} if (isset($_SESSION['csrfToken'])) { unset($_SESSION['csrfToken']); } $sql = "SELECT id FROM failed_login WHERE ip_address = ? AND failed_time > ADDDATE(NOW(), INTERVAL -5 MINUTE)"; $ip_address = $_SERVER['REMOTE_ADDR']; $pA = array('s', $ip_address); $failures = DB::query($sql, $pA); $num_failed = $failures->getRows(); $too_many_attempts = false; if ($num_failed > 3) { $_SESSION['error'] = 'Too many failed attempts from your location, please try again in 5 minutes.'; $too_many_attempts = true; } if (!$too_many_attempts && isset($_POST['username']) && isset($_POST['password'])) { $user = new eCRFUser(); $login = $user->login($_POST['username'], $_POST['password']); if ($login) { $_SESSION['user'] = $user; } } else { $login = false; } if ($too_many_attempts || !$login) { $sql = "INSERT INTO failed_login ( username, ip_address, too_many, failed_time ) VALUES ( ?, ?, ?, ? )"; $username = substr($_POST['username'], 0, 50); $failed_time = gmdate("Y-m-d H:i:s"); $pA = array('ssis', $username, $ip_address, $too_many_attempts, $failed_time); DB::query($sql, $pA); } header('Location:index.php');