public static function getInstance()
{
if (!isset(self::$instance)) {
self::$instance = new LockoutEngine();
}
return self::$instance;
}
public static function run($inContent = '')
{
$lockoutEngine = LockoutEngine::getInstance();
$lockout = $lockoutEngine->getLockout($_SERVER['REMOTE_ADDR']);
if ($lockout === false) {
return;
}
$lockoutEngine->removeLockout($lockout);
}
public function logIn($userName, $password)
{
if (!is_string($userName)) {
return false;
}
if (!is_string($password)) {
return false;
}
if ($this->isLoggedIn) {
return true;
}
if (LockoutEngine::getInstance()->isLockedOut($_SERVER['REMOTE_ADDR'])) {
return false;
}
//repeated twice just in case a plugin logs the user in
if ($this->isLoggedIn) {
return true;
}
$database = Database::getInstance();
$database->connect();
if (!$database->isConnected()) {
return false;
}
$userName = $database->escapeString(trim($userName));
$column = 'userID, roleID, userName, givenIdentifier, password, firstName, lastName, email, profilePictureLocation, birthday';
$table = 'user';
$where = '((email = \'' . $userName . '\') OR (userName = \'' . $userName . '\') OR (givenIdentifier = \'' . $userName . '\'))';
if ($database->isConnected()) {
$results = $database->getData($column, $table, $where);
} else {
$results = null;
}
//If there weren't any accounts found or too many accounts found
if ($results === null) {
return false;
}
if (count($results) > 1) {
return false;
}
$dbPassword = $results[0]['password'];
if (!Hasher::verifyHash($password, $dbPassword)) {
return false;
}
self::setUserSession(new CurrentUser($results[0]['userID'], $results[0]['roleID'], $results[0]['givenIdentifier'], $results[0]['userName'], $results[0]['firstName'], $results[0]['lastName'], $results[0]['email'], new Link($results[0]['profilePictureLocation'], true), new DateTime($results[0]['birthday']), true));
$this->isLoggedIn = true;
$userID = $database->escapeString($this->getUserID());
$database->updateTable('user', 'lastAccess = CURRENT_TIMESTAMP', "userID={$userID}");
return true;
}
private function minutesLeftInLockout()
{
$lockoutEngine = LockoutEngine::getInstance();
$lockout = $lockoutEngine->getLockout($_SERVER['REMOTE_ADDR']);
if ($lockout === false) {
return $lockoutEngine->getLockoutPeriod();
}
$totalLockoutLength = $lockout->getNumberOfFailedAttempts() * $lockoutEngine->getLockoutPeriod();
$lockoutStart = clone $lockout->lastUpdated();
$lockedOutUntil = $lockoutStart->add(DateInterval::createFromDateString($totalLockoutLength . ' minutes'));
$currentTime = new DateTime();
$minutesLeft = $currentTime->diff($lockedOutUntil);
$minutesLeft = $minutesLeft->days * 24 * 60 + $minutesLeft->h * 60 + $minutesLeft->i;
$minutesLeft += 1;
return $minutesLeft;
}
public function __construct(Request $request)
{
$inParams = $request->getParameters(true);
if (isset($inParams[3])) {
$this->response = Response::fourOhFour();
return;
}
if ($inParams[1] !== "forgotPassword") {
$this->response = Response::fourOhFour();
return;
}
$this->request = $request;
$lockoutEngine = LockoutEngine::getInstance();
if ($lockoutEngine->isLockedOut($_SERVER['REMOTE_ADDR'])) {
$this->response = Response::redirect(new Link("users/login"));
return;
}
if (isset($inParams[2])) {
$this->secondStep($inParams[2]);
return;
}
$this->forgotPasswordContent();
}
public static function run($inContent = '')
{
$lockoutEngine = LockoutEngine::getInstance();
$lockout = $lockoutEngine->getLockout($_SERVER['REMOTE_ADDR']);
if ($lockout === false) {
$attempts = $lockoutEngine->getNumberOfAttemptsBeforeLockout();
$lockout = new Lockout($_SERVER['REMOTE_ADDR'], 1, new DateTime(), $attempts);
$lockoutEngine->addLockout($lockout);
$period = $lockoutEngine->getLockoutPeriod();
$notice = new Notice('warning', "You have {$attempts} attempts left before you're locked out for {$period} minutes.");
NoticeEngine::getInstance()->addNotice($notice);
return;
}
$lockout->failedAttemptMade();
$lockoutEngine->setLockout($lockout);
$attempts = $lockout->getNumberOfAttemptsLeft();
$period = $lockout->getNumberOfFailedAttempts() * $lockoutEngine->getLockoutPeriod();
if ($attempts === 1) {
$notice = new Notice('warning', "You have {$attempts} attempt left before you're locked out for {$period} minutes.");
} else {
$notice = new Notice('warning', "You have {$attempts} attempts left before you're locked out for {$period} minutes.");
}
NoticeEngine::getInstance()->addNotice($notice);
}