fails);
+        $failtext = implode("\n", $fails)."\n";
         fileWrite($failfile, $failtext);
     }