/** * Inline validator for password field. * * @param string * @param array */ public function authenticate($attribute, $params) { if ($this->hasErrors()) { return; } $this->_identity = new UserIdentity($this->username, $this->password); if ($this->_identity->authenticate()) { $this->user->saveAttributes(array('login_attempts' => 0)); $locks = IpBlock::model()->findAllByAttributes(array('ip_addr' => Yii::app()->request->userHostAddress)); foreach ($locks as $lock) { $lock->delete(); } return; } if ($this->user !== null and $this->user->login_attempts < 100) { $this->user->saveAttributes(array('login_attempts' => $this->user->login_attempts + 1)); if ($this->user->login_attempts >= self::LOCK_LOGIN_ATTEMPTS) { $ipblock = new IpBlock(); $ipblock->ip_addr = Yii::app()->request->userHostAddress; $ipblock->id_user = $this->user->id; $ipblock->until_time = time() + 3600; // 3600 => 1 hr $ipblock->save(); } } $this->addError('username', Yii::t('errors', 'Incorrect username and/or password.')); $this->addError('password', Yii::t('errors', 'Incorrect username and/or password.')); }
/** * If there were no login attempt or it failed render login form page * otherwise redirect him to wherever he should return to. * * Also, this endpoint serves as the AJAX endpoint for client-side validation of login info. */ public function run() { $ip_addr = Yii::app()->request->userHostAddress; $locks = IpBlock::model()->findAllByAttributes(array('ip_addr' => $ip_addr)); if (count($locks) > 0) { if ($locks[0]->until_time >= time()) { $this->controller->render('locked'); } else { foreach ($locks as $lock) { if ($lock->id_user) { $locked_user = User::model()->findByPk($lock->id_user); if ($locked_user) { $locked_user->saveAttributes(array('login_attempts' => 0)); } } $lock->delete(); } } } else { $user = Yii::app()->user; $userdata = $user->data(); $this->redirectAwayAlreadyAuthenticatedUsers($user); $model = new FrontendLoginForm(); $request = Yii::app()->request; $this->respondIfAjaxRequest($request, $model); $formData = $request->getPost(get_class($model), false); $show_remaining = false; $remaining_attempts = FrontendLoginForm::LOCK_LOGIN_ATTEMPTS; if ($formData) { $model->attributes = $formData; if ($model->validate(array('username', 'password', 'verifyCode')) && $model->login()) { //Yii::app()->user->setFlash('danger', '<strong>Error!</strong> Ingresa los datos de accesso correctamente.'); $this->controller->redirect($user->returnUrl); } else { $login_attempts = $model->getUser()->login_attempts; $remaining_attempts = FrontendLoginForm::LOCK_LOGIN_ATTEMPTS - $login_attempts; $remaining_attempts = $remaining_attempts >= 0 ? $remaining_attempts : 0; if ($remaining_attempts <= 3) { $show_remaining = true; } } } $this->controller->render('index', compact('model', 'show_remaining', 'remaining_attempts')); } }