/**
* Logins the user (performing the brute force attack check)
*
* @param myUser $userSf
* @param PcUser $userApp - the user trying to login
* @param boolean $rememberme - whether the user wanted to remember the login
* @param boolean $remembermeCookieAlreadySet - in this case, if even
* $rememberme is true, the cookie is not set because it is already available
* @return boolean - false if the account is blocked because of a brute
* force attack detection
*/
public static function login(myUser $userSf, PcUser $userApp, $rememberme = false, $remembermeCookieAlreadySet = false)
{
// Check whether the account must be block because of a
// brute force attack detection
$c = new Criteria();
$c->addJoin(PcUserPeer::ID, PcFailedLoginsPeer::USER_ID, Criteria::INNER_JOIN);
$c->add(PcUserPeer::ID, $userApp->getId(), Criteria::EQUAL);
$row = PcFailedLoginsPeer::doSelectOne($c);
if ($row) {
$maxAttempts = sfConfig::get('app_bruteForceLockout_loginAttemptThreshold');
$currentAttempts = $row->getTimes();
$timeout = sfConfig::get('app_bruteForceLockout_lockoutDuration');
$secondsElapsedFromLastAttempt = time() - strtotime($row->getUpdatedAt());
if ($secondsElapsedFromLastAttempt > $timeout) {
// reset the 'failed logins' situation for the user
$row->delete();
} else {
if ($currentAttempts >= $maxAttempts) {
PcWatchdog::alert('Brute force attack attempt', 'For the userid ' . $row->getUserId());
return false;
}
}
}
$userApp->setLanguage(PcUtils::getVisitorAcceptLanguage());
$userApp->setIpAddress(PcUtils::getVisitorIPAddress());
$userApp->save();
$userSf->setAuthenticated(true);
$userSf->setAttribute('userid', $userApp->getId());
if ($userApp->isAdmin()) {
$userSf->addCredential('admin');
}
if ($userApp->isStaffMember()) {
$userSf->addCredential('staffMember');
}
if ($userApp->isContractor()) {
$userSf->addCredential('contractor');
}
if ($userApp->isEditor()) {
$userSf->addCredential('editor');
}
if ($userApp->isTranslator()) {
$userSf->addCredential('translator');
}
if ($rememberme && !$remembermeCookieAlreadySet) {
self::setRememberMeCookie($userSf, $userApp);
} else {
if (!$rememberme) {
// the user may login a second time (while still logged in because of forum integration problems), without
// ticking the rememberme checkbox
self::resetRememberMeCookie();
} else {
// if $rememberme and $remembermeCookieAlreadySet
// are both true we don't need to do anything
}
}
sfContext::getInstance()->getEventDispatcher()->notify(new sfEvent('CustomAuthLogin', 'custom_auth.login', array('user' => $userApp, 'rememberme' => $rememberme)));
return true;
}
public function executePasswordReset(sfWebRequest $request)
{
$token = '';
if ($request->getParameter('t')) {
$token = $request->getParameter('t');
} else {
$param = $request->getParameter('passwordReset');
$token = $param['t'];
}
$token = trim($token);
// if the user is authenticated, they shouldn't get here
PcUtils::redirectLoggedInUser($this->getUser(), $this);
// Check the token is valid
$c = new Criteria();
$c->add(PcPasswordResetTokenPeer::TOKEN, $token, Criteria::EQUAL);
$entry = PcPasswordResetTokenPeer::doSelectOne($c);
if (!is_object($entry)) {
// the token is not valid
PcWatchdog::alert('Invalid Password Reset Token', 'This is the token ' . $token);
$this->forward('customAuth', 'passwordResetInvalidToken');
}
$this->form = new PasswordResetForm(array('t' => $token));
if ($request->isMethod('post')) {
$this->form->bind($request->getParameter('passwordReset'));
if ($this->form->isValid()) {
$fields = $request->getParameter('passwordReset');
$user = CustomAuth::resetPassword($token, $fields['password1']);
$this->redirect('/' . sfConfig::get('app_accountApp_frontController'));
}
}
}
