/**
* Ritorna se l'email e la password passate corrispondono a un utente valido.
*
* @static
* @param string $Email L'email dell'utente che si vuole loggare
* @param string $Password La password dell'utente che si vuole loggare
* @return bool Se lo login è andata a buon fine o meno
*/
public static function isValidLogin($Email, $Password)
{
$Auth = Zend_Auth::getInstance();
$Adapter = self::getAuthAdapter();
$Adapter->setIdentity($Email);
$Adapter->setCredential($Password);
self::$AuthResult = $Auth->authenticate($Adapter);
if (self::$AuthResult->isValid()) {
$Auth->getStorage()->write(self::getUserById($Adapter->getResultRowObject()->IDUser));
return true;
} else {
return false;
}
}
/**
* Set the result for this validator
*
* @param \Zend_Auth_Result $result
* @return boolean True when valid
*/
protected function setAuthResult(\Zend_Auth_Result $result)
{
$this->_authResult = $result;
return $this->_authResult->isValid();
}
/**
* Process everything after authentication.
*
* @param \Zend_Auth_Result $result
*/
protected function afterAuthorization(\Zend_Auth_Result $result, $lastAuthorizer = null)
{
try {
$select = $this->db->select();
$select->from('gems__user_login_attempts', array('gula_failed_logins', 'gula_last_failed', 'gula_block_until', new \Zend_Db_Expr('UNIX_TIMESTAMP() - UNIX_TIMESTAMP(gula_last_failed) AS since_last')))->where('gula_login = ?', $this->getLoginName())->where('gula_id_organization = ?', $this->getCurrentOrganizationId())->limit(1);
$values = $this->db->fetchRow($select);
// The first login attempt
if (!$values) {
$values['gula_login'] = $this->getLoginName();
$values['gula_id_organization'] = $this->getCurrentOrganizationId();
$values['gula_failed_logins'] = 0;
$values['gula_last_failed'] = null;
$values['gula_block_until'] = null;
$values['since_last'] = $this->failureIgnoreTime + 1;
}
if ($result->isValid()) {
// Reset login failures
$values['gula_failed_logins'] = 0;
$values['gula_last_failed'] = null;
$values['gula_block_until'] = null;
} else {
// Reset the counters when the last login was longer ago than the delay factor
if ($values['since_last'] > $this->failureIgnoreTime) {
$values['gula_failed_logins'] = 1;
} elseif ($lastAuthorizer === 'pwd') {
// Only increment failed login when password failed
$values['gula_failed_logins'] += 1;
}
// If block is already set
if ($values['gula_block_until']) {
// Do not change it anymore
unset($values['gula_block_until']);
} else {
// Only set the block when needed
if ($this->failureBlockCount <= $values['gula_failed_logins']) {
$values['gula_block_until'] = new \Zend_Db_Expr('DATE_ADD(CURRENT_TIMESTAMP, INTERVAL ' . $this->failureIgnoreTime . ' SECOND)');
}
}
// Always record the last fail
$values['gula_last_failed'] = new \MUtil_Db_Expr_CurrentTimestamp();
$values['gula_failed_logins'] = max(1, $values['gula_failed_logins']);
// Response gets slowly slower
$sleepTime = min($values['gula_failed_logins'] - 1, 10) * 2;
sleep($sleepTime);
// \MUtil_Echo::track($sleepTime, $values, $result->getMessages());
}
// Value not saveable
unset($values['since_last']);
if (isset($values['gula_login'])) {
$this->db->insert('gems__user_login_attempts', $values);
} else {
$where = $this->db->quoteInto('gula_login = ? AND ', $this->getLoginName());
$where .= $this->db->quoteInto('gula_id_organization = ?', $this->getCurrentOrganizationId());
$this->db->update('gems__user_login_attempts', $values, $where);
}
} catch (\Zend_Db_Exception $e) {
// Fall through as this does not work if the database upgrade did not yet run
// \MUtil_Echo::r($e);
}
}
public function authenticate()
{
if (empty($this->_identity)) {
return new Zend_Auth_Result(Zend_Auth_Result::FAILURE_IDENTITY_NOT_FOUND, $this->_identity, array(trlKwf('Please specify a user name.')));
} else {
if ($this->_credential === null) {
return new Zend_Auth_Result(Zend_Auth_Result::FAILURE_IDENTITY_NOT_FOUND, $this->_identity, array(trlKwf('Please specify a password.')));
}
}
$cache = $this->_getCache();
$failedLoginsFromThisIp = $cache->load($this->_getCacheId());
if ($failedLoginsFromThisIp && $failedLoginsFromThisIp >= 15) {
return new Zend_Auth_Result(Zend_Auth_Result::FAILURE_UNCATEGORIZED, $this->_identity, array(trlKwf('Too many wrong logins.'), trlKwf('There were too many wrong logins from your connection. Please try again in 5 minutes.')));
}
$ret = null;
$validLogin = false;
$row = null;
$users = Zend_Registry::get('userModel');
foreach ($users->getAuthMethods() as $auth) {
if ($this->_useCookieToken) {
if ($auth instanceof Kwf_User_Auth_Interface_AutoLogin) {
$row = $auth->getRowById($this->_identity);
if ($row) {
if ($auth->validateAutoLoginToken($row, $this->_credential)) {
$ret = new Zend_Auth_Result(Zend_Auth_Result::SUCCESS, $this->_identity, array(trlKwf('Authentication successful')));
} else {
$ret = new Zend_Auth_Result(Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID, $this->_identity, array(trlKwf('Supplied password is invalid')));
}
break;
}
}
} else {
if ($auth instanceof Kwf_User_Auth_Interface_Password) {
$row = $auth->getRowByIdentity($this->_identity);
if ($row) {
if ($this->_credential == 'test' && Kwf_Config::getValue('debug.testPasswordAllowed')) {
$ret = new Zend_Auth_Result(Zend_Auth_Result::SUCCESS, $this->_identity, array(trlKwf('Authentication successful')));
} else {
if ($auth->validatePassword($row, $this->_credential)) {
$ret = new Zend_Auth_Result(Zend_Auth_Result::SUCCESS, $this->_identity, array(trlKwf('Authentication successful')));
} else {
$ret = new Zend_Auth_Result(Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID, $this->_identity, array(trlKwf('Supplied password is invalid')));
}
}
break;
}
}
}
}
if (!$row) {
$ret = new Zend_Auth_Result(Zend_Auth_Result::FAILURE_IDENTITY_NOT_FOUND, $this->_identity, array(trlKwf('User not existent in this web')));
} else {
if ($ret->isValid()) {
$users->loginUserRow($row, true);
}
}
if (!$ret->isValid()) {
$cache = $this->_getCache();
$failedLoginsFromThisIp = $cache->load($this->_getCacheId());
if (!$failedLoginsFromThisIp) {
$failedLoginsFromThisIp = 0;
}
$failedLoginsFromThisIp++;
$cache->save($failedLoginsFromThisIp, $this->_getCacheId());
$this->_sendWrongLoginMail(array('Identity' => $this->_identity));
if ($failedLoginsFromThisIp > 3) {
sleep(3);
}
}
return $ret;
}
public function setIdentity(Zend_Auth_Result $authResult)
{
if ($authResult->isValid()) {
$this->getStorage()->write($authResult->getIdentity());
}
}
