function SaveLoginAttempt($_password) { if (!empty($this->LoginIPRange)) { $match = false; $ranges = explode(",", $this->LoginIPRange); foreach ($ranges as $range) { if (@$_SERVER["REMOTE_ADDR"] == trim($range) || ipIsInRange(@$_SERVER["REMOTE_ADDR"], trim($range))) { $match = true; } } if (!$match) { return false; } } $result = queryDB(true, "SELECT `id` FROM `" . DB_PREFIX . DATABASE_OPERATOR_LOGINS . "` WHERE ip='" . @mysql_real_escape_string(@$_SERVER["REMOTE_ADDR"]) . "' AND `user_id`='" . @mysql_real_escape_string($this->UserId) . "' AND `time` > '" . @mysql_real_escape_string(time() - 86400) . "';"); if (@mysql_num_rows($result) >= MAX_LOGIN_ATTEMPTS) { return false; } $result = queryDB(true, "SELECT `id` FROM `" . DB_PREFIX . DATABASE_OPERATOR_LOGINS . "` WHERE ip='" . @mysql_real_escape_string(@$_SERVER["REMOTE_ADDR"]) . "' AND `user_id`='" . @mysql_real_escape_string($this->UserId) . "' AND `time` > '" . @mysql_real_escape_string(time() - 86400) . "' AND `password`='" . @mysql_real_escape_string($_password) . "';"); if (@mysql_num_rows($result) == 0) { queryDB(true, "INSERT INTO `" . DB_PREFIX . DATABASE_OPERATOR_LOGINS . "` (`id` ,`user_id` ,`ip` ,`time` ,`password`) VALUES ('" . @mysql_real_escape_string(getId(32)) . "', '" . @mysql_real_escape_string($this->UserId) . "', '" . @mysql_real_escape_string(@$_SERVER["REMOTE_ADDR"]) . "', '" . @mysql_real_escape_string(time()) . "', '" . @mysql_real_escape_string($_password) . "');"); } return true; }
function ValidateLoginAttempt($_clear = false) { if (DB_CONNECTION) { if (strlen($this->PasswordChange) == 32 && LOGIN) { $this->Password = $this->PasswordChange; $this->ChangePassword($this->Password, false, false); } if (!empty($this->LoginIPRange)) { $match = false; $ranges = explode(",", $this->LoginIPRange); foreach ($ranges as $range) { if (getIP(true) == trim($range) || ipIsInRange(getIP(true), trim($range))) { $match = true; } } if (!$match) { return false; } } $result = queryDB(true, "SELECT `id`,`password` FROM `" . DB_PREFIX . DATABASE_OPERATOR_LOGINS . "` WHERE `ip`='" . DBManager::RealEscape(getIP(true)) . "' AND `user_id`='" . DBManager::RealEscape($this->UserId) . "' AND `time` > '" . DBManager::RealEscape(time() - 86400) . "';"); if (DBManager::GetRowCount($result) >= MAX_LOGIN_ATTEMPTS) { if (!$_clear) { $this->DeleteLoginAttempts(); return $this->ValidateLoginAttempt(true); } return false; } } return true; }