function hesk_limitBfAttempts($showError = 1) { global $hesk_settings, $hesklang; // Check if this IP is banned permanently if (hesk_isBannedIP($_SERVER['REMOTE_ADDR'])) { hesk_error($hesklang['baned_ip'], 0); } /* If this feature is disabled or already called, return false */ if (!$hesk_settings['attempt_limit'] || defined('HESK_BF_LIMIT')) { return false; } /* Define this constant to avoid duplicate checks */ define('HESK_BF_LIMIT', 1); $ip = $_SERVER['REMOTE_ADDR']; /* Get number of failed attempts from the database */ $res = hesk_dbQuery("SELECT `number`, (CASE WHEN `last_attempt` IS NOT NULL AND DATE_ADD(`last_attempt`, INTERVAL " . intval($hesk_settings['attempt_banmin']) . " MINUTE ) > NOW() THEN 1 ELSE 0 END) AS `banned` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "logins` WHERE `ip`='" . hesk_dbEscape($ip) . "' LIMIT 1"); /* Not in the database yet? Add first one and return false */ if (hesk_dbNumRows($res) != 1) { hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "logins` (`ip`) VALUES ('" . hesk_dbEscape($ip) . "')"); return false; } /* Get number of failed attempts and increase by 1 */ $row = hesk_dbFetchAssoc($res); $row['number']++; /* If too many failed attempts either return error or reset count if time limit expired */ if ($row['number'] >= $hesk_settings['attempt_limit']) { if ($row['banned']) { $tmp = sprintf($hesklang['yhbb'], $hesk_settings['attempt_banmin']); unset($_SESSION); if ($showError) { hesk_error($tmp, 0); } else { return $tmp; } } else { $row['number'] = 1; } } hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "logins` SET `number`=" . intval($row['number']) . " WHERE `ip`='" . hesk_dbEscape($ip) . "' LIMIT 1"); return false; }
} elseif ($v['req']) { $tmpvar[$k] = hesk_makeURL(nl2br(hesk_input(hesk_POST($k)))); if (!strlen($tmpvar[$k])) { $hesk_error_buffer[$k] = $hesklang['fill_all'] . ': ' . $v['name']; } $_SESSION["c_{$k}"] = hesk_POST($k); } else { $tmpvar[$k] = hesk_makeURL(nl2br(hesk_input(hesk_POST($k)))); $_SESSION["c_{$k}"] = hesk_POST($k); } } else { $tmpvar[$k] = ''; } } // Check bans if (!isset($hesk_error_buffer['email']) && hesk_isBannedEmail($tmpvar['email']) || hesk_isBannedIP($_SERVER['REMOTE_ADDR'])) { hesk_error($hesklang['baned_e']); } // Check maximum open tickets limit $below_limit = true; if ($hesk_settings['max_open'] && !isset($hesk_error_buffer['email'])) { $res = hesk_dbQuery("SELECT COUNT(*) FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `status` IN ('0', '1', '2', '4', '5') AND " . hesk_dbFormatEmail($tmpvar['email'])); $num = hesk_dbResult($res); if ($num >= $hesk_settings['max_open']) { $hesk_error_buffer = array('max_open' => sprintf($hesklang['maxopen'], $num, $hesk_settings['max_open'])); $below_limit = false; } } // If we reached max tickets let's save some resources if ($below_limit) { // Generate tracking ID
echo $ticket['email']; ?> </a></td> </tr> <tr> <td><?php echo $hesklang['ip']; ?> :</td> <td><?php // Format IP for lookup if ($ticket['ip'] == 'Unknown' || $ticket['ip'] == $hesklang['unknown']) { echo $hesklang['unknown']; } else { if ($can_ban_ips) { if ($ip_id = hesk_isBannedIP($ticket['ip'])) { if ($can_unban_ips) { echo '<a href="banned_ips.php?a=unban&track=' . $trackingID . '&id=' . intval($ip_id) . '&token=' . hesk_token_echo(0) . '"><img src="../img/banned.png" width="16" height="16" alt="' . $hesklang['ipisban'] . ' ' . $hesklang['click_unban'] . '" title="' . $hesklang['ipisban'] . ' ' . $hesklang['click_unban'] . '" /></a> '; } else { echo '<img src="../img/banned.png" width="16" height="16" alt="' . $hesklang['ipisban'] . '" title="' . $hesklang['ipisban'] . '" /> '; } } else { echo '<a href="banned_ips.php?a=ban&track=' . $trackingID . '&ip=' . urlencode($ticket['ip']) . '&token=' . hesk_token_echo(0) . '"><img src="../img/ban.png" width="16" height="16" alt="' . $hesklang['savebanip'] . '" title="' . $hesklang['savebanip'] . '" /></a> '; } } echo '<a href="../ip_whois.php?ip=' . urlencode($ticket['ip']) . '">' . $ticket['ip'] . '</a>'; } ?> </td> </tr> </table>