/**
* Implements login throttling
* Reduces the efectiveness of brute force attacks
*
* @param int $userId
*/
public function registerUserThrottling($userId)
{
$failedLogin = new FailedLogins();
$failedLogin->usersId = $userId;
$failedLogin->ipAddress = $this->request->getClientAddress();
$failedLogin->attempted = time();
$failedLogin->save();
$attempts = FailedLogins::count(array('ipAddress = ?0 AND attempted >= ?1', 'bind' => array($this->request->getClientAddress(), time() - 3600 * 6)));
switch ($attempts) {
case 1:
case 2:
// no delay
break;
case 3:
case 4:
sleep(2);
break;
default:
sleep(4);
break;
}
}
public function recordFailedLogin($ip)
{
$record = FailedLogins::model()->findActiveByIp($ip);
if ($record) {
$record->attempts++;
} else {
$record = new FailedLogins();
$record->IP = $ip;
$record->attempts = 1;
}
$record->lastAttempt = time();
$record->save();
}