I've been trying to code an anti brute-force function, however without success. I can't seem to get the queries to execute correctly, and the page is returning the error "Database error 1054 - Unknown column '0' in 'field list'". Does anyone have an idea of how to make the queries execute correctly? Any help is greatly appreciated! I hope to post the code as a mod for 1.3.3 once everything works correctly. ^^

Here's the function:
function logAttempt($attempts, $ip, $delay_time) {
$mysidia = Registry::get("mysidia");
$ip = $_SERVER['REMOTE_ADDR'];
$attempts = $mysidia->db->select("login_attempts", array("num_attempts"), "ip = '{$ip}'");
$newattempts = $attempts->rowCount() + 1;
$now = time();
$stmt = $mysidia->db->insert("login_attempts", array("num_attempts", "ip", "delay_time"), "VALUES ('$newattempts', '$ip', '$now')");
if( $newattempts <= 4 ) {
$delay_time = 0;
}
elseif( $newattempts == 5 || $newattempts == 6 ) {
$delay_time = 5;
}
elseif( $newattempts == 7 ) {
$delay_time = 10;
}
elseif( $newattempts == 8 ) {
$delay_time = 30;
}
elseif( $newattempts == 9 ) {
$delay_time = 60;
}
elseif( $newattempts >= 10 ) {
$delay_time = 120;
} else { echo 'We\'re sorry, but there\'s been a serious error...'; } // A wild error appears!
return $delay_time; } // End logAttempt function.

Well I see two problems:

1. The database insert query is clearly incorrect, the syntax should be:

$mysidia->db->insert("login_attempts", array("num_attempts" => $newattempts, "ip" => $ip, "delay_time" => $now));
2. You should not attempt to output text with echo in Mysidia Adoptables, as the string will be displayed on the header, which does not make sense. Instead, use this:


$document = $mysidia->frame->getDocument();
$document->addLangvar('We\'re sorry, but there\'s been a serious error...');

Thanks HoF! The data's inserting into the database now, and the errors are gone. :D

Great, glad I can help. Lemme know if you encounter any further issues. ^^

I would change the error message from serious error to "too many invalid log ins, try again later"

Saying there has been a serious error will make the user think something is wrong with your site. Furthermore when they report this error the admin may have no idea how it was generated in the first place.