public function add()
{
$gump = new GUMP();
$gump->validation_rules(array('ip' => 'required|valid_ipv4', 'length' => 'required|integer', 'reason' => 'required'));
$gump->filter_rules(array('ip' => 'trim', 'length' => 'trim|whole_number', 'reason' => 'trim|sanitize_string'));
$valid_data = $gump->run($_POST);
if ($valid_data === false) {
return new ActionResult($this, '/admin/core/ipblock_add', 0, 'Failed to add block!<br />Error: <code>Please check you have completed all fields as instructed.</code>', B_T_FAIL);
}
$ipblock = new IpBan($this->parent->parent);
if ($ipblock->ban($valid_data['reason'], $valid_data['length'], $valid_data['ip'])) {
return new ActionResult($this, '/admin/core/ipblock_view', 1, 'Succeesfully added block!', B_T_SUCCESS);
} else {
return new ActionResult($this, '/admin/core/ipblock_add', 0, 'Failed to add block!', B_T_FAIL);
}
}
public function login()
{
if (Session::get($this::name_space, 'login_attempts') >= 10) {
$ipBan = new IpBan($this->parent->parent);
if ($ipBan->ban('Too many authentication failures', 15)) {
Session::del($this::name_space, 'login_attempts');
return new ActionResult($this, '/', 1, '', B_T_FAIL);
}
}
$user = WebApp::post('user');
$pass = WebApp::post('pwd');
$this->parent->parent->debug($this::name_space . ': Logging in user...');
$user_query = $this->mySQL_r->prepare("SELECT `id`, `username`, `act_b`, `chgPwd`, `en` FROM `core_users` WHERE `username`=? OR `email`=?");
$user_query->bind_param('ss', $user, $user);
$user_query->execute();
$user_query->bind_result($id, $username, $activated, $chgPwd, $enabled);
$user_query->store_result();
// Check we have a user to log into
if ($user_query->num_rows != 1) {
$login_attempts = Session::get($this::name_space, 'login_attempts') === NULL ? 0 : Session::get($this::name_space, 'login_attempts');
$this->parent->parent->logEvent($this::name_space, 'Someone tried to login to user "' . $user . '" except they don\'t exist');
$this->parent->parent->debug($this::name_space . ': Someone tried to login to user "' . $user . '" except they don\'t exist!');
$this->parent->parent->debug($this::name_space . ': Number of attempts ' . $login_attempts);
Session::set($this::name_space, 'login_attempts', $login_attempts + 1);
return new ActionResult($this, '/user/login', 0, 'Invalid username or password!<br />' . PHP_EOL . 'Usernames and passwords are case sensitive.', B_T_FAIL, array('form' => array('pwd' => '')));
}
while ($user_query->fetch()) {
$active = intval($activated);
$changePassword = intval($chgPwd);
$enabled = intval($enabled);
$id = $id;
}
// Have they activated their account?
if (!$active) {
$this->parent->parent->logEvent($this::name_space, 'Unactivated user "' . $username . '" tried to log in');
return new ActionResult($this, '/user/activate', 1, '');
}
// Has the user been disabled?
if (!$enabled) {
$this->parent->parent->logEvent($this::name_space, 'Disabled user "' . $username . '" tried to log in');
return new ActionResult($this, '/user/login', 0, 'Your account has been disabled. Contact the webmaster for further information.', B_T_FAIL, array('form' => array('user' => '', 'pwd' => '')));
}
// Now we can see if they got the password correct
if (!$this->parent->parent->user->authenticate($pass, $id, $username)) {
$login_attempts = Session::get($this::name_space, 'login_attempts') === NULL ? 0 : Session::get($this::name_space, 'login_attempts');
$this->parent->parent->logEvent($this::name_space, $username . ' failed to log in');
$this->parent->parent->debug($this::name_space . ': ' . $username . ' failed to log in');
$this->parent->parent->debug($this::name_space . ': Number of attempts ' . $login_attempts);
Session::set($this::name_space, 'login_attempts', $login_attempts + 1);
return new ActionResult($this, '/user/login', 0, 'Invalid username or password!<br />' . PHP_EOL . 'Usernames and passwords are case sensitive.', B_T_FAIL, array('form' => array('pwd' => '')));
}
// Now we can log them in
Session::del($this::name_space, 'login_attempts');
$this->parent->parent->logEvent($this::name_space, $username . ' logged in');
//Session::regen();
if (!$this->parent->parent->user->session->create($id)) {
$this->parent->parent->logEvent($this::name_space, 'Failed to create token!');
return new ActionResult($this, '/user/login', 0, 'Login failed, please speak to webmaster', B_T_FAIL);
}
Session::set('WebApp.User', 'loggedIn', true);
Session::set('WebApp.User', 'username', $username);
Session::set('WebApp.User', 'userID', $id);
if ($changePassword == 1) {
return new ActionResult($this, '/user/profile/password', 1, '');
}
if (WebApp::post('r') !== NULL && WebApp::post('r') !== '') {
$url = urldecode(WebApp::post('r'));
} else {
$url = '/user';
}
return new ActionResult($this, $url, 1, '');
}
