$persistent = ''; } $dbusername = sanitize($db->escape($username), 4); require_once mnminclude . 'check_behind_proxy.php'; $lastip = check_ip_behind_proxy(); $login = $db->get_row("SELECT *, UNIX_TIMESTAMP()-UNIX_TIMESTAMP(login_time) AS time FROM " . table_login_attempts . " WHERE login_ip='{$lastip}'"); if ($login->login_id) { $login_id = $login->login_id; if ($login->time < 3) { $errorMsg = sprintf($main_smarty->get_config_vars('PLIGG_Visual_Login_Error'), 3); } elseif ($login->login_count >= 3) { if ($login->time < min(60 * pow(2, $login->login_count - 3), 3600)) { $errorMsg = sprintf($main_smarty->get_config_vars('PLIGG_Login_Incorrect_Attempts'), $login->login_count, min(60 * pow(2, $login->login_count - 3), 3600) - $login->time); } } } elseif (!is_ip_approved($lastip)) { $db->query("INSERT INTO " . table_login_attempts . " SET login_username = '******', login_time=NOW(), login_ip='{$lastip}'"); $login_id = $db->insert_id; if (!$login_id) { $errorMsg = sprintf($main_smarty->get_config_vars('PLIGG_Visual_Login_Error'), 3); } } if (!$errorMsg) { if ($current_user->Authenticate($username, $password, $persistent) == false) { $db->query("UPDATE " . table_login_attempts . " SET login_username='******', login_count=login_count+1, login_time=NOW() WHERE login_id=" . $login_id); $user = $db->get_row("SELECT * FROM " . table_users . " WHERE user_login = '******' or user_email= '{$username}'"); if (pligg_validate() && $user->user_lastlogin == "0000-00-00 00:00:00") { $errorMsg = $main_smarty->get_config_vars('PLIGG_Visual_Resend_Email') . "<form method='post'>\r\n\t\t\t\t\t\t<div class='input-append notvalidated'>\r\n\t\t\t\t\t\t\t<input type='text' class='col-md-2' name='email'> \r\n\t\t\t\t\t\t\t<input type='submit' class='btn btn-default' value='Send'>\r\n\t\t\t\t\t\t\t<input type='hidden' name='processlogin' value='5'/>\r\n\t\t\t\t\t\t</div>\r\n\t\t\t\t\t</form>"; } else { $errorMsg = $main_smarty->get_config_vars('PLIGG_Visual_Login_Error'); }
function ban_ip($ip, $ip2) { global $static_ips; $filename = mnmpath . '/logs/bannedips.log'; if (is_writable($filename)) { if (!($handle = fopen($filename, 'a'))) { return "Cannot open file ({$filename})"; } if (!is_ip_approved($ip)) { if (!is_ip_banned($ip) && fwrite($handle, "{$ip}\n") === FALSE) { return "Cannot write to file ({$filename})"; } else { $static_ips[] = "{$ip}\n"; } } if ($ip2 && !is_ip_approved($ip2)) { if (!is_ip_banned($ip2) && fwrite($handle, "{$ip2}\n") === FALSE) { return "Cannot write to file ({$filename})"; } else { $static_ips[] = "{$ip2}\n"; } } fclose($handle); } else { return "The file {$filename} is not writable"; } return ''; }