/**
* Returns true if and only if $value meets the validation requirements
*
* If $value fails validation, then this method returns false, and
* getMessages() will return an array of messages that explain why the
* validation failed.
*
* @param mixed $value
* @return boolean
* @throws \Zend_Valid_Exception If validation of $value is impossible
*/
public function isValid($value)
{
if ($throttleSettings = $this->project->getAskThrottleSettings()) {
// Prune the database for (very) old attempts
$where = $this->db->quoteInto('gta_datetime < DATE_SUB(NOW(), INTERVAL ? second)', $throttleSettings['period'] * 20);
$this->db->delete('gems__token_attempts', $where);
// Retrieve the number of failed attempts that occurred within the specified window
$select = $this->db->select();
$select->from('gems__token_attempts', array(new \Zend_Db_Expr('COUNT(*) AS attempts'), new \Zend_Db_Expr('UNIX_TIMESTAMP(MAX(gta_datetime)) - UNIX_TIMESTAMP() AS last')))->where('gta_datetime > DATE_SUB(NOW(), INTERVAL ? second)', $throttleSettings['period']);
$attemptData = $this->db->fetchRow($select);
$remainingDelay = $attemptData['last'] + $throttleSettings['delay'];
// \MUtil_Echo::track($throttleSettings, $attemptData, $remainingDelay);
if ($attemptData['attempts'] > $throttleSettings['threshold'] && $remainingDelay > 0) {
$this->logger->log("Possible token brute force attack, throttling for {$remainingDelay} seconds", \Zend_Log::ERR);
$this->_messages = $this->translate->_('The server is currently busy, please wait a while and try again.');
return false;
}
}
// The pure token check
if ($this->isValidToken($value)) {
return true;
}
$max_length = $this->tracker->getTokenLibrary()->getLength();
$this->db->insert('gems__token_attempts', array('gta_id_token' => substr($value, 0, $max_length), 'gta_ip_address' => $this->getRequest()->getClientIp()));
return false;
}
