Lock User after 3 failed attempts

2026-03-22 10:24:14 +00:00 · 2025-01-13 09:13:15 +00:00
parent f342c80e52
commit f600341649
2 changed files with 12 additions and 0 deletions
--- a/application/controllers/User.php
+++ b/application/controllers/User.php
@@ -1023,6 +1023,9 @@ class User extends CI_Controller {
 			} else if ($login_attempt === 2) {
 				$this->session->set_flashdata('warning', __("You can't login to a clubstation directly. Use your personal account instead."));
 				redirect('user/login');
+			} else if ($login_attempt === 3) {
+				$this->session->set_flashdata('warning', __("Your account is locked, due to too many failed login-attempts. Please reset your Password."));
+				redirect('user/login');
 			} else {
 				if(ENVIRONMENT == 'maintenance') {
 					$this->session->set_flashdata('notice', __("Sorry. This instance is currently in maintenance mode. If this message appears unexpectedly or keeps showing up, please contact an administrator. Only administrators are currently allowed to log in."));
--- a/application/models/User_model.php
+++ b/application/models/User_model.php
@@ -609,7 +609,14 @@ class User_Model extends CI_Model {
 				return 2;
 			}

+			if ($u->row()->login_attempts >= 3) {
+				$uid = $u->row()->user_id;
+				log_message('debug', "User ID: [$uid] Login rejected because of too many failed login attempts.");
+				return 3;
+			}
+
 			if($this->_auth($password, $u->row()->user_password)) {
+				$this->db->query("UPDATE users SET login_attempts = 0 WHERE user_id = ?", [$u->row()->user_id]);	// Reset failurecount
 				if (ENVIRONMENT != "maintenance") {
 					return 1;
 				} else {
@@ -619,6 +626,8 @@ class User_Model extends CI_Model {
 						return 1;
 					}
 				}
+			} else { // Update failurecount
+				$this->db->query("UPDATE users SET login_attempts = login_attempts+1 WHERE user_id = ?", [$u->row()->user_id]);
 			}
 		}
 		return 0;