Changed format of logAttempts, and rised time buffer to 2 seconds

jbogdani · Sep 17, 2021 · 5acc9d4 · 5acc9d4
1 parent 8fc720a
commit 5acc9d4
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 15 deletions.
diff --git a/lib/utils.php b/lib/utils.php
@@ -559,33 +559,34 @@ public static function update_htaccess()
      * if any record is found for present IP address. Returns true is attempt is valid
      * (no log available, or max time is greater than $time) or false if atempts is not valid
      * @param  string|false  $logfile full path to log file, if false default (admin) log file wil be used
-     * @param  integer $time Minimum time in millisecond between two attemps; default 1000 (1sec)
+     * @param  integer $time Minimum time in seconds between two attemps; default 1000 (1sec)
      * @return boolean       true if is a valid attempt, false if attemmpt is not allowed
      */
-    public static function checkAttemptTime($logfile = false, $time = 1000)
+    public static function checkAttemptTime($logfile = false, $time = 2)
     {
+        $separator= '::::';
         if (!$logfile) {
             $logfile = MAIN_DIR . 'logs/logAttempts.log';
         }
 
         $ip = $_SERVER['REMOTE_ADDR'];
 
-        $now = microtime(true);
+        $now = round(microtime(true));
 
         if (file_exists($logfile)) {
-            $lastAttempt = file($logfile);
-            $lastIP = trim(str_replace(array("\n", "\r\n"), '', $lastAttempt[0]));
-            $lastTime = floatval(
-                trim(
-                    str_replace(["\n", "\r\n"], '', $lastAttempt[1])
-                )
-            );
-
-            if ($lastIP === $ip) {
-                return ($now >= ($lastTime + $time));
+            list ($lastIP, $lastTime) = explode($separator, file_get_contents($logfile));
+            // Old format vs. new format
+            if ($lastIP && $lastTime){
+                $lastTime = (int) trim($lastTime);
+                $lastIP = trim($lastIP);
+
+                if ($lastIP === $ip) {
+                    return ($now >= ($lastTime + $time));
+                }
             }
+
         }
-        return utils::write_in_file($logfile, $ip . "\n" . $now);
+        return utils::write_in_file($logfile, $ip . $separator . $now);
     }
 
     /**

diff --git a/modules/protectedtags/protectedtags.php b/modules/protectedtags/protectedtags.php
@@ -217,7 +217,7 @@ public function login()
       }
 
       // Prevent serial attempts
-      if (!utils::checkAttemptTime(MAIN_DIR . 'logs/protectedTagsAttempts.log', 2000)) {
+      if (!utils::checkAttemptTime(MAIN_DIR . 'logs/protectedTagsAttempts.log')) {
         throw new Exception('too_much_attempts');
       }
 

diff --git a/version b/version
@@ -1,3 +1,4 @@
+5.7.0[] = "Changed format of logAttempts, and rised time buffer to 2 seconds"
 5.6.2[] = "Optimized calculation of path of assets"
 5.6.1[] = "Updated Twig to v. 3.3.2"
 5.5.13[] = "Fixed bug with link to controller in protected tags public forms"