} else {
$attempts = $result[0]['attempts'] + 1;
$timeout = pow(2, $attempts);
$timeout_next = pow(2, $attempts + 1);
if ($attempts == 3) {
$CFG->language = $result[0]['last_lang'] ? $result[0]['last_lang'] : 'en';
$email = SiteEmail::getRecord('bruteforce-notify');
Email::send($CFG->support_email, $result[0]['email'], $email['title'], $CFG->form_email_from, false, $email['content'], $result[0]);
}
db_update('site_users_access', $result[0]['id'], array('attempts' => $attempts, 'last' => time()), 'site_user');
if (time() - $result[0]['last'] <= $timeout) {
$invalid_login = 1;
}
}
if (!$invalid_login && !$user_id) {
$invalid_login = !Encryption::verify_hash($pass1, $result[0]['pass']);
if (!$invalid_login) {
$sql = "DELETE FROM change_settings WHERE type = 'r' AND site_user = " . $result[0]['id'];
db_query($sql);
}
}
}
if ($invalid_login) {
db_insert('ip_access_log', array('ip' => $ip_int, 'timestamp' => date('Y-m-d H:i:s'), 'login' => 'Y'));
echo json_encode(array('error' => 'invalid-login', 'attempts' => $attempts, 'timeout' => $timeout_next));
exit;
}
if (($result[0]['verified_authy'] == 'Y' || $result[0]['verified_google'] == 'Y') && $result[0]['dont_ask_30_days'] != 'Y') {
if ($result[0]['using_sms'] == 'Y') {
shell_exec('curl https://api.authy.com/protected/json/sms/' . $result[0]['authy_id'] . '?force=true&api_key=' . $CFG->authy_api_key);
}
public static function savePassword($info)
{
global $CFG;
if (!$CFG->session_active || !is_array($info)) {
return false;
}
$status = false;
$errors = array();
$error_fields = array();
$invalid_login = false;
$info['pass'] = preg_replace($CFG->pass_regex, '', $info['pass']);
$info['pass1'] = preg_replace($CFG->pass_regex, '', $info['pass1']);
$info['current_pass'] = preg_replace($CFG->pass_regex, '', $info['current_pass']);
$invalid_pass = !Encryption::verify_hash($info['current_pass'], User::$info['pass']);
if ($invalid_pass) {
$errors[] = 'Su contraseña actual no es la correcta.';
$error_fields[] = 'current_pass';
}
if (!empty($info['pass']) && $info['pass'] != $info['pass1']) {
$errors[] = 'La contraseña no es idéntica a su verificación.';
$error_fields[] = 'pass';
$error_fields[] = 'pass1';
}
if (empty($info['pass']) || mb_strlen($info['pass'], 'utf-8') < $CFG->pass_min_chars) {
$errors[] = 'Su contraseña debe tener más de ' . $CFG->pass_min_chars . ' caracteres.';
$error_fields[] = 'pass';
}
if (count($errors) > 0) {
return array('errors' => $errors, 'error_fields' => $error_fields);
}
db_update('site_users', User::$info['id'], array('pass' => Encryption::hash($info['pass'])));
$email = SiteEmail::getRecord('update-password');
Email::send($CFG->contact_email, $info['email'], $email['title'], $CFG->form_email_from, false, $email['content'], $info);
return array('messages' => array('¡Su contraseña ha sido actualizada!'));
}
