adding ratelimiting with reddis db

2026-05-06 09:27:02 +02:00
parent d82a08f77b
commit 5deb0e1056
16 changed files with 312 additions and 37 deletions
@@ -13,6 +13,7 @@ include "../../config/config.php";
 $conn = new mysqli($DB_SERVERNAME, $DB_USERNAME, $DB_PASSWORD, $DB_DATABASE);

 $username=$_SESSION["username"];
+check_rate_limit($conn, 'login_pw', 5, 15 * 60, $username);
 $sql="SELECT password,pepper FROM users WHERE username = ?";
 $stmt = mysqli_prepare($conn, $sql);
 mysqli_stmt_bind_param($stmt, 's', $username);
@@ -28,6 +29,7 @@ $password=$_POST["password"] ?? "";
 if($pw !== "" && password_verify($password.$pepper,$pw)){
 	$_SESSION["pw_authenticated"]=1;
 	session_regenerate_id(true);
+	clear_rate_limit($conn, 'login_pw', $username);
 	$data = [
 		'status' => 'success'
 	];