protected function doClean($values)
 {
     $username = isset($values[$this->getOption('username_field')]) ? $values[$this->getOption('username_field')] : '';
     $password = isset($values[$this->getOption('password_field')]) ? $values[$this->getOption('password_field')] : '';
     $remember = isset($values[$this->getOption('rememeber_checkbox')]) ? $values[$this->getOption('rememeber_checkbox')] : '';
     $session_user = sfContext::getInstance()->getUser();
     // user exists?
     if ($user = sfGuardUserPeer::retrieveByUsername($username)) {
         // password is ok?
         if ($user->checkPassword($password)) {
             /* Added for sfGuardSecurity */
             $this->checkForceRedirectPasswordChange($user);
             $session_user->setAttribute('sf_guard_secure_plugin_login_failure_detected', 0);
             /* end */
             return array_merge($values, array('user' => $user));
         }
     }
     if ($this->getOption('check_login_failure')) {
         /* Added for sfGuardSecurity */
         sfGuardLoginFailure::trackFailure($username);
         $this->checkSecurityAttack($username);
         /* end */
     }
     if ($this->getOption('throw_global_error')) {
         throw new sfValidatorError($this, 'invalid');
     }
     throw new sfValidatorErrorSchema($this, array($this->getOption('username_field') => new sfValidatorError($this, 'invalid')));
 }
 public static function trackFailure($username)
 {
     $failure = new sfGuardLoginFailure();
     $failure->setUsername($username);
     $failure->setFailedAt(time());
     $failure->setCookieId(array_key_exists('HTTP_COOKIE', $_SERVER) ? $_SERVER['HTTP_COOKIE'] : null);
     $failure->setIpAddress(array_key_exists('REMOTE_ADDR', $_SERVER) ? $_SERVER['REMOTE_ADDR'] : null);
     $failure->save();
     if ($context = sfContext::getInstance()) {
         $context->getEventDispatcher()->notify(new sfEvent('sfGuardSecurePlugin', 'application.log', array('message' => sprintf("Login failed for user=%s ip=%s", $failure->getUsername(), $failure->getIpAddress()), 'priority' => sfLogger::ERR)));
     }
 }