Home Explore Help
Register Sign In
biotorrents
/
Gazelle
forked from Oppaitime/Gazelle
Watch 2
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 2 Wiki Activity
BioTorrents.de’s version of Gazelle
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1141 Commits
2 Branches
Tree: 572dce17e9
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '572dce17e9'
${ noResults }
Gazelle/classes/loginwatch.class.php

loginwatch.class.php 6.6KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267 
  1. <?php

  2. declare(strict_types = 1);

  3. 

  4. /**

  5.  * Adapted from

  6.  * https://github.com/OPSnet/Gazelle/blob/master/app/LoginWatch.php

  7.  *

  8.  * Unknown status as of 2020-12-12

  9.  */

  10. 

  11. class LoginWatch

  12. {

  13.     protected $watchId;

  14. 

  15.     /**

  16.      * Set the context of a watched IP address (to save passing it in to each method call).

  17.      * On a virgin login with no previous errors there may not even be a watch yet

  18.      * @param int ID of the watch

  19.      */

  20.     public function setWatch($watchId)

  21.     {

  22.         if (!is_null($watchId)) {

  23.             $this->watchId = $watchId;

  24.         }

  25.         return $this;

  26.     }

  27. 

  28.     /**

  29.      * Find a login watch by IP address

  30.      * @param string IPv4 address

  31.      * @return array [watchId, nrAttemtps, nrBans, bannedUntil]

  32.      */

  33.     public function findByIp(string $ipaddr): ?array

  34.     {

  35.         # Default: remote host

  36.         if (empty($ipaddr)) {

  37.             $ipaddr = $_SERVER['REMOTE_ADDR'];

  38.         }

  39. 

  40.         return G::$DB->row("

  41.         SELECT

  42.           `ID`,

  43.           `Attempts`,

  44.           `Bans`,

  45.           `BannedUntil`

  46.         FROM

  47.           `login_attempts`

  48.         WHERE

  49.           `IP` = '$ipaddr'

  50.         ");

  51.     }

  52. 

  53.     /**

  54.      * Create a new login watch on an userid/username/ipaddress

  55.      * @param string IPv4 address

  56.      * @param string|null $capture The username captured on the form

  57.      * @param int $userId

  58.      * @return int ID of watch

  59.      */

  60.     public function create(string $ipaddr, ?string $capture, int $userId = 0)

  61.     {

  62.         G::$DB->prepare_query("

  63.         INSERT INTO `login_attempts`(`IP`, `Capture`, `UserID`)

  64.         VALUES('$ipaddr', '$capture', '$userId')

  65.         ");

  66. 

  67.         G::$DB->exec_prepared_query();

  68.         return ($this->watchId = G::$DB->inserted_id());

  69.     }

  70. 

  71. 

  72.     /**

  73.      * Ban subsequent attempts to login from this watched IP address for 6 hours

  74.      * @param int $attempts How many attempts so far?

  75.      * @param string the username captured on the form (which may not even be a valid user)

  76.      * @param int $userId user ID of a valid user (or 0 if invalid username)

  77.      * @return int 1 if the watch was banned

  78.      */

  79.     public function ban(int $attempts, ?string $capture, int $userId = 0): int

  80.     {

  81.         G::$DB->prepare_query("

  82.         UPDATE

  83.           `login_attempts`

  84.         SET

  85.           `Bans` = `Bans` + 1,

  86.           `LastAttempt` = NOW(),

  87.           `BannedUntil` = NOW() + INTERVAL 6 HOUR,

  88.           `Attempts` = '$attempts',

  89.           `Capture` = '$capture',

  90.           `UserID` = '$userId'

  91.         WHERE

  92.           `ID` = '$this->watchId'

  93.         ");

  94. 

  95.         G::$DB->exec_prepared_query();

  96.         return G::$DB->affected_rows();

  97.     }

  98. 

  99.     /**

  100.      * When does the login ban expire?

  101.      * @return string datestamp of expiry

  102.      */

  103.     public function bannedUntil(): ?string

  104.     {

  105.         return G::$DB->scalar("

  106.         SELECT

  107.           `BannedUntil`

  108.         FROM

  109.           `login_attempts`

  110.         WHERE

  111.           `ID` = '$this->watchId'

  112.         ");

  113.     }

  114. 

  115.     /**

  116.      * If the login ban was in the past then they get 6 more shots

  117.      * @return int 1 if a prior ban was cleared

  118.      */

  119.     public function clearPriorBan(): int

  120.     {

  121.         G::$DB->prepare_query("

  122.         UPDATE

  123.           `login_attempts`

  124.         SET

  125.           `BannedUntil` = NULL,

  126.           `Attempts` = 0

  127.         WHERE

  128.           `BannedUntil` < NOW()

  129.           AND `ID` = '$this->watchId'

  130.         ");

  131. 

