From efd0d2855668cb19f8bd44f8ac846ecffeff500d Mon Sep 17 00:00:00 2001
From: johnnyq <johnny@pittpc.com>
Date: Sat, 22 Jan 2022 17:05:15 -0500
Subject: [PATCH] Used MySQL count function to count number of failed login
 attempts

---
 login.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/login.php b/login.php
index 5025b8dc..9e3e540d 100644
--- a/login.php
+++ b/login.php
@@ -31,12 +31,12 @@ if(isset($_POST['login'])){
 
     // Check recent failed login attempts for this IP (more than 10 failed logins in 5 mins)
 
-    // TODO: We can probably just use a count for this, but couldn't make it not count *everything*
-    $ip_failed_logins_sql = mysqli_query($mysqli, "SELECT * FROM logs WHERE log_ip = '$ip' AND log_type = 'Login' AND log_action = 'Failed' AND log_created_at > (NOW() - INTERVAL 5 MINUTE)");
-    $failed_login_count = mysqli_num_rows($ip_failed_logins_sql);
+    $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT(log_id) AS failed_login_count FROM logs WHERE log_ip = '$ip' AND log_type = 'Login' AND log_action = 'Failed' AND log_created_at > (NOW() - INTERVAL 5 MINUTE)"));
+    
+    $failed_login_count = $row['failed_login_count'];
 
     // Login brute force check
-    if($failed_login_count >= 10){
+    if($failed_login_count >= 3){
 
         // Logging
         mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Login', log_action = 'Failed', log_description = 'Failed login attempt due to IP lockout', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW()");