public function recordFailedLogin($ip) { $record = FailedLogins::model()->findActiveByIp($ip); if ($record) { $record->attempts++; } else { $record = new FailedLogins(); $record->IP = $ip; $record->attempts = 1; } $record->lastAttempt = time(); $record->save(); }
/** * Implements login throttling * Reduces the efectiveness of brute force attacks * * @param int $userId */ public function registerUserThrottling($userId) { $failedLogin = new FailedLogins(); $failedLogin->usersId = $userId; $failedLogin->ipAddress = $this->request->getClientAddress(); $failedLogin->attempted = time(); $failedLogin->save(); $attempts = FailedLogins::count(array('ipAddress = ?0 AND attempted >= ?1', 'bind' => array($this->request->getClientAddress(), time() - 3600 * 6))); switch ($attempts) { case 1: case 2: // no delay break; case 3: case 4: sleep(2); break; default: sleep(4); break; } }