From 5c88e6832ca29e76def745441af70306088647b5 Mon Sep 17 00:00:00 2001
From: basefont <>
Date: Sat, 13 Mar 2021 15:31:34 +0000
Subject: [PATCH] warn about failed login attempts
---
chat.php | 32 +++++++++++++++++++++++++++-----
lang_bg.php | 2 ++
lang_cs.php | 2 ++
lang_de.php | 2 ++
lang_en.php | 2 ++
lang_es.php | 2 ++
lang_fr.php | 2 ++
lang_id.php | 4 +++-
lang_it.php | 2 ++
lang_pt.php | 2 ++
lang_ru.php | 2 ++
lang_tr.php | 2 ++
lang_uk.php | 2 ++
lang_zh-Hans.php | 2 ++
14 files changed, 54 insertions(+), 6 deletions(-)
diff --git a/chat.php b/chat.php
index ed7e035..a5602bc 100644
--- a/chat.php
+++ b/chat.php
@@ -81,6 +81,7 @@ function route(){
send_post();
}elseif($_REQUEST['action']==='login'){
check_login();
+ show_fails();
send_frameset();
}elseif($_REQUEST['action']==='controls'){
check_session();
@@ -769,7 +770,7 @@ function restore_backup(array $C){
if(isset($_POST['members']) && isset($code['members'])){
$db->exec('DELETE FROM ' . PREFIX . 'inbox;');
$db->exec('DELETE FROM ' . PREFIX . 'members;');
- $stmt=$db->prepare('INSERT INTO ' . PREFIX . 'members (nickname, passhash, status, refresh, bgcolour, regedby, lastlogin, timestamps, embed, incognito, style, nocache, tz, eninbox, sortupdown, hidechatters, nocache_old) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?);');
+ $stmt=$db->prepare('INSERT INTO ' . PREFIX . 'members (nickname, passhash, status, refresh, bgcolour, regedby, lastlogin, loginfails, timestamps, embed, incognito, style, nocache, tz, eninbox, sortupdown, hidechatters, nocache_old) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?);');
foreach($code['members'] as $member){
$new_settings=['nocache', 'tz', 'eninbox', 'sortupdown', 'hidechatters', 'nocache_old'];
foreach($new_settings as $setting){
@@ -777,7 +778,7 @@ function restore_backup(array $C){
$member[$setting]=0;
}
}
- $stmt->execute([$member['nickname'], $member['passhash'], $member['status'], $member['refresh'], $member['bgcolour'], $member['regedby'], $member['lastlogin'], $member['timestamps'], $member['embed'], $member['incognito'], $member['style'], $member['nocache'], $member['tz'], $member['eninbox'], $member['sortupdown'], $member['hidechatters'], $member['nocache_old']]);
+ $stmt->execute([$member['nickname'], $member['passhash'], $member['status'], $member['refresh'], $member['bgcolour'], $member['regedby'], $member['lastlogin'], $member['loginfails'], $member['timestamps'], $member['embed'], $member['incognito'], $member['style'], $member['nocache'], $member['tz'], $member['eninbox'], $member['sortupdown'], $member['hidechatters'], $member['nocache_old']]);
}
}
if(isset($_POST['notes']) && isset($code['notes'])){
@@ -2437,6 +2438,20 @@ function write_new_session(string $password){
}
}
+function show_fails() {
+ global $db, $I, $U;
+ $stmt=$db->prepare('SELECT * FROM ' . PREFIX . 'members WHERE nickname=?;');
+ $stmt->execute([$U['nickname']]);
+ if($U['loginfails']>0){
+ print_start('failednotice');
+ echo (int) $U['loginfails']. " " . $I['failednotice']. "
";
+ $stmt=$db->prepare('UPDATE ' . PREFIX . 'members SET loginfails=? WHERE nickname=?;');
+ $stmt->execute([0, $U['nickname']]);
+ echo form_target('_blank', 'login').submit($I['dismiss']).'';
+ print_end();
+ }
+}
+
function approve_session(){
global $db;
if(isset($_POST['what'])){
@@ -2658,6 +2673,9 @@ function check_member(string $password) : bool {
$stmt->execute([time(), $U['nickname']]);
return true;
}else{
+ $U=$temp;
+ $stmt=$db->prepare('UPDATE ' . PREFIX . 'members SET loginfails=? WHERE nickname=?;');
+ $stmt->execute([$U['loginfails']+1, $U['nickname']]);
send_error("$I[regednick]
$I[wrongpass]");
}
}
@@ -2967,6 +2985,7 @@ function add_user_defaults(string $password){
}else{
$U['nocache_old']=1;
}
+ $U['loginfails']=0;
$U['tz']=get_setting('defaulttz');
$U['eninbox']=0;
$U['sortupdown']=get_setting('sortupdown');
@@ -3737,7 +3756,7 @@ function init_chat(){
$db->exec('CREATE INDEX ' . PREFIX . 'inbox_poster ON ' . PREFIX . 'inbox(poster);');
$db->exec('CREATE INDEX ' . PREFIX . 'inbox_recipient ON ' . PREFIX . 'inbox(recipient);');
