Enforced IP Banning - See #10
Enforced IP Banning - See #10

file:a/api.php -> file:b/api.php
--- a/api.php
+++ b/api.php
@@ -21,6 +21,11 @@
 require_once 'lib/Framework/main.php';
 
 
+ if (  BTMain::getSessVar('Banned') ){
+	echo "Excessive authentication attempts";
+    die;
+    }
+
 require_once 'lib/API.php';
 
 

file:a/index.php -> file:b/index.php
--- a/index.php
+++ b/index.php
@@ -28,6 +28,14 @@
 // Load the framework
 require_once 'lib/Framework/main.php';
 
+    if (  BTMain::getSessVar('Banned') ){
+	echo "Excessive authentication attempts";
+    die;
+    }
+
+
+
+
 // Force SSL if configured to do so
 if (BTMain::getConf()->forceSSL && !BTMain::getConnTypeSSL()){
 header("Location: " . BTMain::getConf()->SSLURL);
@@ -38,24 +46,4 @@
 include_once 'lib/Handler.php';
 
 
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
 ?>

--- a/lib/auth.class.php
+++ b/lib/auth.class.php
@@ -133,6 +133,12 @@
 $db = new AuthDB;
 
 
+
+ if ($db->checkForBan(BTMain::getip())){
+  BTMain::setSessVar('Banned',"1");
+  return false;
+  }
+
 // Trim trailing space from username & password (issue on mobiles with auto-predict)
 $password = rtrim($password," ");
 $username = rtrim($username," ");

--- a/lib/db/authdb.class.php
+++ b/lib/db/authdb.class.php
@@ -9,6 +9,23 @@
 defined('_CREDLOCK') or die;
 
 class AuthDB extends BTDB{
+
+
+/** Check whether the current IP has been banned
+*
+* @arg ip
+*
+* @return boolean - true if ip banned
+*/
+function $db->checkForBan($ip){
+$expire = date('Y-m-d H:i:s');
+$ip = $this->StringEscape($ip);
+$sql = "SELECT * FROM bannedIPs WHERE `IP`='$ip' AND `Expiry` > '$expire'";
+$this->setQuery($sql);
+return $this->loadResult();
+
+}
+
 
 /** If an IP has crossed the ban threshold, ban them
 *