From fd249c6aee8c406a7000f72a66925f833c417eae Mon Sep 17 00:00:00 2001 From: Daniel Winzen Date: Fri, 9 Apr 2021 18:54:17 +0200 Subject: [PATCH] Fix login fail tracking --- chat.php | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/chat.php b/chat.php index 3da86e3..c358cfe 100644 --- a/chat.php +++ b/chat.php @@ -770,7 +770,7 @@ function restore_backup(array $C){ if(isset($_POST['members']) && isset($code['members'])){ $db->exec('DELETE FROM ' . PREFIX . 'inbox;'); $db->exec('DELETE FROM ' . PREFIX . 'members;'); - $stmt=$db->prepare('INSERT INTO ' . PREFIX . 'members (nickname, passhash, status, refresh, bgcolour, regedby, lastlogin, loginfails, timestamps, embed, incognito, style, nocache, tz, eninbox, sortupdown, hidechatters, nocache_old) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?);'); + $stmt=$db->prepare('INSERT INTO ' . PREFIX . 'members (nickname, passhash, status, refresh, bgcolour, regedby, lastlogin, loginfails, timestamps, embed, incognito, style, nocache, tz, eninbox, sortupdown, hidechatters, nocache_old) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?);'); foreach($code['members'] as $member){ $new_settings=['nocache', 'tz', 'eninbox', 'sortupdown', 'hidechatters', 'nocache_old']; foreach($new_settings as $setting){ @@ -2440,14 +2440,12 @@ function write_new_session(string $password){ function show_fails() { global $db, $I, $U; - $stmt=$db->prepare('SELECT * FROM ' . PREFIX . 'members WHERE nickname=?;'); - $stmt->execute([$U['nickname']]); if($U['loginfails']>0){ print_start('failednotice'); - echo (int) $U['loginfails']. " " . $I['failednotice']. "
"; + echo $U['loginfails']. " " . $I['failednotice']. "
"; $stmt=$db->prepare('UPDATE ' . PREFIX . 'members SET loginfails=? WHERE nickname=?;'); $stmt->execute([0, $U['nickname']]); - echo form_target('_blank', 'login').submit($I['dismiss']).''; + echo form_target('_self', 'login').submit($I['dismiss']).''; print_end(); } } @@ -2673,9 +2671,8 @@ function check_member(string $password) : bool { $stmt->execute([time(), $U['nickname']]); return true; }else{ - $U=$temp; $stmt=$db->prepare('UPDATE ' . PREFIX . 'members SET loginfails=? WHERE nickname=?;'); - $stmt->execute([$U['loginfails']+1, $U['nickname']]); + $stmt->execute([$U['loginfails']+1, $temp['nickname']]); send_error("$I[regednick]
$I[wrongpass]"); } } @@ -4101,7 +4098,7 @@ function update_db(){ $data=$result->fetchAll(PDO::FETCH_NUM); $db->exec('DROP TABLE ' . PREFIX . 'members;'); $db->exec('CREATE TABLE ' . PREFIX . "members (id integer PRIMARY KEY AUTO_INCREMENT, nickname varchar(50) NOT NULL UNIQUE, passhash char(32) NOT NULL, status smallint NOT NULL, refresh smallint NOT NULL, bgcolour char(6) NOT NULL, regedby varchar(50) DEFAULT '', lastlogin integer DEFAULT 0, timestamps smallint NOT NULL, embed smallint NOT NULL, incognito smallint NOT NULL, style varchar(255) NOT NULL, nocache smallint NOT NULL, tz smallint NOT NULL, eninbox smallint NOT NULL, sortupdown smallint NOT NULL, hidechatters smallint NOT NULL) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_bin;"); - $stmt=$db->prepare('INSERT INTO ' . PREFIX . 'members (nickname, passhash, status, refresh, bgcolour, regedby, lastlogin, loginfails, timestamps, embed, incognito, style, nocache, tz, eninbox, sortupdown, hidechatters) VALUES(?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?);'); + $stmt=$db->prepare('INSERT INTO ' . PREFIX . 'members (nickname, passhash, status, refresh, bgcolour, regedby, lastlogin, timestamps, embed, incognito, style, nocache, tz, eninbox, sortupdown, hidechatters) VALUES(?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?);'); foreach($data as $tmp){ $stmt->execute($tmp); }