Ejemplo n.º 1
0
 public function isValid($value, $context = null)
 {
     $registry = Zend_Registry::getInstance();
     $credential = Ml_Model_Credential::getInstance();
     $this->_setValue($value);
     $valueString = (string) $value;
     if (mb_strlen($value) < 6 || mb_strlen($value) > 20) {
         return false;
     }
     if (!$registry->isRegistered('loginUserInfo')) {
         return false;
     }
     $loginUserInfo = $registry->get('loginUserInfo');
     $adapter = $credential->getAuthAdapter($loginUserInfo['id'], $value);
     // Get our authentication adapter and check credentials
     if ($adapter) {
         $auth = Zend_Auth::getInstance();
         $result = $auth->authenticate($adapter);
         if ($result->isValid()) {
             return true;
         }
         $this->_error(self::MSG_WRONG_PASSWORD);
         Ml_Model_AntiAttack::log(Ml_Model_AntiAttack::WRONG_CREDENTIAL);
     }
     return false;
 }
Ejemplo n.º 2
0
 public function cleanantiattackAction()
 {
     $maxAge = 24 * 60 * 60;
     $antiAttack = Ml_Model_AntiAttack::getInstance();
     $deleted = $antiAttack->gc($maxAge);
     echo "Number of rows with age > " . $maxAge . " (seconds) deleted in antiattack: " . $deleted . "\n";
 }
Ejemplo n.º 3
0
 public function init()
 {
     $registry = Zend_Registry::getInstance();
     $config = $registry->get("config");
     $auth = Zend_Auth::getInstance();
     $this->setMethod('post');
     $this->addElementPrefixPath('Ml_Validate', 'Ml/Validate/', Zend_Form_Element::VALIDATE);
     $this->addElementPrefixPath('Ml_Filter', 'Ml/Filter/', Zend_Form_Element::FILTER);
     if ($auth->hasIdentity()) {
         $this->addElement('password', 'currentpassword', array('filters' => array('StringTrim'), 'validators' => array(array('validator' => 'matchPassword')), 'autocomplete' => 'off', 'required' => true, 'label' => 'Current Password:'******'class' => 'span3'));
     }
     $this->addElement('password', 'password', array('filters' => array('StringTrim'), 'description' => "Six or more characters required; case-sensitive", 'validators' => array(array('validator' => 'StringLength', 'options' => array(6, 20)), array('validator' => 'Hardpassword'), array('validator' => 'newPassword'), array('validator' => 'newPasswordRepeat')), 'autocomplete' => 'off', 'required' => true, 'label' => 'New Password:'******'class' => 'span3'));
     $this->addElement('password', 'password_confirm', array('filters' => array('StringTrim'), 'required' => true, 'label' => 'Confirm Password:'******'autocomplete' => 'off', 'class' => 'span3'));
     if ($registry->isRegistered("changeUserProperPassword")) {
         $this->addElement(Ml_Model_AntiAttack::captchaElement());
     }
     $this->addElement('submit', 'submit', array('label' => 'Change it!', 'class' => 'btn primary'));
     if ($config['ssl']) {
         $this->getElement("submit")->addValidator("Https");
         //By default the submit element doesn't display a error decorator
         $this->getElement("submit")->addDecorator("Errors");
     }
     if ($auth->hasIdentity()) {
         $this->addElement(Ml_Model_MagicCookies::formElement());
     }
     $this->setAttrib('class', 'form-stacked');
 }
Ejemplo n.º 4
0
 public function indexAction()
 {
     $registry = Zend_Registry::getInstance();
     $auth = Zend_Auth::getInstance();
     $config = $registry->get("config");
     $sessionConfig = $config['resources']['session'];
     Ml_Model_AntiAttack::loadRules();
     $credential = Ml_Model_Credential::getInstance();
     $logger = Ml_Model_Logger::getInstance();
     if ($auth->hasIdentity()) {
         return $this->_forward("goback");
     }
     $request = $this->getRequest();
     $form = $credential->loginForm();
     if (Ml_Model_AntiAttack::ensureHuman()) {
         $ensureHuman = true;
     } else {
         $ensureHuman = false;
     }
     if ($request->isPost()) {
         ignore_user_abort(true);
         //A way to sign in only if captcha is right. This is a workaround to
         //signout if the captcha is wrong.
