600) { $loginLog['common'] = ["count" => 0, "time" => \time()]; } if (empty($loginLog['usr'][$hash_user]) || \time() - $loginLog['usr'][$hash_user]['time'] > 600) { $loginLog['usr'][$hash_user] = ["count" => 0, "time" => \time()]; } if (empty($loginLog['ip'][$hash_ip]) || \time() - $loginLog['ip'][$hash_ip]['time'] > 600) { $loginLog['ip'][$hash_ip] = ["count" => 0, "time" => \time()]; } // Increase counters and update timers $loginLog['common']['count']++; $loginLog['common']['time'] = \time(); $loginLog['usr'][$hash_user]['count']++; $loginLog['usr'][$hash_user]['time'] = \time(); $loginLog['ip'][$hash_ip]['count']++; $loginLog['ip'][$hash_ip]['time'] = \time(); // Update the log file \file_put_contents($logfile_common, \json_encode($loginLog)); // Translate counters into delay multipliers $delay_multiplier_common = $loginLog['common']['count']; $delay_multiplier_per_user = $loginLog['usr'][$hash_user]['count']; $delay_multiplier_per_ip = $loginLog['usr'][$hash_ip]['count']; // Calculate delay $delay_micoseconds = \intval(self::BRUTE_FORCE_DELAY_DEFAULT * (self::BRUTE_FORCE_DELAY_MULTIPLIER_COMMON ** $delay_multiplier_common) * (self::BRUTE_FORCE_DELAY_MULTIPLIER_PER_USER ** $delay_multiplier_per_user) * (self::BRUTE_FORCE_DELAY_MULTIPLIER_PER_IP ** $delay_multiplier_per_ip)); $max_execution_microseconds = \abs((int)\ini_get("max_execution_time")) * 1000000; // Sleep \usleep(min($delay_micoseconds, \abs($max_execution_microseconds - 1000000))); if ($delay_micoseconds > \abs($max_execution_microseconds - 1000000)) { return false; } return true; } }