$db->exec('CREATE TABLE ' . PREFIX . "linkfilter (id $primary, filtermatch varchar(255) NOT NULL, filterreplace varchar(255) NOT NULL, regex smallint NOT NULL)$diskengine$charset;");
- $db->exec('CREATE TABLE ' . PREFIX . "members (id $primary, nickname varchar(50) NOT NULL UNIQUE, passhash varchar(255) NOT NULL, status smallint NOT NULL, refresh smallint NOT NULL, bgcolour char(6) NOT NULL, regedby varchar(50) DEFAULT '', lastlogin integer DEFAULT 0, timestamps smallint NOT NULL, embed smallint NOT NULL, incognito smallint NOT NULL, style varchar(255) NOT NULL, nocache smallint NOT NULL, tz varchar(255) NOT NULL, eninbox smallint NOT NULL, sortupdown smallint NOT NULL, hidechatters smallint NOT NULL, nocache_old smallint NOT NULL)$diskengine$charset;");
+ $db->exec('CREATE TABLE ' . PREFIX . "members (id $primary, nickname varchar(50) NOT NULL UNIQUE, passhash varchar(255) NOT NULL, status smallint NOT NULL, refresh smallint NOT NULL, bgcolour char(6) NOT NULL, regedby varchar(50) DEFAULT '', lastlogin integer DEFAULT 0, loginfails integer unsigned NOT NULL DEFAULT 0, timestamps smallint NOT NULL, embed smallint NOT NULL, incognito smallint NOT NULL, style varchar(255) NOT NULL, nocache smallint NOT NULL, tz varchar(255) NOT NULL, eninbox smallint NOT NULL, sortupdown smallint NOT NULL, hidechatters smallint NOT NULL, nocache_old smallint NOT NULL)$diskengine$charset;");
$db->exec('ALTER TABLE ' . PREFIX . 'inbox ADD FOREIGN KEY (recipient) REFERENCES ' . PREFIX . 'members(nickname) ON DELETE CASCADE ON UPDATE CASCADE;');
$db->exec('CREATE TABLE ' . PREFIX . "messages (id $primary, postdate integer NOT NULL, poststatus smallint NOT NULL, poster varchar(50) NOT NULL, recipient varchar(50) NOT NULL, text text NOT NULL, delstatus smallint NOT NULL)$diskengine$charset;");
$db->exec('CREATE INDEX ' . PREFIX . 'poster ON ' . PREFIX . 'messages (poster);');
@@ -4082,7 +4101,7 @@ function update_db(){
$data=$result->fetchAll(PDO::FETCH_NUM);
$db->exec('DROP TABLE ' . PREFIX . 'members;');
$db->exec('CREATE TABLE ' . PREFIX . "members (id integer PRIMARY KEY AUTO_INCREMENT, nickname varchar(50) NOT NULL UNIQUE, passhash char(32) NOT NULL, status smallint NOT NULL, refresh smallint NOT NULL, bgcolour char(6) NOT NULL, regedby varchar(50) DEFAULT '', lastlogin integer DEFAULT 0, timestamps smallint NOT NULL, embed smallint NOT NULL, incognito smallint NOT NULL, style varchar(255) NOT NULL, nocache smallint NOT NULL, tz smallint NOT NULL, eninbox smallint NOT NULL, sortupdown smallint NOT NULL, hidechatters smallint NOT NULL) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_bin;");
- $stmt=$db->prepare('INSERT INTO ' . PREFIX . 'members (nickname, passhash, status, refresh, bgcolour, regedby, lastlogin, timestamps, embed, incognito, style, nocache, tz, eninbox, sortupdown, hidechatters) VALUES(?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?);');
+ $stmt=$db->prepare('INSERT INTO ' . PREFIX . 'members (nickname, passhash, status, refresh, bgcolour, regedby, lastlogin, loginfails, timestamps, embed, incognito, style, nocache, tz, eninbox, sortupdown, hidechatters) VALUES(?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?);');
foreach($data as $tmp){
$stmt->execute($tmp);
}
@@ -4194,6 +4213,9 @@ function update_db(){
if($dbversion<45){
$db->exec('INSERT INTO ' . PREFIX . "settings (setting,value) VALUES ('memkickalways', '0'), ('sysmessagetxt', 'ℹ️ '),('namedoers', '1');");
}
+ if($dbversion<46){
+ $db->exec('ALTER TABLE ' . PREFIX . 'members ADD COLUMN loginfails integer unsigned NOT NULL DEFAULT 0;');
+ }
update_setting('dbversion', DBVERSION);
if($msgencrypted!==MSGENCRYPTED){
if(!extension_loaded('sodium')){
@@ -4386,7 +4408,7 @@ function load_lang(){
function load_config(){
mb_internal_encoding('UTF-8');
define('VERSION', '1.24.1'); // Script version
- define('DBVERSION', 45); // Database layout version
+ define('DBVERSION', 46); // Database layout version
define('MSGENCRYPTED', false); // Store messages encrypted in the database to prevent other database users from reading them - true/false - visit the setup page after editing!