         //
         //I've decided to put the sign in code in the validator itself,
         //but couldn't find a way to make the password validator
         //load after the captcha one (but to let it come first in code,
         //and that's ugly on the screen) and get a result if the
         //validation worked. Notice that it is only useful when
         //the captcha is required.
         if ($form->isValid($request->getPost())) {
             //@see below
             $session = Ml_Model_Session::getInstance();
             //rememberMe and ForgetMe already regenerates the ID
             if ($form->getElement("remember_me")->isChecked()) {
                 Zend_Session::rememberMe($sessionConfig['cookie_lifetime']);
             } else {
                 Zend_Session::ForgetMe();
             }
             $session->associate($auth->getIdentity(), Zend_Session::getId());
             $logger->log(array("action" => "login", "username" => $form->getValue("username")));
             $this->_forward("goback");
         } else {
             //@see above
             if ($auth->hasIdentity()) {
                 $auth->clearIdentity();
             }
             $logger->log(array("action" => "login_denied", "username" => $form->getValue("username")));
             $this->view->errorlogin = true;
         }
         //@end of workaround
     }
     $challenge = $form->getElement("challenge");
     //don't show missing value in the first time that asks for the captcha
     if (!$ensureHuman && is_object($challenge)) {
         $challenge->setErrorMessages(array("missingValue" => ''));
     }
     $this->view->loginform = $form;
 }
Ejemplo n.º 5
0
 public function init()
 {
     $this->setMethod('post');
     $this->addElementPrefixPath('Ml_Validate', 'Ml/Validate/', Zend_Form_Element::VALIDATE);
     $this->addElementPrefixPath('Ml_Filter', 'Ml/Filter/', Zend_Form_Element::FILTER);
     $this->addElement('text', 'recover', array('label' => 'Username or e-mail:', 'required' => true, 'filters' => array('StringTrim', 'StringToLower'), 'validators' => array(array('validator' => 'StringLength', 'options' => array(1, 100)), array('validator' => 'accountRecover')), 'autocomplete' => 'off'));
     $this->addElement(Ml_Model_AntiAttack::captchaElement());
     $this->addElement('submit', 'submit', array('label' => 'E-mail me!', 'class' => 'btn primary'));
     $this->setAttrib('class', 'form-stacked');
 }
Ejemplo n.º 6
0
 public function init()
 {
     $this->setMethod('post');
     $this->addElementPrefixPath('Ml_Validate', 'Ml/Validate/', Zend_Form_Element::VALIDATE);
     $this->addElementPrefixPath('Ml_Filter', 'Ml/Filter/', Zend_Form_Element::FILTER);
     $this->addElement('password', 'password', array('filters' => array('StringTrim'), 'validators' => array(array('validator' => 'matchPassword')), 'required' => true, 'label' => 'Current Password:'******'hash', 'no_csrf_foo', array('salt' => 'K*#%JQk74#$*%Ĉ#%R*b', 'timeout' => 600));
     $this->addElement(Ml_Model_AntiAttack::captchaElement());
     $this->addElement('submit', 'submit', array('label' => 'Delete your account', 'class' => 'btn danger'));
     $this->setAttrib('class', 'form-stacked');
 }
Ejemplo n.º 7
0
 public function init()
 {
     $auth = Zend_Auth::getInstance();
     $this->setMethod('post');
     $this->addElementPrefixPath('Ml_Validate', 'Ml/Validate/', Zend_Form_Element::VALIDATE);
     $this->addElementPrefixPath('Ml_Filter', 'Ml/Filter/', Zend_Form_Element::FILTER);
     $this->addElement('text', 'abuse_reference', array('label' => 'Link to the abuse:', 'required' => true, 'filters' => array('StringTrim', 'UrlFilter'), 'validators' => array(array('validator' => 'StringLength', 'options' => array(1, 512), array('validator' => 'Url')))));
     $this->addElement('textarea', 'abuse_description', array('label' => 'Explain (if necessary):', 'required' => false, 'filters' => array('StringTrim'), 'validators' => array(array('validator' => 'StringLength', 'options' => array(1, 2048)))));
     if (!$auth->hasIdentity()) {
         $this->addElement(Ml_Model_AntiAttack::captchaElement());
     }
     $this->addElement('submit', 'report_abuse', array('label' => "Let us know", 'required' => false, 'class' => 'btn primary'));
     $this->setAttrib('class', 'form-stacked');
 }
Ejemplo n.º 8
0
 public function init()
 {
     $registry = Zend_Registry::getInstance();
     $config = $registry->get("config");