  132.         G::$DB->exec_prepared_query();

  133.         return G::$DB->affected_rows();

  134.     }

  135. 

  136.     /**

  137.      * If the login was successful, clear prior attempts

  138.      * @return int 1 if an update was made

  139.      */

  140.     public function clearAttempts(): int

  141.     {

  142.         G::$DB->prepare_query("

  143.         UPDATE

  144.           `login_attempts`

  145.         SET

  146.           `Attempts` = 0

  147.         WHERE

  148.           `ID` = '$this->watchId'

  149.         ");

  150. 

  151.         G::$DB->exec_prepared_query();

  152.         return $this->db->affected_rows();

  153.     }

  154. 

  155.     /**

  156.      * How many attempts have been made on this watch?

  157.      * @return int Number of attempts

  158.      */

  159.     public function nrAttempts(): int

  160.     {

  161.         return (int) G::$DB->scalar("

  162.         SELECT

  163.           `Attempts`

  164.         FROM

  165.           `login_attempts`

  166.         WHERE

  167.           `ID` = '$this->watchId'

  168.         ") ?? 0;

  169.     }

  170. 

  171.     /**

  172.      * Get the list of login failures

  173.      * @return array list [ID, ipaddr, userid, LastAttempt (datetime), Attempts, BannedUntil (datetime), Bans]

  174.      */

  175.     public function activeList(string $orderBy, string $orderWay): array

  176.     {

  177.         G::$DB->prepare_query("

  178.         SELECT

  179.           w.`ID` AS id,

  180.           w.`IP` AS ipaddr,

  181.           w.`UserID` AS user_id,

  182.           w.`LastAttempt` AS last_attempt,

  183.           w.`Attempts` AS attempts,

  184.           w.`BannedUntil` AS banned_until,

  185.           w.`Bans` AS bans,

  186.           w.`Capture`,

  187.           um.`Username` AS username,

  188.           (ip.`FromIP` IS NOT NULL) AS banned

  189.         FROM

  190.           `login_attempts` w

  191.         LEFT JOIN `users_main` um ON

  192.           (um.`ID` = w.`UserID`)

  193.         LEFT JOIN `ip_bans` ip ON

  194.           (ip.`FromIP` = INET_ATON(w.`IP`))

  195.         WHERE

  196.           (

  197.             w.`BannedUntil` > NOW()

  198.             OR w.`LastAttempt` > NOW() - INTERVAL 6 HOUR

  199.           )

  200.         ORDER BY

  201.           '$orderBy' '$orderWay'

  202.         ");

  203. 

  204.         G::$DB->exec_prepared_query();

  205.         return G::$DB->to_array('id', MYSQLI_ASSOC, false);

  206.     }

  207. 

  208.     /**

  209.      * Ban the IP addresses pointed to by the IDs that are on login watch.

  210.      * @param array list of IDs to ban.

  211.      * @return number of addresses banned

  212.      */

  213.     public function setBan(int $userId, string $reason, array $list): int

  214.     {

  215.         if (!$list) {

  216.             return 0;

  217.         }

  218. 

  219.         $reason = trim($reason);

  220.         $n = 0;

  221. 

  222.         foreach ($list as $id) {

  223.             $ipv4 = G::$DB->scalar("

  224.             SELECT

  225.               INET_ATON(`IP`)

  226.             FROM

  227.               `login_attempts`

  228.             WHERE

  229.               `ID` = '$id'

  230.             ");

  231. 

  232.             G::$DB->prepared_query("

  233.             INSERT IGNORE

  234.             INTO `ip_bans`(`UserID`, `Reason`, `FromIP`, `ToIP`)

  235.             VALUES('$userId', '$reason', '$ipv4', '$ipv4')

  236.             ");

  237. 

  238.             G::$DB->exec_prepared_query();

  239.             $n += $this->db->affected_rows();

  240.         }

  241. 

  242.         return $n;

  243.     }

  244. 

  245.     /**

  246.      * Clear the list of IDs that are on login watch.

  247.      * @param array list of IDs to clear.

  248.      * @return number of rows removed

  249.      */

  250.     public function setClear(array $list): int

  251.     {

  252.         if (!$list) {

  253.             return 0;

  254.         }

  255. 

  256.         G::$DB->prepare_query("

  257.         DELETE

  258.         FROM

  259.           `login_attempts`

  260.         WHERE

  261.           `ID` IN(".placeholders($list).")

  262.         ", ...$list);

  263. 

  264.         G::$DB->exec_prepared_query();

  265.         return G::$DB->affected_rows();

  266.     }

  267. }