diff --git a/core/lib/Thelia/Form/BruteforceForm.php b/core/lib/Thelia/Form/BruteforceForm.php new file mode 100644 index 000000000..3d2ca693d --- /dev/null +++ b/core/lib/Thelia/Form/BruteforceForm.php @@ -0,0 +1,37 @@ + + */ +abstract class BruteforceForm extends FirewallForm +{ + const DEFAULT_TIME_TO_WAIT = 10; // 10 minutes + + const DEFAULT_ATTEMPTS = 10; + + public function getConfigTime() + { + return ConfigQuery::read("form_firewall_bruteforce_time_to_wait", static::DEFAULT_TIME_TO_WAIT); + } + + public function getConfigAttempts() + { + return ConfigQuery::read("form_firewall_bruteforce_attempts", static::DEFAULT_ATTEMPTS); + } + +} \ No newline at end of file diff --git a/core/lib/Thelia/Form/FirewallForm.php b/core/lib/Thelia/Form/FirewallForm.php index 1c793f21e..837b394f1 100644 --- a/core/lib/Thelia/Form/FirewallForm.php +++ b/core/lib/Thelia/Form/FirewallForm.php @@ -25,8 +25,10 @@ abstract class FirewallForm extends BaseForm { /** * Those values are for a "normal" security policy + * + * Time is in minutes */ - const DEFAULT_TIME_TO_WAIT = 1; + const DEFAULT_TIME_TO_WAIT = 60; // 1 hour const DEFAULT_ATTEMPTS = 6; /** @var \Thelia\Model\FormFirewall */ @@ -54,7 +56,7 @@ abstract class FirewallForm extends BaseForm /** * Get the last request execution time in hour. */ - $lastRequest = (time() - $lastRequestTimestamp) / 3600; + $lastRequest = (time() - $lastRequestTimestamp) / 60; if ($lastRequest > $this->getConfigTime()) { $firewallRow->resetAttempts(); @@ -107,15 +109,21 @@ abstract class FirewallForm extends BaseForm public function getWaitingTime() { - $time = $this->getConfigTime(); - $name = "hour(s)"; + $translator = Translator::getInstance(); + $minutes = $this->getConfigTime(); + $minutesName = $translator->trans("minute(s)"); + $text = ""; - if ($time < 1) { - $time *= 60; - $name = "minute(s)"; + if ($minutes > 60) { + $hour = floor($minutes / 60); + $minutes %= 60; + $text = $hour . " " . $translator->trans("hour(s)") . " "; } - $time = round($time); - return $time . " " . Translator::getInstance()->trans($name); + if ($minutes !== 0) { + $text .= $minutes . " " . $minutesName; + } + + return $text; } } diff --git a/setup/insert.sql b/setup/insert.sql index 6959b7619..0d12bf43a 100644 --- a/setup/insert.sql +++ b/setup/insert.sql @@ -53,8 +53,8 @@ INSERT INTO `config` (`name`, `value`, `secured`, `hidden`, `created_at`, `updat ('sitemap_ttl','7200', 1, 1, NOW(), NOW()), ('feed_ttl','7200', 1, 1, NOW(), NOW()), -('form_firewall_bruteforce_time_to_wait', '0.166667', 0, 0, NOW(), NOW()), -('form_firewall_time_to_wait', '1', 0, 0, NOW(), NOW()), +('form_firewall_bruteforce_time_to_wait', '10', 0, 0, NOW(), NOW()), +('form_firewall_time_to_wait', '60', 0, 0, NOW(), NOW()), ('form_firewall_bruteforce_attempts', '10', 0, 0, NOW(), NOW()), ('form_firewall_attempts', '6', 0, 0, NOW(), NOW()), ('from_firewall_active', '1', 0, 0, NOW(), NOW()); diff --git a/setup/update/2.0.3.sql b/setup/update/2.0.3.sql index 6a525cc8f..d27545f91 100644 --- a/setup/update/2.0.3.sql +++ b/setup/update/2.0.3.sql @@ -285,8 +285,8 @@ CREATE TABLE `form_firewall` INSERT INTO `config`(`name`, `value`, `secured`, `hidden`, `created_at`, `updated_at`) VALUES -('form_firewall_bruteforce_time_to_wait', '0.166667', 0, 0, NOW(), NOW()), -('form_firewall_time_to_wait', '1', 0, 0, NOW(), NOW()), +('form_firewall_bruteforce_time_to_wait', '10', 0, 0, NOW(), NOW()), +('form_firewall_time_to_wait', '60', 0, 0, NOW(), NOW()), ('form_firewall_bruteforce_attempts', '10', 0, 0, NOW(), NOW()), ('form_firewall_attempts', '6', 0, 0, NOW(), NOW()), ('from_firewall_active', '1', 0, 0, NOW(), NOW())