     $this->setMethod('post');
     $this->addElementPrefixPath('Ml_Validate', 'Ml/Validate/', Zend_Form_Element::VALIDATE);
     $this->addElementPrefixPath('Ml_Filter', 'Ml/Filter/', Zend_Form_Element::FILTER);
     $this->addElement('text', 'name', array('label' => 'Name:', 'required' => true, 'filters' => array('StringTrim'), 'validators' => array(array('validator' => 'StringLength', 'options' => array(1, 50)))));
     $email = $this->addElement('text', 'email', array('label' => 'E-mail address:', 'required' => true, 'description' => '<small>Read the <a href="/privacy" class="new-window">' . 'Privacy Policy</a> before proceeding</small>', 'filters' => array('StringTrim', 'StringToLower'), 'validators' => array(array('validator' => 'StringLength', 'options' => array(1, 60)), array('validator' => 'emailNewUser'), array('validator' => 'EmailAddress'))));
     if ($config['signup']['inviteonly']) {
         $this->addElement('text', 'invitecode', array('label' => 'Invite code:', 'required' => true, 'autoInsertNotEmptyValidator' => false, 'validators' => array(array('validator' => 'Invite'))));
         $this->getElement("invitecode")->setAttrib('class', 'span3');
     }
     $this->addElement(Ml_Model_AntiAttack::captchaElement());
     $this->addElement('submit', 'submit', array('label' => 'Sign up!', 'class' => 'btn primary'));
     $this->setAttrib('class', 'form-stacked');
 }
Ejemplo n.º 9
0
 public function init()
 {
     $registry = Zend_Registry::getInstance();
     $config = $registry->get("config");
     $this->addElementPrefixPath('Ml_Validate', 'Ml/Validate/', Zend_Form_Element::VALIDATE);
     $this->addElementPrefixPath('Ml_Filter', 'Ml/Filter/', Zend_Form_Element::FILTER);
     $this->addElement('text', 'username', array('label' => 'Username or e-mail:', 'required' => true, 'autofocus' => 'autofocus', 'filters' => array('StringTrim', 'StringToLower'), 'validators' => array(array('validator' => 'username'))));
     $this->getElement("username")->setAttrib('required', 'required');
     $this->addElement('password', 'password', array('label' => 'Password:'******'required' => true, 'filters' => array('StringTrim'), 'validators' => array(array('validator' => 'StringLength', 'options' => array(5, 20)), array('validator' => 'password'))));
     $this->getElement("password")->setAttrib('required', 'required');
     $this->addElement('checkbox', 'remember_me', array('label' => 'Remember me'));
     if (Ml_Model_AntiAttack::ensureHuman()) {
         $this->addElement(Ml_Model_AntiAttack::captchaElement());
     }
     $login = $this->addElement('submit', 'login', array('required' => false, 'ignore' => true, 'label' => 'Sign in', 'class' => 'btn primary'));
     if ($config['ssl']) {
         $this->getElement("login")->addValidator("Https");
         //By default the submit element doesn't display a error decorator
         $this->getElement("login")->addDecorator("Errors");
     }
     $this->getElement("username")->setAttrib('class', 'span3');
     $this->getElement("password")->setAttrib('class', 'span3');
     $this->setAttrib('class', 'form-stacked');
 }
Ejemplo n.º 10
0
 public static function getCode()
 {
     $antiAttack = self::getInstance();
     if (self::$_code != '') {
         return self::$_code;
     }
     $select = $antiAttack->_dbTable->select()->where("ip = ?", $_SERVER['REMOTE_ADDR'])->where("CURRENT_TIMESTAMP < TIMESTAMP(timestamp, '00:15:00')");
     $ip = substr(long2ip(ip2long($_SERVER['REMOTE_ADDR'])), 0, -2) . '%';
     $select->orWhere("ip LIKE ?", $ip)->where("CURRENT_TIMESTAMP < TIMESTAMP(timestamp, '00:05:00')");
     $loggedMetaInfo = $antiAttack->_dbTable->fetchAll($select);
     //avoid DoS attacks...
     //And if something happens with the connection with
     //the database, it may be handy also.
     if (!is_object($loggedMetaInfo)) {
         $behavior = Ml_Model_AntiAttack::ACCESS_FORBIDDEN;
     } else {
         $loggedMetaInfoData = $loggedMetaInfo->toArray();
         $size = sizeof($loggedMetaInfoData);
         if ($size > 250) {
             $behavior = Ml_Model_AntiAttack::ACCESS_FORBIDDEN;
         } else {
             if ($size > 8) {
                 $behavior = Ml_Model_AntiAttack::ACCESS_ENSURE_HUMAN;
             } else {
                 //It defaults to ACCESS_FREE
                 $behavior = Ml_Model_AntiAttack::ACCESS_FREE;
             }
         }
     }
     self::$_code = $behavior;
     return $behavior;
 }