} else { $attempts = $result[0]['attempts'] + 1; $timeout = pow(2, $attempts); $timeout_next = pow(2, $attempts + 1); if ($attempts == 3) { $CFG->language = $result[0]['last_lang'] ? $result[0]['last_lang'] : 'en'; $email = SiteEmail::getRecord('bruteforce-notify'); Email::send($CFG->support_email, $result[0]['email'], $email['title'], $CFG->form_email_from, false, $email['content'], $result[0]); } db_update('site_users_access', $result[0]['id'], array('attempts' => $attempts, 'last' => time()), 'site_user'); if (time() - $result[0]['last'] <= $timeout) { $invalid_login = 1; } } if (!$invalid_login && !$user_id) { $invalid_login = !Encryption::verify_hash($pass1, $result[0]['pass']); if (!$invalid_login) { $sql = "DELETE FROM change_settings WHERE type = 'r' AND site_user = " . $result[0]['id']; db_query($sql); } } } if ($invalid_login) { db_insert('ip_access_log', array('ip' => $ip_int, 'timestamp' => date('Y-m-d H:i:s'), 'login' => 'Y')); echo json_encode(array('error' => 'invalid-login', 'attempts' => $attempts, 'timeout' => $timeout_next)); exit; } if (($result[0]['verified_authy'] == 'Y' || $result[0]['verified_google'] == 'Y') && $result[0]['dont_ask_30_days'] != 'Y') { if ($result[0]['using_sms'] == 'Y') { shell_exec('curl https://api.authy.com/protected/json/sms/' . $result[0]['authy_id'] . '?force=true&api_key=' . $CFG->authy_api_key); }
public static function savePassword($info) { global $CFG; if (!$CFG->session_active || !is_array($info)) { return false; } $status = false; $errors = array(); $error_fields = array(); $invalid_login = false; $info['pass'] = preg_replace($CFG->pass_regex, '', $info['pass']); $info['pass1'] = preg_replace($CFG->pass_regex, '', $info['pass1']); $info['current_pass'] = preg_replace($CFG->pass_regex, '', $info['current_pass']); $invalid_pass = !Encryption::verify_hash($info['current_pass'], User::$info['pass']); if ($invalid_pass) { $errors[] = 'Su contraseña actual no es la correcta.'; $error_fields[] = 'current_pass'; } if (!empty($info['pass']) && $info['pass'] != $info['pass1']) { $errors[] = 'La contraseña no es idéntica a su verificación.'; $error_fields[] = 'pass'; $error_fields[] = 'pass1'; } if (empty($info['pass']) || mb_strlen($info['pass'], 'utf-8') < $CFG->pass_min_chars) { $errors[] = 'Su contraseña debe tener más de ' . $CFG->pass_min_chars . ' caracteres.'; $error_fields[] = 'pass'; } if (count($errors) > 0) { return array('errors' => $errors, 'error_fields' => $error_fields); } db_update('site_users', User::$info['id'], array('pass' => Encryption::hash($info['pass']))); $email = SiteEmail::getRecord('update-password'); Email::send($CFG->contact_email, $info['email'], $email['title'], $CFG->form_email_from, false, $email['content'], $info); return array('messages' => array('¡Su contraseña ha sido actualizada!')); }