public function add() { $gump = new GUMP(); $gump->validation_rules(array('ip' => 'required|valid_ipv4', 'length' => 'required|integer', 'reason' => 'required')); $gump->filter_rules(array('ip' => 'trim', 'length' => 'trim|whole_number', 'reason' => 'trim|sanitize_string')); $valid_data = $gump->run($_POST); if ($valid_data === false) { return new ActionResult($this, '/admin/core/ipblock_add', 0, 'Failed to add block!<br />Error: <code>Please check you have completed all fields as instructed.</code>', B_T_FAIL); } $ipblock = new IpBan($this->parent->parent); if ($ipblock->ban($valid_data['reason'], $valid_data['length'], $valid_data['ip'])) { return new ActionResult($this, '/admin/core/ipblock_view', 1, 'Succeesfully added block!', B_T_SUCCESS); } else { return new ActionResult($this, '/admin/core/ipblock_add', 0, 'Failed to add block!', B_T_FAIL); } }
public function IPBanned() { if (Yii::app()->params['ipLoginFiltering']) { // Check IP isn't banned $ip = IpBan::model()->findByAttributes(array('ip' => $_SERVER['REMOTE_ADDR'])); if (sizeof($ip)) { // this IP is banned return true; } else { return false; } } else { return false; } }
public function login() { if (Session::get($this::name_space, 'login_attempts') >= 10) { $ipBan = new IpBan($this->parent->parent); if ($ipBan->ban('Too many authentication failures', 15)) { Session::del($this::name_space, 'login_attempts'); return new ActionResult($this, '/', 1, '', B_T_FAIL); } } $user = WebApp::post('user'); $pass = WebApp::post('pwd'); $this->parent->parent->debug($this::name_space . ': Logging in user...'); $user_query = $this->mySQL_r->prepare("SELECT `id`, `username`, `act_b`, `chgPwd`, `en` FROM `core_users` WHERE `username`=? OR `email`=?"); $user_query->bind_param('ss', $user, $user); $user_query->execute(); $user_query->bind_result($id, $username, $activated, $chgPwd, $enabled); $user_query->store_result(); // Check we have a user to log into if ($user_query->num_rows != 1) { $login_attempts = Session::get($this::name_space, 'login_attempts') === NULL ? 0 : Session::get($this::name_space, 'login_attempts'); $this->parent->parent->logEvent($this::name_space, 'Someone tried to login to user "' . $user . '" except they don\'t exist'); $this->parent->parent->debug($this::name_space . ': Someone tried to login to user "' . $user . '" except they don\'t exist!'); $this->parent->parent->debug($this::name_space . ': Number of attempts ' . $login_attempts); Session::set($this::name_space, 'login_attempts', $login_attempts + 1); return new ActionResult($this, '/user/login', 0, 'Invalid username or password!<br />' . PHP_EOL . 'Usernames and passwords are case sensitive.', B_T_FAIL, array('form' => array('pwd' => ''))); } while ($user_query->fetch()) { $active = intval($activated); $changePassword = intval($chgPwd); $enabled = intval($enabled); $id = $id; } // Have they activated their account? if (!$active) { $this->parent->parent->logEvent($this::name_space, 'Unactivated user "' . $username . '" tried to log in'); return new ActionResult($this, '/user/activate', 1, ''); } // Has the user been disabled? if (!$enabled) { $this->parent->parent->logEvent($this::name_space, 'Disabled user "' . $username . '" tried to log in'); return new ActionResult($this, '/user/login', 0, 'Your account has been disabled. Contact the webmaster for further information.', B_T_FAIL, array('form' => array('user' => '', 'pwd' => ''))); } // Now we can see if they got the password correct if (!$this->parent->parent->user->authenticate($pass, $id, $username)) { $login_attempts = Session::get($this::name_space, 'login_attempts') === NULL ? 0 : Session::get($this::name_space, 'login_attempts'); $this->parent->parent->logEvent($this::name_space, $username . ' failed to log in'); $this->parent->parent->debug($this::name_space . ': ' . $username . ' failed to log in'); $this->parent->parent->debug($this::name_space . ': Number of attempts ' . $login_attempts); Session::set($this::name_space, 'login_attempts', $login_attempts + 1); return new ActionResult($this, '/user/login', 0, 'Invalid username or password!<br />' . PHP_EOL . 'Usernames and passwords are case sensitive.', B_T_FAIL, array('form' => array('pwd' => ''))); } // Now we can log them in Session::del($this::name_space, 'login_attempts'); $this->parent->parent->logEvent($this::name_space, $username . ' logged in'); //Session::regen(); if (!