/**
* Implements login throttling
* Reduces the efectiveness of brute force attacks
*
* @param int $userId
*/
public function registerUserThrottling($userId)
{
$failedLogin = new FailedLogins();
$failedLogin->usersId = $userId;
$failedLogin->ipAddress = $this->request->getClientAddress();
$failedLogin->attempted = $this->config->database->adapter == 'Postgresql' ? date('Y-m-d H:i:s') : time();
$failedLogin->save();
$attempts = FailedLogins::count(array('ipAddress = ?0 AND attempted >= ?1', 'bind' => array($this->request->getClientAddress(), $this->config->database->adapter == 'Postgresql' ? date('d/m/Y H:i:s', strtotime('-6 Hours')) : time() - 3600 * 6)));
switch ($attempts) {
case 1:
case 2:
// no delay
break;
case 3:
case 4:
sleep(2);
break;
default:
sleep(4);
break;
}
}
/**
* Implements login throttling
* Reduces the efectiveness of brute force attacks
*
* @param int $userId
*/
public function registerUserThrottling($userId)
{
$failedLogin = new FailedLogins();
$failedLogin->usersId = $userId;
$failedLogin->ipAddress = $this->request->getClientAddress();
$failedLogin->attempted = time();
$failedLogin->save();
$attempts = FailedLogins::count(array('ipAddress = ?0 AND attempted >= ?1', 'bind' => array($this->request->getClientAddress(), time() - 3600 * 6)));
switch ($attempts) {
case 1:
case 2:
// no delay
break;
case 3:
case 4:
sleep(2);
break;
default:
sleep(4);
break;
}
}
