libs/phplibrary
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Подсчет количества неудачных попыток авторизации

Browse source
This commit is contained in:
denis 2022-10-26 17:46:00 +03:00
parent df08cfaa60
commit 2cee29d7a0
1 changed files with 26 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

30
src/Filter/Login.php
View file

@ -12,6 +12,8 @@ class Filter_Login extends Filter_Filter
{
const SESSION_BROWSER_SIGN_SECRET = '@w3dsju45Msk#';
const SESSION_BROWSER_SIGN_KEYNAME = 'session.app.browser.sign';
const AUTH_MAX_ATTEMPT = 10;
const AUTH_LAST_ATTEMPT_TIMER = 600;
public $mode = 'ajax';
public $user;
@ -42,18 +44,38 @@ class Filter_Login extends Filter_Filter
$db = Database::getConnection($dsn);
$user = $db->fetchOneArray("SELECT * FROM users WHERE login = :login", ['login' => $login]);
$userPassword = $user['password'];
$userPassword = $user['password'];
} /*else if (time() - $result->getInt('lastupdate') > 60*60*24*60) {
// Проверить давность пароля, 60 дней
// Проверить давность пароля, 60 дней
$request->set('error', true);
$request->set('lastupdate', true);
return false;
}*/
// Проверка на количества попыток авторизации
$lastAttempt = $db->fetchOneArray(
"SELECT trie_count, trie_time FROM users WHERE login = :login", ['login' => $request->get('login')]);
if ($lastAttempt['trie_count'] >= self::AUTH_MAX_ATTEMPT /*&& time() - $lastAttempt['trie_time'] < self::AUTH_LAST_ATTEMPT_TIMER*/) {
if (time() - $lastAttempt['trie_time'] < self::AUTH_LAST_ATTEMPT_TIMER) {
$request->set('timeout_error', true);
break;
} else {
$db->executeQuery(
"UPDATE users SET trie_count = :count WHERE login = :login",
['count' => 0, 'login' => $request->get('login')]
);
}
}
// Извлечнеие пользователя из родительской CMS, для проверки пароля
if (md5($password) == $userPassword) { // password
$this->enter($db, $result);
return true;
} else {
// Обновление количества неудачных попыток входа
$user = $db->fetchOneArray("SELECT id_user, trie_count FROM users WHERE login = :login", ['login' => $login]);
$db->executeQuery(
"UPDATE users SET trie_time = :cur_time, trie_count = :count WHERE id_user = :id_user",
['cur_time' => time(), 'count' => $user['trie_count']+=1, 'id_user' => $user['id_user']]
);
}
}
$request->set('error', true);
@ -110,7 +132,7 @@ class Filter_Login extends Filter_Filter
{
$this->user = $result;
$random = rand(0, 1024 * 1024);
$db->executeQuery("UPDATE users SET sid = '$random' WHERE id_user = " . $result->getInt('id_user'));
$db->executeQuery("UPDATE users SET sid = '$random', trie_count = 0 WHERE id_user = " . $result->getInt('id_user'));
$_SESSION["group"] = $result->getInt('access');
$_SESSION["access"] = $result->getInt('id_user'); // id_user