PHP IpBan::save Examples

Example #1

File: SiteController.php Project: newga/newga

 /**
  * Displays the login page
  */
 public function actionLogin()
 {
     $this->pageTitle = 'Login | ' . Yii::app()->name;
     $this->layout = '//layouts/accession';
     $LoginForm = new LoginForm();
     // if it is ajax validation request
     if (isset($_POST['ajax']) && $_POST['ajax'] === 'login-form') {
         echo CActiveForm::validate($LoginForm);
         Yii::app()->end();
     }
     // collect user input data
     if (isset($_POST['LoginForm'])) {
         if (Login::model()->IPBanned()) {
             // this IP is banned
             $LoginForm->addError('email', Yii::app()->params['ipBanMessage']);
         } else {
             $LoginForm->attributes = $_POST['LoginForm'];
             // validate user input and redirect to the previous page if valid
             if ($LoginForm->validate() && $LoginForm->login()) {
                 $User = User::model()->getUser();
                 if (!is_null($User)) {
                     // Admin user
                     $User->reset_hash = null;
                     $User->save();
                     $login = new Login();
                     $login->success = 1;
                     $login->user_id = $User->id;
                     $login->date = date('Y-m-d H:i:s');
                     $login->ip = $_SERVER['REMOTE_ADDR'];
                     $login->save();
                     $this->redirect(array('site/dashboard'));
                 } else {
                     // Accession user
                     // Go straight to their details page
                     $this->redirect(array('accession/updateDetails'));
                 }
             } else {
                 // Failed login
                 $login = new Login();
                 $login->success = 0;
                 $login->date = date('Y-m-d H:i:s');
                 $login->ip = $_SERVER['REMOTE_ADDR'];
                 // See if we can find the user
                 $User = User::model()->findByAttributes(array('email' => $_POST['LoginForm']['email']));
                 if ($User) {
                     $login->user_id = $User->id;
                 }
                 $login->save();
                 // Check how many failed logins we have in last hour
                 // If 5, we ban the IP
                 if (!in_array($_SERVER['REMOTE_ADDR'], Yii::app()->params['ipWhiteList'])) {
                     $criteria = new CDbCriteria();
                     $criteria->condition = "date > :date AND success = 0 AND ip = :ip";
                     $criteria->params = array(':ip' => $_SERVER['REMOTE_ADDR'], ':date' => date('Y-m-d H:i:s', strtotime('1 hour ago')));
                     $logins = Login::model()->findAll($criteria);
                     if (sizeof($logins) >= 5 && !in_array($_SERVER['REMOTE_ADDR'], Yii::app()->params['ipWhiteList'])) {
                         // Ban the ip
                         $ipBan = new IpBan();
                         $ipBan->ip = $_SERVER['REMOTE_ADDR'];
                         $ipBan->save();
                         $LoginForm->clearErrors();
                         $LoginForm->addError('email', 'Your IP has been banned for repeated failed login attempts. Please contact the site administrator.');
                     } elseif (sizeof($logins) == 4) {
                         // Show warning
                         $LoginForm->addError('password', 'You only have 1 login attempt remaining in this hour period. Another failed attempt within an hour and your IP will be banned.');
                     }
                 }
             }
         }
     }
     // display the login form
     $this->render('login', array('LoginForm' => $LoginForm));
 }