define('ENCRYPTKEY_PASS', 'MY_SECRET_KEY'); // Recommended length: 32. Encryption key for messages
define('AES_IV_PASS', '012345678912'); // Recommended length: 12. AES Encryption IV
diff --git a/lang_bg.php b/lang_bg.php
index 96bac6b..f5cc28f 100644
--- a/lang_bg.php
+++ b/lang_bg.php
@@ -342,6 +342,8 @@ $T=[
'optional' => '(опционално)',
'userloggedin' => 'Потребителят с това потребителско име е вече логнат.',
'regednick' => 'Този ник е на регистриран член.',
+ 'failednotice' => 'неуспешен опит за влизане',
+ 'dismiss' => 'призна',
'eninbox' => 'Позволи офлайн пощенска кутия',
'inboxmsgs' => 'Прочети %d съобщения в пощенската ти кутия',
'offline' => '(офлайн)',
diff --git a/lang_cs.php b/lang_cs.php
index 5dbf620..052f29b 100644
--- a/lang_cs.php
+++ b/lang_cs.php
@@ -342,6 +342,8 @@ $T=[
'optional' => '(volitelný)',
'userloggedin' => 'Uživatel s touto přezdívkou je již přihlášen.',
'regednick' => 'Tato přezdívka používá registrovaný člen.',
+ 'failednotice' => 'neúspěšné pokusy o přihlášení',
+ 'dismiss' => 'uznal',
'eninbox' => 'Povolit offline doručenou poštu ',
'inboxmsgs' => 'Přečtěte si %d zprávy ve vaší doručené poště',
'offline' => '(offline)',
diff --git a/lang_de.php b/lang_de.php
index d19ecab..afb5b4b 100644
--- a/lang_de.php
+++ b/lang_de.php
@@ -343,6 +343,8 @@ $T=[
'optional' => '(optional)',
'userloggedin' => 'Ein Nutzer mit diesem Nicknamen ist bereits angemeldet.',
'regednick' => 'Dieser Nickname ist ein registeriertes Mitglied.',
+ 'failednotice' => 'Fehlgeschlagener Anmeldeversuch(n)',
+ 'dismiss' => 'entlassen',
'eninbox' => 'Offline Posteingang aktivieren',
'inboxmsgs' => '%d Nachrichten im Posteingang lesen',
'offline' => '(offline)',
diff --git a/lang_en.php b/lang_en.php
index bb8b586..df2d60c 100644
--- a/lang_en.php
+++ b/lang_en.php
@@ -343,6 +343,8 @@ $I=[
'optional' => '(optional)',
'userloggedin' => 'A user with this nickname is already logged in.',
'regednick' => 'This nickname is a registered member.',
+ 'failednotice' => 'failed login attempt(s)',
+ 'dismiss' => 'dismiss',
'eninbox' => 'Enable offline inbox',
'inboxmsgs' => 'Read %d messages in your inbox',
'offline' => '(offline)',
diff --git a/lang_es.php b/lang_es.php
index f9cb84d..5181d46 100644
--- a/lang_es.php
+++ b/lang_es.php
@@ -342,6 +342,8 @@ $T=[
'optional' => '(opcional)',
'userloggedin' => 'Un usuario con ese nombre ya está registrado.',
'regednick' => 'Este nombre es un usuario registrado.',
+ 'failednotice' => 'intento(s) de inicio de sesión fallido(s)',
+ 'dismiss' => 'reconocido',
'eninbox' => 'Activar inbox offline',
'inboxmsgs' => 'Leer %d mensajes en tu bandeja',
'offline' => '(offline)',
diff --git a/lang_fr.php b/lang_fr.php
index 8eecd3e..2730864 100644
--- a/lang_fr.php
+++ b/lang_fr.php
@@ -312,5 +312,7 @@ $T=[
'nicknametaken' => 'Pseudo déjà pris',
'nopass' => 'Mot de passe invalide (au moins % caractères), ne pas changer le pseudo',
'namedoers' => 'Montrez qui expulse les gens ou nettoie tous les messages.',
+ 'failednotice' => 'tentative de connexion ratée(s)',
+ 'dismiss' => 'reconnu',
];
diff --git a/lang_id.php b/lang_id.php
index 0578d38..01aa8e6 100644
--- a/lang_id.php
+++ b/lang_id.php
@@ -311,6 +311,8 @@ $T=[
'newnickname' => 'Nama baru:',
'nicknametaken' => 'Nama sudah ada',
'nopass' => 'Kata sandi salah (Minimal %d karakter), tak merubah nama',
- 'namedoers' => 'Memperlihatkan siapa yang mengusir orang atau membersihkan semua pesan.'
