Merge branch 'Denis/login_attempts_count' into 'master'

Подсчет количества неудачных попыток авторизации See merge request composer/PHP_Library!7
2022-10-28 14:59:04 +00:00 · 2022-10-28 14:59:04 +00:00 · c1aecd1ff9
commit c1aecd1ff9
parent df08cfaa60 2cee29d7a0
1 changed files with 26 additions and 4 deletions
--- a/src/Filter/Login.php
+++ b/src/Filter/Login.php
@ -12,6 +12,8 @@ class Filter_Login extends Filter_Filter
 {
    const SESSION_BROWSER_SIGN_SECRET = '@w3dsju45Msk#';
    const SESSION_BROWSER_SIGN_KEYNAME = 'session.app.browser.sign';
+    const AUTH_MAX_ATTEMPT = 10;
+    const AUTH_LAST_ATTEMPT_TIMER = 600;
    public $mode = 'ajax';
    public $user;

@ -49,11 +51,31 @@ class Filter_Login extends Filter_Filter
                        $request->set('lastupdate', true);
                        return false;
                    }*/
-                    
+                    // Проверка на количества попыток авторизации
+                    $lastAttempt = $db->fetchOneArray(
+                        "SELECT trie_count, trie_time FROM users WHERE login = :login", ['login' => $request->get('login')]);
+                    if ($lastAttempt['trie_count'] >= self::AUTH_MAX_ATTEMPT /*&& time() - $lastAttempt['trie_time'] < self::AUTH_LAST_ATTEMPT_TIMER*/) {
+                        if (time() - $lastAttempt['trie_time'] < self::AUTH_LAST_ATTEMPT_TIMER) {
+                            $request->set('timeout_error', true);
+                            break;
+                        } else {
+                            $db->executeQuery(
+                                "UPDATE users SET trie_count = :count WHERE login = :login",
+                                ['count' => 0, 'login' => $request->get('login')]
+                            );
+                        }
+                    }
                    // Извлечнеие пользователя из родительской CMS, для проверки пароля
                    if (md5($password) == $userPassword) { // password
                        $this->enter($db, $result);
                        return true;
+                    } else {
+                        // Обновление количества неудачных попыток входа
+                        $user = $db->fetchOneArray("SELECT id_user, trie_count FROM users WHERE login = :login", ['login' => $login]);
+                        $db->executeQuery(
+                            "UPDATE users SET trie_time = :cur_time, trie_count = :count WHERE id_user = :id_user",
+                            ['cur_time' => time(), 'count' => $user['trie_count']+=1, 'id_user' => $user['id_user']]
+                        );
                    }
                }
                $request->set('error', true);
@ -110,7 +132,7 @@ class Filter_Login extends Filter_Filter
    {
        $this->user = $result;
        $random = rand(0, 1024 * 1024);
-        $db->executeQuery("UPDATE users SET sid = '$random' WHERE id_user = " . $result->getInt('id_user'));
+        $db->executeQuery("UPDATE users SET sid = '$random', trie_count = 0 WHERE id_user = " . $result->getInt('id_user'));

        $_SESSION["group"]  = $result->getInt('access');
        $_SESSION["access"] = $result->getInt('id_user'); // id_user