diff --git a/app/Model/User.php b/app/Model/User.php index 78809cf6..e23b3ca1 100755 --- a/app/Model/User.php +++ b/app/Model/User.php @@ -85,30 +85,28 @@ public function login($user, $data, $confirmEmailIsNeeded = false, $checkUUID = App::uses('CakeTime', 'Utility'); $findRetryWithIP = $LoginRetryTable->find('first', ['conditions' => [ 'ip' => $ip, - 'modified >= ' => CakeTime::format('-5 minutes', '%Y-%m-%d %H:%M:%S') + 'modified >= ' => CakeTime::format('-10 minutes', '%Y-%m-%d %H:%M:%S') ], 'order' => 'created DESC']); - - if (!empty($findRetryWithIP) && $findRetryWithIP['LoginRetry']['count'] >= 10) - return 'LOGIN__BLOCKED'; - $username = $user['pseudo']; $date = date('Y-m-d H:i:s'); - if ($user['password'] != $UtilComponent->password($data['password'], $username, $user['password'], $user['password_hash'])) { - if (empty($findRetryWithIP) or $findRetryWithIP['LoginRetry']['count'] >= 10) { - $LoginRetryTable->create(); - $LoginRetryTable->set([ - 'ip' => $ip, - 'count' => 1 - ]); - $LoginRetryTable->save(); - return 'USER__ERROR_INVALID_CREDENTIALS'; - } else { - $LoginRetryTable->updateAll( - ['count' => 'count + 1', 'modified' => "'$date'"], - ['ip' => $ip] - ); - return 'USER__ERROR_INVALID_CREDENTIALS'; - } + if (empty($findRetryWithIP)) { + $LoginRetryTable->create(); + $LoginRetryTable->set([ + 'ip' => $ip, + 'count' => 1 + ]); + $LoginRetryTable->save(); + } else { + $LoginRetryTable->updateAll( + ['count' => 'count + 1', 'modified' => "'$date'"], + ['ip' => $ip] + ); } + if (!empty($findRetryWithIP) && $findRetryWithIP['LoginRetry']['count'] >= 5) + return 'LOGIN__BLOCKED'; + + $username = $user['pseudo']; + if ($user['password'] != $UtilComponent->password($data['password'], $username, $user['password'], $user['password_hash'])) + return 'USER__ERROR_INVALID_CREDENTIALS'; $LoginRetryTable->deleteAll(['ip' => $ip]); $conditions = [];