Ejemplo n.º 1
0
/**
 * validate captcha result for specified field
 */
function secure_captcha_validate_result($field_name)
{
    custom_session_set($field_name . '-validate', 1);
    $valid = false;
    if (isset($_POST[$field_name])) {
        if (!empty($_POST[$field_name])) {
            $captcha_result = custom_session_get($field_name . '-result', "");
            if ($_POST[$field_name] == $captcha_result) {
                $valid = true;
            }
        }
    } else {
        // no submition
        $valid = true;
    }
    if ($valid) {
        custom_session_set($field_name . '-error', "");
    } else {
        custom_session_set($field_name . '-error', __("invalid captcha", CUSTOM_PLUGIN_TEXT_DOMAIN));
    }
    return $valid;
}
Ejemplo n.º 2
0
/**
 * analyse request and determine if failed to ban
 */
function secure_is_failtoban()
{
    $failedtoban = false;
    $timestamp = time();
    $last_failtoban_time = custom_session_get("secure-last-failtoban-time", null);
    $last_login_time = custom_session_get("secure-last-login-time", null);
    $nb_try_login = custom_session_get("secure-nb-try-login", null);
    if (!empty($last_failtoban_time) && $timestamp - $last_failtoban_time < 60) {
        $failedtoban = true;
        // failtoban must wait 1min.
        custom_session_set("secure-last-failtoban-time", $timestamp);
        custom_session_unset("secure-last-login-time");
        custom_session_unset("secure-nb-try-login");
    } else {
        custom_session_unset("secure-last-failtoban-time");
        if (!empty($last_login_time)) {
            if ($nb_try_login > 9) {
                // more than 10 tries in 1min.
                if ($timestamp - $last_login_time < 60) {
                    // more than 10 tries in 1min. => failtoban
                    $failedtoban = true;
                    custom_session_set("secure-last-failtoban-time", $timestamp);
                    custom_session_unset("secure-last-login-time");
                    custom_session_unset("secure-nb-try-login");
                } else {
                    // reset
                    custom_session_set("secure-last-login-time", $timestamp);
                    custom_session_set("secure-nb-try-login", 1);
                }
            } else {
                // increment try login
                custom_session_set("secure-nb-try-login", $nb_try_login + 1);
            }
        } else {
            // reset
            custom_session_set("secure-last-login-time", $timestamp);
            custom_session_set("secure-nb-try-login", 1);
        }
    }
    if (!$failedtoban) {
        custom_session_set('failtoban-error', "");
    } else {
        custom_session_set('failtoban-error', __("Too many tries - please wait 1min", CUSTOM_PLUGIN_TEXT_DOMAIN));
    }
    return $failedtoban;
}