From c3e328e324dfb26befc5a940296605935f6869fb Mon Sep 17 00:00:00 2001 From: Squidly271 Date: Wed, 18 Jun 2025 12:37:01 -0400 Subject: [PATCH 1/4] Update .login.php --- emhttp/plugins/dynamix/include/.login.php | 65 ++++++++++++++++++++--- 1 file changed, 57 insertions(+), 8 deletions(-) diff --git a/emhttp/plugins/dynamix/include/.login.php b/emhttp/plugins/dynamix/include/.login.php index 253fbdded..e4ca9a0d0 100644 --- a/emhttp/plugins/dynamix/include/.login.php +++ b/emhttp/plugins/dynamix/include/.login.php @@ -166,9 +166,9 @@ if (!empty($username) && !empty($password)) { // Check if we're limited if ($failCount >= $maxFails) { if ($failCount == $maxFails) { - my_logger("Ignoring login attempts for {$username} from {$remote_addr}"); + my_logger("Ignoring login attempts from {$remote_addr} for {$cooldown} seconds."); } - throw new Exception(_('Too many invalid login attempts')); + throw new Exception(_('Too many previous login attempts.').'
'.sprintf(_('Logins prevented for %s'),'')); } // Bail if username + password combo doesn't work @@ -193,10 +193,17 @@ if (!empty($username) && !empty($password)) { } catch (Exception $exception) { // Set error message $error = $exception->getMessage(); - - // Log error to syslog - my_logger("Unsuccessful login user {$username} from {$remote_addr}"); appendToFile($failFile, $time . "\n"); + $failCount = cleanupFails($failFile, $time); + // Log error to syslog + $coolReset = ""; + if ($failCount >= $maxFails) { + $coolReset = "Ignoring login attempts for {$cooldown} seconds."; + } + if ( $failCount == $maxFails ) { + $error .= '
'.sprintf(_('Logins prevented for %s'),''); + } + my_logger("Unsuccessful login user {$username} from {$remote_addr}. {$coolReset}"); } } @@ -586,9 +593,9 @@ $isDarkTheme = $themeHelper->isDarkTheme();

- -

- + +

+ @@ -610,6 +617,48 @@ $isDarkTheme = $themeHelper->isDarkTheme(); document.body.textContent = ''; document.body.appendChild(errorElement); } + + var timeInSecs; + var ticker; + + function startTimer(secs) { + timeInSecs = parseInt(secs); + ticker = setInterval("tick()", 1000); + } + + function tick() { + var secs = timeInSecs; + + updateMessage(prettyTime(secs),"countdown"); + + if (secs > 0) { + timeInSecs--; + } else { + clearInterval(ticker); + // remove the error message after 10 seconds after the timer has expired + updateMessage("","error"); + setTimeout(function() { + updateMessage("","error"); + }, 10000); + return; + } + } + function updateMessage(msg,ID) { + var element = document.getElementById(ID); + if (element) { + element.innerHTML = msg; + } + } + function prettyTime(secs) { + var mins = Math.floor(secs/60); + secs %= 60; + return ( (mins < 10) ? "0" : "" ) + mins + ":" + ( (secs < 10) ? "0" : "" ) + secs; + } + + if ( document.getElementById("countdown") ) { + startTimer(); + } + From 58d62f656581910581708ebc48409fe3e6bd7293 Mon Sep 17 00:00:00 2001 From: Squidly271 Date: Wed, 18 Jun 2025 12:49:58 -0400 Subject: [PATCH 2/4] Prevent duplicated line in syslog --- emhttp/plugins/dynamix/include/.login.php | 3 --- 1 file changed, 3 deletions(-) diff --git a/emhttp/plugins/dynamix/include/.login.php b/emhttp/plugins/dynamix/include/.login.php index e4ca9a0d0..dfc987605 100644 --- a/emhttp/plugins/dynamix/include/.login.php +++ b/emhttp/plugins/dynamix/include/.login.php @@ -165,9 +165,6 @@ if (!empty($username) && !empty($password)) { // Check if we're limited if ($failCount >= $maxFails) { - if ($failCount == $maxFails) { - my_logger("Ignoring login attempts from {$remote_addr} for {$cooldown} seconds."); - } throw new Exception(_('Too many previous login attempts.').'
'.sprintf(_('Logins prevented for %s'),'')); } From aec7276b1eaf5f1718464fd8da145ddf3ac8d91c Mon Sep 17 00:00:00 2001 From: Squidly271 Date: Tue, 24 Jun 2025 15:18:37 -0400 Subject: [PATCH 3/4] Update .login.php --- emhttp/plugins/dynamix/include/.login.php | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/emhttp/plugins/dynamix/include/.login.php b/emhttp/plugins/dynamix/include/.login.php index dfc987605..157a3a3c7 100644 --- a/emhttp/plugins/dynamix/include/.login.php +++ b/emhttp/plugins/dynamix/include/.login.php @@ -191,15 +191,12 @@ if (!empty($username) && !empty($password)) { // Set error message $error = $exception->getMessage(); appendToFile($failFile, $time . "\n"); - $failCount = cleanupFails($failFile, $time); // Log error to syslog $coolReset = ""; - if ($failCount >= $maxFails) { + if ($failCount > $maxFails) { $coolReset = "Ignoring login attempts for {$cooldown} seconds."; } - if ( $failCount == $maxFails ) { - $error .= '
'.sprintf(_('Logins prevented for %s'),''); - } + my_logger("Unsuccessful login user {$username} from {$remote_addr}. {$coolReset}"); } } @@ -615,8 +612,8 @@ $isDarkTheme = $themeHelper->isDarkTheme(); document.body.appendChild(errorElement); } - var timeInSecs; - var ticker; + let timeInSecs; + let ticker; function startTimer(secs) { timeInSecs = parseInt(secs); From 6a087e4278c01134fddaecb9a1993576aec34b91 Mon Sep 17 00:00:00 2001 From: Squidly271 Date: Thu, 26 Jun 2025 14:02:45 -0400 Subject: [PATCH 4/4] Update .login.php --- emhttp/plugins/dynamix/include/.login.php | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/emhttp/plugins/dynamix/include/.login.php b/emhttp/plugins/dynamix/include/.login.php index 157a3a3c7..c422ee8b0 100644 --- a/emhttp/plugins/dynamix/include/.login.php +++ b/emhttp/plugins/dynamix/include/.login.php @@ -193,7 +193,10 @@ if (!empty($username) && !empty($password)) { appendToFile($failFile, $time . "\n"); // Log error to syslog $coolReset = ""; - if ($failCount > $maxFails) { + if ($failCount == ($maxFails - 1)) { + $error .= '
'.sprintf(_('Logins prevented for %s'),''); + } + if ($failCount >= $maxFails) { $coolReset = "Ignoring login attempts for {$cooldown} seconds."; } @@ -617,7 +620,7 @@ $isDarkTheme = $themeHelper->isDarkTheme(); function startTimer(secs) { timeInSecs = parseInt(secs); - ticker = setInterval("tick()", 1000); + ticker = setInterval(tick, 1000); } function tick() {