Add security delay on log in failed

bacularis · May 7, 2022 · 9e66b5c · 9e66b5c
1 parent 85063a1
commit 9e66b5c
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 0 deletions.
diff --git a/Web/Modules/BaculumWebPage.php b/Web/Modules/BaculumWebPage.php
@@ -52,13 +52,21 @@ class BaculumWebPage extends BaculumPage {
 	 */
 	const DEFAULT_AUTH_USER = 'admin';
 
+	/*
+	 * It is security delay that tells how many seconds user needs to wait
+	 * after log in failed error to be able to do next log in try.
+	 * The value is in seconds.
+	 */
+	const LOGIN_FAILED_DELAY = 5;
+
 	protected $web_config = array();
 
 	public function onPreInit($param) {
 		parent::onPreInit($param);
 		$this->web_config = $this->getModule('web_config')->getConfig();
 
 		if ($this->authenticate() === false) {
+			sleep(self::LOGIN_FAILED_DELAY);
 			exit();
 		}
 

diff --git a/Web/Pages/LoginPage.php b/Web/Pages/LoginPage.php
@@ -106,6 +106,7 @@ public function login($sender, $param) {
 		if ($success === true) {
 			$this->goToDefaultPage();
 		} else {
+			sleep(BaculumWebPage::LOGIN_FAILED_DELAY);
 			$this->Msg->Display = 'Fixed';
 		}
 	}