function log_attempt($UserID)
{
global $DB, $AttemptID, $Attempts, $Bans, $BannedUntil, $Time;
if ($AttemptID) {
// User has attempted to log in recently
$Attempts++;
if ($Attempts > 5) {
// Only 6 allowed login attempts, ban user's IP
$BannedUntil = time_plus(60 * 60 * 6);
$DB->query("UPDATE login_attempts SET\n\t\t\t\t\tLastAttempt='" . sqltime() . "',\n\t\t\t\t\tAttempts='" . db_string($Attempts) . "',\n\t\t\t\t\tBannedUntil='" . db_string($BannedUntil) . "',\n\t\t\t\t\tBans=Bans+1 \n\t\t\t\t\tWHERE ID='" . db_string($AttemptID) . "'");
if ($Bans > 9) {
// Automated bruteforce prevention
$IP = ip2unsigned($_SERVER['REMOTE_ADDR']);
$DB->query("SELECT Reason FROM ip_bans WHERE " . $IP . " BETWEEN FromIP AND ToIP");
if ($DB->record_count() > 0) {
//Ban exists already, only add new entry if not for same reason
list($Reason) = $DB->next_record(MYSQLI_BOTH, false);
if ($Reason != "Automated ban per >60 failed login attempts") {
$DB->query("UPDATE ip_bans\n\t\t\t\t\t\t\t\tSET Reason = CONCAT('Automated ban per >60 failed login attempts AND ', Reason)\n\t\t\t\t\t\t\t\tWHERE FromIP = " . $IP . " AND ToIP = " . $IP);
}
} else {
//No ban
$DB->query("INSERT INTO ip_bans\n\t\t\t\t\t\t\t(FromIP, ToIP, Reason) VALUES\n\t\t\t\t\t\t\t('{$IP}','{$IP}', 'Automated ban per >60 failed login attempts')");
$Cache->delete_value('ip_bans');
}
}
} else {
// User has attempted fewer than 6 logins
$DB->query("UPDATE login_attempts SET\n\t\t\t\t\tLastAttempt='" . sqltime() . "',\n\t\t\t\t\tAttempts='" . db_string($Attempts) . "',\n\t\t\t\t\tBannedUntil='0000-00-00 00:00:00' \n\t\t\t\t\tWHERE ID='" . db_string($AttemptID) . "'");
}
} else {
// User has not attempted to log in recently
$Attempts = 1;
$DB->query("INSERT INTO login_attempts \n\t\t\t\t(UserID,IP,LastAttempt,Attempts) VALUES \n\t\t\t\t('" . db_string($UserID) . "','" . db_string($_SERVER['REMOTE_ADDR']) . "','" . sqltime() . "',1)");
}
}
$Registries[] = 'http://ftp.apnic.net/stats/ripe-ncc/delegated-ripencc-latest'; //Europe
/*
$Registries[] = 'ftp://ftp.afrinic.net/pub/stats/afrinic/delegated-afrinic-latest'; //Africa
$Registries[] = 'ftp://ftp.apnic.net/pub/stats/apnic/delegated-apnic-latest'; //Asia & Pacific
$Registries[] = 'ftp://ftp.arin.net/pub/stats/arin/delegated-arin-latest'; //North America
$Registries[] = 'ftp://ftp.lacnic.net/pub/stats/lacnic/delegated-lacnic-latest'; //South America
$Registries[] = 'ftp://ftp.ripe.net/ripe/stats/delegated-ripencc-latest'; //Europe
*/
$Query = array();
foreach ($Registries as $Registry) {
$CountryData = explode("\n",file_get_contents($Registry));
foreach ($CountryData as $Country) {
if (preg_match('/\|([A-Z]{2})\|ipv4\|(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\|(\d+)\|/', $Country, $Matches)) {
$Start = ip2unsigned($Matches[2]);
if($Start == 2147483647) { continue; }
if (!isset($Current)) {
$Current = array('StartIP' => $Start, 'EndIP' => $Start + $Matches[3],'Code' => $Matches[1]);
} elseif ($Current['Code'] == $Matches[1] && $Current['EndIP'] == $Start) {
$Current['EndIP'] = $Current['EndIP'] + $Matches[3];
} else {
$Query[] = "('".$Current['StartIP']."','".$Current['EndIP']."','".$Current['Code']."')";
$Current = array('StartIP' => $Start, 'EndIP' => $Start + $Matches[3],'Code' => $Matches[1]);
}
}
}
}
$Query[] = "('".$Current['StartIP']."','".$Current['EndIP']."','".$Current['Code']."')";
function geoip($IP)
{
static $IPs = array();
if (isset($IPs[$IP])) {
return $IPs[$IP];
}
$Long = ip2unsigned($IP);
if (!$Long || $Long == 2130706433) {
// No need to check cc for 127.0.0.1
return false;
}
global $DB;
$DB->query("SELECT EndIP,Code FROM geoip_country WHERE {$Long} >= StartIP ORDER BY StartIP DESC LIMIT 1");
if (!(list($EndIP, $Country) = $DB->next_record()) || $EndIP < $Long) {
$Country = '?';
}
$IPs[$IP] = $Country;
return $Country;
}
$Bans[$ID] = array($ID, $Start, $End);
$Cache->cache_value('ip_bans', $Bans, 0);
}
}
}
define('BANS_PER_PAGE', '20');
list($Page, $Limit) = page_limit(BANS_PER_PAGE);
$sql = "SELECT SQL_CALC_FOUND_ROWS ID, FromIP, ToIP, Reason FROM ip_bans AS i ";
if (!empty($_REQUEST['notes'])) {
$sql .= "WHERE Reason LIKE '%" . db_string($_REQUEST['notes']) . "%' ";
}
if (!empty($_REQUEST['ip']) && preg_match('/\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}/', $_REQUEST['ip'])) {
if (!empty($_REQUEST['notes'])) {
$sql .= "AND '" . ip2unsigned($_REQUEST['ip']) . "' BETWEEN FromIP AND ToIP ";
} else {
$sql .= "WHERE '" . ip2unsigned($_REQUEST['ip']) . "' BETWEEN FromIP AND ToIP ";
}
}
$sql .= "ORDER BY FromIP ASC";
$sql .= " LIMIT " . $Limit;
$Bans = $DB->query($sql);
$DB->query('SELECT FOUND_ROWS()');
list($Results) = $DB->next_record();
$PageLinks = get_pages($Page, $Results, BANS_PER_PAGE, 11);
$DB->set_query_id($Bans);
show_header('IP Bans');
?>
<h2>IP Bans</h2>
<div>
