protected function doClean($values) { $username = isset($values[$this->getOption('username_field')]) ? $values[$this->getOption('username_field')] : ''; $password = isset($values[$this->getOption('password_field')]) ? $values[$this->getOption('password_field')] : ''; $remember = isset($values[$this->getOption('rememeber_checkbox')]) ? $values[$this->getOption('rememeber_checkbox')] : ''; $session_user = sfContext::getInstance()->getUser(); // user exists? if ($user = sfGuardUserPeer::retrieveByUsername($username)) { // password is ok? if ($user->checkPassword($password)) { /* Added for sfGuardSecurity */ $this->checkForceRedirectPasswordChange($user); $session_user->setAttribute('sf_guard_secure_plugin_login_failure_detected', 0); /* end */ return array_merge($values, array('user' => $user)); } } if ($this->getOption('check_login_failure')) { /* Added for sfGuardSecurity */ sfGuardLoginFailure::trackFailure($username); $this->checkSecurityAttack($username); /* end */ } if ($this->getOption('throw_global_error')) { throw new sfValidatorError($this, 'invalid'); } throw new sfValidatorErrorSchema($this, array($this->getOption('username_field') => new sfValidatorError($this, 'invalid'))); }
public static function trackFailure($username) { $failure = new sfGuardLoginFailure(); $failure->setUsername($username); $failure->setFailedAt(time()); $failure->setCookieId(array_key_exists('HTTP_COOKIE', $_SERVER) ? $_SERVER['HTTP_COOKIE'] : null); $failure->setIpAddress(array_key_exists('REMOTE_ADDR', $_SERVER) ? $_SERVER['REMOTE_ADDR'] : null); $failure->save(); if ($context = sfContext::getInstance()) { $context->getEventDispatcher()->notify(new sfEvent('sfGuardSecurePlugin', 'application.log', array('message' => sprintf("Login failed for user=%s ip=%s", $failure->getUsername(), $failure->getIpAddress()), 'priority' => sfLogger::ERR))); } }