/**
* Checks if we need to use a captcha and deactivates the original captcha.
*/
protected function readParameters($eventObj, $className)
{
// deactivate original captcha
WCF::getSession()->register('captchaDone', true);
if ($eventObj instanceof UserLoginForm) {
if (LOGIN_USE_CAPTCHA) {
$this->useCaptcha = true;
}
// workaround for for WBBs FaileLoginListener
if (defined('FAILED_LOGIN_IP_CAPTCHA') && FAILED_LOGIN_IP_CAPTCHA > 0) {
require_once WCF_DIR . 'lib/data/user/login/FailedLogin.class.php';
$failedLogins = FailedLogin::countFailedLogins();
if ($failedLogins >= FAILED_LOGIN_IP_CAPTCHA) {
$this->useCaptcha = true;
$this->forcedCaptcha = true;
if (isset($_POST['captchaID'])) {
// THIS is really dirty, but it is impossible to make a better workaround for this
require_once WCF_DIR . 'lib/data/image/captcha/Captcha.class.php';
$captcha = new Captcha(intval($_POST['captchaID']));
$_POST['captchaString'] = $captcha->captchaString;
}
}
}
} elseif ($eventObj instanceof RegisterForm && REGISTER_USE_CAPTCHA) {
$this->useCaptcha = true;
} else {
if (!$eventObj instanceof UserLoginForm && !$eventObj instanceof RegisterForm) {
$this->useCaptcha = $eventObj->useCaptcha;
}
}
if (WCF::getUser()->userID || WCF::getSession()->getVar('reCaptchaDone') && !$this->forcedCaptcha) {
$this->useCaptcha = false;
}
}
if ($session->is_logged_in()) {
redirect_to("index.php");
}
$username = "";
$password = "";
// Remember to give your form's submit tag a name="submit" attribute!
if (request_is_post() && request_is_same_domain()) {
if (!csrf_token_is_valid() || !csrf_token_is_recent()) {
$message = "Sorry, request was not valid.";
} else {
// CSRF tests passed--form was created by us recently.
$username = trim($_POST['username']);
$password = trim($_POST['password']);
$valid = new FormValidation();
$valid->validate_presences('username', 'password');
$failed_login = new FailedLogin();
if (empty($valid->errors)) {
$throttle_delay = $failed_login->throttle_failed_logins($username);
if ($throttle_delay > 0) {
$message = "Too many attempted login. ";
$message .= "You must wait {$throttle_delay} minutes before you can attempt another login or ask to reset your password.";
} else {
// Check database to see if username/password exist.
$found_user = User::authenticate($username, $password);
if ($found_user) {
$failed_login->clear_failed_logins($username);
$session->login($found_user);
log_action('Login', "{$found_user->username} logged in.");
if (User::is_visitor()) {
redirect_to('/Inspinia/index.php');
}
<?php
require_once dirname(__FILE__) . "/../private/lib/utilities.php";
class FailedLogin extends Page
{
public function show()
{
$this->begin();
?>
It seems like your login is bad. Please <a href="<?php
echo $GLOBALS['protocol'];
?>
://<?php
echo $GLOBALS['root'];
?>
/<?php
echo $_GET['dir'];
?>
/index.php">try again</a>.
<?php
}
}
$failed = new FailedLogin();
$failed->header(array('root_dir' => '../', 'insert_styles' => true, 'insert_scripts' => true, 'title' => 'Yellow Elevator - Bad Login!'));
$failed->show();
$failed->footer();
/**
* @see EventListener::execute()
*/
public function execute($eventObj, $className, $eventName)
{
if (FAILED_LOGIN_IP_CAPTCHA > 0 || FAILED_LOGIN_IP_BAN > 0) {
if ($eventName == 'readParameters') {
// get number of failed logins
require_once WCF_DIR . 'lib/data/user/login/FailedLogin.class.php';
$failedLogins = FailedLogin::countFailedLogins();
if (FAILED_LOGIN_IP_BAN > 0 && $failedLogins >= FAILED_LOGIN_IP_BAN) {
throw new PermissionDeniedException();
} else {
if (FAILED_LOGIN_IP_CAPTCHA > 0 && $failedLogins >= FAILED_LOGIN_IP_CAPTCHA) {
if (!$eventObj instanceof UserLoginForm || !LOGIN_USE_CAPTCHA || WCF::getSession()->getVar('captchaDone')) {
$this->useCaptcha = true;
}
}
}
} else {
if ($eventName == 'readFormParameters') {
if ($this->useCaptcha) {
if (isset($_POST['captchaID'])) {
$this->captchaID = intval($_POST['captchaID']);
}
if (isset($_POST['captchaString'])) {
$this->captchaString = StringUtil::trim($_POST['captchaString']);
}
}
} else {
if ($eventName == 'validate') {
if ($this->useCaptcha) {
$this->captcha = new Captcha($this->captchaID);
$this->captcha->validate($this->captchaString);
}
} else {
if ($eventName == 'save') {
// delete captcha
if ($this->useCaptcha) {
$this->captcha->delete();
}
} else {
if ($eventName == 'readData') {
// captcha
$this->captchaID = 0;
if ($this->useCaptcha) {
$this->captchaID = Captcha::create();
}
// save failed logins
if ($eventObj->errorField == 'username' || $eventObj->errorField == 'password') {
require_once WCF_DIR . 'lib/data/user/login/FailedLoginEditor.class.php';
FailedLoginEditor::create($eventObj instanceof UserLoginForm ? 'user' : 'admin', $eventObj->user !== null ? $eventObj->userID : 0, $eventObj->username, TIME_NOW, WCF::getSession()->ipAddress, WCF::getSession()->userAgent);
}
} else {
if ($eventName == 'assignVariables') {
if ($this->useCaptcha) {
WCF::getTPL()->assign(array('captchaID' => $this->captchaID, 'errorField' => $eventObj->errorField, 'errorType' => $eventObj->errorType));
WCF::getTPL()->append('additionalFields', WCF::getTPL()->fetch('captcha'));
WCF::getTPL()->clearAssign('captchaID');
}
}
}
}
}
}
}
}
}
protected function loginCheck($account)
{
$return = 0;
if ($account["errorlimit"] != 0) {
$ip = Ibos::app()->setting->get("clientip");
$login = FailedLogin::model()->fetchIp($ip);
$errrepeat = intval($account["errorrepeat"]);
$errTime = $account["errortime"] * 60;
$return = !$login || $errTime < TIMESTAMP - $login["lastupdate"] ? $errrepeat : max(0, $errrepeat - $login["count"]);
if (!$login) {
FailedLogin::model()->add(array("ip" => $ip, "count" => 0, "lastupdate" => TIMESTAMP));
} elseif ($errTime < TIMESTAMP - $login["lastupdate"]) {
FailedLogin::model()->deleteOld($errTime + 1);
FailedLogin::model()->add(array("ip" => $ip, "count" => 0, "lastupdate" => TIMESTAMP));
}
if ($return == 0) {
$this->error(Ibos::lang("Login check error", "", array("{minute}" => $account["errortime"])));
exit('11111');
}
}
return $return;
}
