/**
* In the case of wrong authentication, check whether
* a brute force attack is ongoing
*
* @param string $email - the email address of the user who
* tried to login and failed
*/
public static function checkAgainstBruteForceAttack($email)
{
$c = new Criteria();
$c->add(PcUserPeer::EMAIL, $email, Criteria::EQUAL);
$userToCheck = PcUserPeer::doSelectOne($c);
$c = new Criteria();
$c->addJoin(PcUserPeer::ID, PcFailedLoginsPeer::USER_ID);
$c->add(PcUserPeer::ID, $userToCheck->getId(), Criteria::EQUAL);
$row = PcFailedLoginsPeer::doSelectOne($c);
if ($row) {
$maxAttempts = sfConfig::get('app_bruteForceLockout_loginAttemptThreshold');
$currentAttempts = $row->getTimes();
$timeout = sfConfig::get('app_bruteForceLockout_lockoutDuration');
$secondsElapsedFromLastAttempt = time() - strtotime($row->getUpdatedAt());
if ($secondsElapsedFromLastAttempt > $timeout) {
// reset the 'failed logins' situation for the user
$row->delete();
} else {
if ($currentAttempts >= $maxAttempts) {
return true;
} else {
$row->setTimes($row->getTimes() + 1);
$row->save();
}
}
} else {
// insert a new row for the user
$failedLogins = new PcFailedLogins();
$failedLogins->setUser($userToCheck);
$failedLogins->setTimes(1);
$failedLogins->save();
}
return false;
}
