Example #1
0
function hesk_limitBfAttempts($showError = 1)
{
    global $hesk_settings, $hesklang;
    // Check if this IP is banned permanently
    if (hesk_isBannedIP($_SERVER['REMOTE_ADDR'])) {
        hesk_error($hesklang['baned_ip'], 0);
    }
    /* If this feature is disabled or already called, return false */
    if (!$hesk_settings['attempt_limit'] || defined('HESK_BF_LIMIT')) {
        return false;
    }
    /* Define this constant to avoid duplicate checks */
    define('HESK_BF_LIMIT', 1);
    $ip = $_SERVER['REMOTE_ADDR'];
    /* Get number of failed attempts from the database */
    $res = hesk_dbQuery("SELECT `number`, (CASE WHEN `last_attempt` IS NOT NULL AND DATE_ADD(`last_attempt`, INTERVAL " . intval($hesk_settings['attempt_banmin']) . " MINUTE ) > NOW() THEN 1 ELSE 0 END) AS `banned` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "logins` WHERE `ip`='" . hesk_dbEscape($ip) . "' LIMIT 1");
    /* Not in the database yet? Add first one and return false */
    if (hesk_dbNumRows($res) != 1) {
        hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "logins` (`ip`) VALUES ('" . hesk_dbEscape($ip) . "')");
        return false;
    }
    /* Get number of failed attempts and increase by 1 */
    $row = hesk_dbFetchAssoc($res);
    $row['number']++;
    /* If too many failed attempts either return error or reset count if time limit expired */
    if ($row['number'] >= $hesk_settings['attempt_limit']) {
        if ($row['banned']) {
            $tmp = sprintf($hesklang['yhbb'], $hesk_settings['attempt_banmin']);
            unset($_SESSION);
            if ($showError) {
                hesk_error($tmp, 0);
            } else {
                return $tmp;
            }
        } else {
            $row['number'] = 1;
        }
    }
    hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "logins` SET `number`=" . intval($row['number']) . " WHERE `ip`='" . hesk_dbEscape($ip) . "' LIMIT 1");
    return false;
}
        } elseif ($v['req']) {
            $tmpvar[$k] = hesk_makeURL(nl2br(hesk_input(hesk_POST($k))));
            if (!strlen($tmpvar[$k])) {
                $hesk_error_buffer[$k] = $hesklang['fill_all'] . ': ' . $v['name'];
            }
            $_SESSION["c_{$k}"] = hesk_POST($k);
        } else {
            $tmpvar[$k] = hesk_makeURL(nl2br(hesk_input(hesk_POST($k))));
            $_SESSION["c_{$k}"] = hesk_POST($k);
        }
    } else {
        $tmpvar[$k] = '';
    }
}
// Check bans
if (!isset($hesk_error_buffer['email']) && hesk_isBannedEmail($tmpvar['email']) || hesk_isBannedIP($_SERVER['REMOTE_ADDR'])) {
    hesk_error($hesklang['baned_e']);
}
// Check maximum open tickets limit
$below_limit = true;
if ($hesk_settings['max_open'] && !isset($hesk_error_buffer['email'])) {
    $res = hesk_dbQuery("SELECT COUNT(*) FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `status` IN ('0', '1', '2', '4', '5') AND " . hesk_dbFormatEmail($tmpvar['email']));
    $num = hesk_dbResult($res);
    if ($num >= $hesk_settings['max_open']) {
        $hesk_error_buffer = array('max_open' => sprintf($hesklang['maxopen'], $num, $hesk_settings['max_open']));
        $below_limit = false;
    }
}
// If we reached max tickets let's save some resources
if ($below_limit) {
    // Generate tracking ID
Example #3
0
echo $ticket['email'];
?>
</a></td>
			    </tr>
			    <tr>
			    <td><?php 
echo $hesklang['ip'];
?>
:</td>
			    <td><?php 
// Format IP for lookup
if ($ticket['ip'] == 'Unknown' || $ticket['ip'] == $hesklang['unknown']) {
    echo $hesklang['unknown'];
} else {
    if ($can_ban_ips) {
        if ($ip_id = hesk_isBannedIP($ticket['ip'])) {
            if ($can_unban_ips) {
                echo '<a href="banned_ips.php?a=unban&amp;track=' . $trackingID . '&amp;id=' . intval($ip_id) . '&amp;token=' . hesk_token_echo(0) . '"><img src="../img/banned.png" width="16" height="16" alt="' . $hesklang['ipisban'] . ' ' . $hesklang['click_unban'] . '" title="' . $hesklang['ipisban'] . ' ' . $hesklang['click_unban'] . '" /></a> ';
            } else {
                echo '<img src="../img/banned.png" width="16" height="16" alt="' . $hesklang['ipisban'] . '" title="' . $hesklang['ipisban'] . '" /> ';
            }
        } else {
            echo '<a href="banned_ips.php?a=ban&amp;track=' . $trackingID . '&amp;ip=' . urlencode($ticket['ip']) . '&amp;token=' . hesk_token_echo(0) . '"><img src="../img/ban.png" width="16" height="16" alt="' . $hesklang['savebanip'] . '" title="' . $hesklang['savebanip'] . '" /></a> ';
        }
    }
    echo '<a href="../ip_whois.php?ip=' . urlencode($ticket['ip']) . '">' . $ticket['ip'] . '</a>';
}
?>
</td>
			    </tr>
			    </table>