adding ratelimiting with reddis db

2026-05-06 09:27:02 +02:00
parent d82a08f77b
commit 5deb0e1056
16 changed files with 312 additions and 37 deletions
@@ -14,6 +14,7 @@ include "../utils/generate_pin.php";
 $conn = new mysqli($DB_SERVERNAME, $DB_USERNAME, $DB_PASSWORD, $DB_DATABASE);

 $username=$_SESSION["username"];
+check_rate_limit($conn, 'login_mfa', 5, 10 * 60, $username);
 $sql="SELECT 2fa FROM users WHERE username = ?";
 $stmt = mysqli_prepare($conn, $sql);
 mysqli_stmt_bind_param($stmt, 's', $username);
@@ -28,6 +29,7 @@ $twofa_pin=$_POST["twofa_pin"] ?? "";
 if($twofa_secret !== "" && hash_equals(generateTOTP($twofa_secret), $twofa_pin)){
 	$_SESSION["mfa_authenticated"]=1;
 	session_regenerate_id(true);
+	clear_rate_limit($conn, 'login_mfa', $username);
 	$data = [
 		'status' => 'success'
 	];