$this->parent->parent->user->session->create($id)) { $this->parent->parent->logEvent($this::name_space, 'Failed to create token!'); return new ActionResult($this, '/user/login', 0, 'Login failed, please speak to webmaster', B_T_FAIL); } Session::set('WebApp.User', 'loggedIn', true); Session::set('WebApp.User', 'username', $username); Session::set('WebApp.User', 'userID', $id); if ($changePassword == 1) { return new ActionResult($this, '/user/profile/password', 1, ''); } if (WebApp::post('r') !== NULL && WebApp::post('r') !== '') { $url = urldecode(WebApp::post('r')); } else { $url = '/user'; } return new ActionResult($this, $url, 1, ''); }
/** * Displays the login page */ public function actionLogin() { $this->pageTitle = 'Login | ' . Yii::app()->name; $this->layout = '//layouts/accession'; $LoginForm = new LoginForm(); // if it is ajax validation request if (isset($_POST['ajax']) && $_POST['ajax'] === 'login-form') { echo CActiveForm::validate($LoginForm); Yii::app()->end(); } // collect user input data if (isset($_POST['LoginForm'])) { if (Login::model()->IPBanned()) { // this IP is banned $LoginForm->addError('email', Yii::app()->params['ipBanMessage']); } else { $LoginForm->attributes = $_POST['LoginForm']; // validate user input and redirect to the previous page if valid if ($LoginForm->validate() && $LoginForm->login()) { $User = User::model()->getUser(); if (!is_null($User)) { // Admin user $User->reset_hash = null; $User->save(); $login = new Login(); $login->success = 1; $login->user_id = $User->id; $login->date = date('Y-m-d H:i:s'); $login->ip = $_SERVER['REMOTE_ADDR']; $login->save(); $this->redirect(array('site/dashboard')); } else { // Accession user // Go straight to their details page $this->redirect(array('accession/updateDetails')); } } else { // Failed login $login = new Login(); $login->success = 0; $login->date = date('Y-m-d H:i:s'); $login->ip = $_SERVER['REMOTE_ADDR']; // See if we can find the user $User = User::model()->findByAttributes(array('email' => $_POST['LoginForm']['email'])); if ($User) { $login->user_id = $User->id; } $login->save(); // Check how many failed logins we have in last hour // If 5, we ban the IP if (!in_array($_SERVER['REMOTE_ADDR'], Yii::app()->params['ipWhiteList'])) { $criteria = new CDbCriteria(); $criteria->condition = "date > :date AND success = 0 AND ip = :ip"; $criteria->params = array(':ip' => $_SERVER['REMOTE_ADDR'], ':date' => date('Y-m-d H:i:s', strtotime('1 hour ago'))); $logins = Login::model()->findAll($criteria); if (sizeof($logins) >= 5 && !in_array($_SERVER['REMOTE_ADDR'], Yii::app()->params['ipWhiteList'])) { // Ban the ip $ipBan = new IpBan(); $ipBan->ip = $_SERVER['REMOTE_ADDR']; $ipBan->save(); $LoginForm->clearErrors(); $LoginForm->addError('email', 'Your IP has been banned for repeated failed login attempts. Please contact the site administrator.'); } elseif (sizeof($logins) == 4) { // Show warning $LoginForm->addError('password', 'You only have 1 login attempt remaining in this hour period. Another failed attempt within an hour and your IP will be banned.'); } } } } } // display the login form $this->render('login', array('LoginForm' => $LoginForm)); }
public function Web() { $this->debug($this::name_space . ': Checking for IP block...'); $ipBan = new IpBan($this); if (!$ipBan->check()) { $this->_ipBlock(); } $this->debug($this::name_space . ': Sanitising input...'); $this->_sanitise(); $this->debug($this::name_space . ': Generating catagories...'); $this->_genPageCats(); $this->debug($this::name_space . ': Setting HTTPS status'); $this->_setHTTPS(); $file_size_max = $this->config->getOption('file_size_max'); ini_set('upload_max_filesize', $file_size_max); ini_set('post_max_size', $file_size_max); $this->debug($this::name_space . ': Selecting Mode...'); $class = 'Page'; switch ($this::get('cat1')) { case 'fonts': case 'js': case 'css': $class = 'File'; break; case 'images': $class = 'Image'; break; case 'action': $class = 'Action'; break; case 'ajax': $class = 'Ajax'; break; case 'feed': $class = 'Feed'; break; } $method = 'set' . $class; $this->debug($this::name_space . ': MODE: ' . strtoupper($class)); $this->ctrl = new $class($this); $this->ctrl->{$method}(); $this->ctrl->execute(); $this->output(); }