static function setFailedLoginAttempts($userID, $value = false, $setByForce = false) { $trustedUser = eZUser::isTrusted(); // If user is trusted we should stop processing if ($trustedUser and !$setByForce) { return true; } $maxNumberOfFailedLogin = eZUser::maxNumberOfFailedLogin(); if ($maxNumberOfFailedLogin == '0' and !$setByForce) { return true; } $userID = (int) $userID; $userObject = eZUser::fetch($userID); if (!$userObject) { return true; } $isEnabled = $userObject->isEnabled(); // If current user is disabled we should not continue if (!$isEnabled and !$setByForce) { return true; } $db = eZDB::instance(); $db->begin(); $userVisitArray = $db->arrayQuery("SELECT 1 FROM ezuservisit WHERE user_id={$userID}"); if (isset($userVisitArray[0])) { if ($value === false) { $failedLoginAttempts = $userObject->failedLoginAttempts(); $failedLoginAttempts += 1; } else { $failedLoginAttempts = (int) $value; } $db->query("UPDATE ezuservisit SET failed_login_attempts={$failedLoginAttempts} WHERE user_id={$userID}"); } else { if ($value === false) { $failedLoginAttempts = 1; } else { $failedLoginAttempts = (int) $value; } $db->query("INSERT INTO ezuservisit ( failed_login_attempts, user_id ) VALUES ( {$failedLoginAttempts}, {$userID} )"); } $db->commit(); eZContentCacheManager::clearContentCacheIfNeeded($userID); eZContentCacheManager::generateObjectViewCache($userID); }
// called from outside of a template (?) $requestedURI = $GLOBALS['eZRequestedURI']; if ($requestedURI instanceof eZURI) { $requestedModule = $requestedURI->element(0, false); $requestedView = $requestedURI->element(1, false); if ($requestedModule != 'user' or $requestedView != 'login') { $userRedirectURI = $requestedURI->originalURIString(false); } } } if ($http->hasPostVariable("RegisterButton")) { $Module->redirectToView('register'); } $userIsNotAllowedToLogin = false; $failedLoginAttempts = false; $maxNumOfFailedLogin = !eZUser::isTrusted() ? eZUser::maxNumberOfFailedLogin() : false; // Should we show message about failed login attempt and max number of failed login if ($loginWarning and isset($GLOBALS['eZFailedLoginAttemptUserID'])) { $showMessageIfExceeded = $ini->hasVariable('UserSettings', 'ShowMessageIfExceeded') ? $ini->variable('UserSettings', 'ShowMessageIfExceeded') == 'true' : false; $failedUserID = $GLOBALS['eZFailedLoginAttemptUserID']; $failedLoginAttempts = eZUser::failedLoginAttemptsByUserID($failedUserID); $canLogin = eZUser::isEnabledAfterFailedLogin($failedUserID); if ($showMessageIfExceeded and !$canLogin) { $userIsNotAllowedToLogin = true; } } $tpl = eZTemplate::factory(); $tpl->setVariable('login', $userLogin, 'User'); $tpl->setVariable('post_data', $postData, 'User'); $tpl->setVariable('password', $userPassword, 'User'); $tpl->setVariable('redirect_uri', $userRedirectURI, 'User');