+ 'namedoers' => 'Memperlihatkan siapa yang mengusir orang atau membersihkan semua pesan.',
+ 'failednotice' => 'upaya log masuk gagal',
+ 'dismiss' => 'mengakui',
];
diff --git a/lang_it.php b/lang_it.php
index 7784b4e..8b0551b 100644
--- a/lang_it.php
+++ b/lang_it.php
@@ -342,6 +342,8 @@ $T=[
'optional' => '(optional)',
'userloggedin' => 'Utilizzatore con questo nome è già in rete.',
'regednick' => 'Questo nome appartiene già ad un altro.',
+ 'failednotice' => 'tentativi di accesso non riusciti',
+ 'dismiss' => 'riconosciuto',
'eninbox' => 'Abilitare offline-posta',
'inboxmsgs' => 'Leggete %d messaggi in entrata',
'offline' => '(offline)',
diff --git a/lang_pt.php b/lang_pt.php
index 2f6db99..59ff019 100644
--- a/lang_pt.php
+++ b/lang_pt.php
@@ -343,6 +343,8 @@ $I=[
'optional' => '(opcional)',
'userloggedin' => 'Um usuário com este nickname já está logado.',
'regednick' => 'Este nickname é de um membro registrado.',
+ 'failednotice' => 'tentativas de login falhada(s)',
+ 'dismiss' => 'reconhecido',
'eninbox' => 'Ativar caixa de entrada offline',
'inboxmsgs' => 'Leia %d mensagens na sua caixa de entrada',
'offline' => '(offline)',
diff --git a/lang_ru.php b/lang_ru.php
index 798a64a..880aef5 100644
--- a/lang_ru.php
+++ b/lang_ru.php
@@ -342,6 +342,8 @@ $T=[
'optional' => '(опционально)',
'userloggedin' => 'Пользователь с текущим именем уже в сети.',
'regednick' => 'Это имя принадлежит зарегистрированному пользователю.',
+ 'failednotice' => 'неудачная попытка входа (ы)',
+ 'dismiss' => 'признал',
'eninbox' => 'Включить оффлайн-почту',
'inboxmsgs' => 'Прочитайте %d входящих сообщений',
'offline' => '(оффлайн)',
diff --git a/lang_tr.php b/lang_tr.php
index 2e3ab27..23d54df 100644
--- a/lang_tr.php
+++ b/lang_tr.php
@@ -343,6 +343,8 @@ $T=[
'optional' => '(isteğe bağlı)',
'userloggedin' => 'Bu kullanıcı ismine sahip birisi zaten giriş yapmış.',
'regednick' => 'Bu kullanıcı adı kayıtlı bir üyeye ait.',
+ 'failednotice' => 'başarısız oturum açma girişimleri',
+ 'dismiss' => 'anlaşıldı',
'eninbox' => 'Çevrimdışı gelen kutusunu etkinleştir',
'inboxmsgs' => 'Gelen kutunuzdaki %d mesajı okuyun',
'offline' => '(çevrimdışı)',
diff --git a/lang_uk.php b/lang_uk.php
index 8fe0800..dc2d169 100644
--- a/lang_uk.php
+++ b/lang_uk.php
@@ -342,6 +342,8 @@ $T=[
'optional' => '(опційно)',
'userloggedin' => 'Гость з таким имям вже в чаті.',
'regednick' => 'Це імя використовуе зарегістріруваний участник.',
+ 'failednotice' => 'невдалі спроби входу',
+ 'dismiss' => 'визнав',
'eninbox' => 'Включити офлайн-почту',
'inboxmsgs' => 'Прочитайте %d вхідящих повідомлень',
'offline' => '(офлайн)',
diff --git a/lang_zh-Hans.php b/lang_zh-Hans.php
index 2af0f9b..4db93eb 100644
--- a/lang_zh-Hans.php
+++ b/lang_zh-Hans.php
@@ -322,6 +322,8 @@ $T=[
'optional' => '(可选的)',
'userloggedin' => '具有此昵称的用户已登录.',
'regednick' => '这个昵称是注册会员.',
+ 'failednotice' => '登录尝试失败',
+ 'dismiss' => '承认',
'eninbox' => '启用离线收件箱',
'inboxmsgs' => '阅读收件箱中的%d条消息',
'offline' => '(离线)',