mirror/webgui
1
0
Fork 0
mirror of https://github.com/unraid/webgui.git synced 2026-01-18 23:50:12 -06:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1061 from ljm42/fix/patch-4

Browse Source 
fix: password lockouts not being cleared properly
This commit is contained in:
tom mortensen
2022-03-24 13:24:12 -07:00
committed by GitHub
parent 4d7139c66e 0d50fa0a8c
commit cd5897c2d0
1 changed files with 9 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
plugins/dynamix/include/.login.php
View File

@@ -31,6 +31,12 @@ function fileWrite($file, $text) {
fclose($fp);
}
}
function isValidTimeStamp($timestamp)
{
return ((string) (int) $timestamp === $timestamp)
&& ($timestamp <= PHP_INT_MAX)
&& ($timestamp >= ~PHP_INT_MAX);
}
$maxfails = 3;
$cooldown = 15*60;
@@ -44,16 +50,16 @@ if (!empty($_POST['username']) && !empty($_POST['password'])) {
$fails = explode("\n", trim($failtext));
$time = time();
// remove entries older than $cooldown minutes
// remove entries older than $cooldown minutes, and entries that are not timestamps
$updatefails = false;
foreach ((array) $fails as $key => $value) {
if ($value && $time - $value > $cooldown) {
if ( !isValidTimeStamp($value) || ($time - $value > $cooldown) || ($value > $time) ) {
unset ($fails[$key]);
$updatefails = true;
}
}
if ($updatefails) {
$failtext = implode("\n", $fails);
$failtext = implode("\n", $fails)."\n";
fileWrite($failfile, $failtext);
}