improv. fix login retry (#265)

MineWeb · Jan 4, 2021 · ad9ab37 · ad9ab37
1 parent 252a69b
commit ad9ab37
Showing 1 changed file with 19 additions and 21 deletions.
diff --git a/app/Model/User.php b/app/Model/User.php
@@ -85,30 +85,28 @@ public function login($user, $data, $confirmEmailIsNeeded = false, $checkUUID =
         App::uses('CakeTime', 'Utility');
         $findRetryWithIP = $LoginRetryTable->find('first', ['conditions' => [
             'ip' => $ip,
-            'modified >= ' => CakeTime::format('-5 minutes', '%Y-%m-%d %H:%M:%S')
+            'modified >= ' => CakeTime::format('-10 minutes', '%Y-%m-%d %H:%M:%S')
         ], 'order' => 'created DESC']);
-
-        if (!empty($findRetryWithIP) && $findRetryWithIP['LoginRetry']['count'] >= 10)
-            return 'LOGIN__BLOCKED';
-        $username = $user['pseudo'];
         $date = date('Y-m-d H:i:s');
-        if ($user['password'] != $UtilComponent->password($data['password'], $username, $user['password'], $user['password_hash'])) {
-            if (empty($findRetryWithIP) or $findRetryWithIP['LoginRetry']['count'] >= 10) {
-                $LoginRetryTable->create();
-                $LoginRetryTable->set([
-                    'ip' => $ip,
-                    'count' => 1
-                ]);
-                $LoginRetryTable->save();
-                return 'USER__ERROR_INVALID_CREDENTIALS';
-            } else {
-                $LoginRetryTable->updateAll(
-                    ['count' => 'count + 1', 'modified' => "'$date'"],
-                    ['ip' => $ip]
-                );
-                return 'USER__ERROR_INVALID_CREDENTIALS';
-            }
+        if (empty($findRetryWithIP)) {
+            $LoginRetryTable->create();
+            $LoginRetryTable->set([
+                'ip' => $ip,
+                'count' => 1
+            ]);
+            $LoginRetryTable->save();
+        } else {
+            $LoginRetryTable->updateAll(
+                ['count' => 'count + 1', 'modified' => "'$date'"],
+                ['ip' => $ip]
+            );
         }
+        if (!empty($findRetryWithIP) && $findRetryWithIP['LoginRetry']['count'] >= 5)
+            return 'LOGIN__BLOCKED';
+
+        $username = $user['pseudo'];
+        if ($user['password'] != $UtilComponent->password($data['password'], $username, $user['password'], $user['password_hash']))
+            return 'USER__ERROR_INVALID_CREDENTIALS';
         $LoginRetryTable->deleteAll(['ip' => $ip]);
         $conditions = [];