public static function getLogger()
{
switch (ENV_RUNTIME) {
case 'M2M':
Logger::configure(bgp_log4php_api_conf());
return Logger::getLogger('api');
break;
default:
Logger::configure(bgp_log4php_def_conf());
return Logger::getLogger(self::getModuleName());
break;
}
}
/**
* Security Counter
*
* Ban a user from being authenticated after unsuccessful attempts
*
* @param none
* @return none
* @access public
*/
public function incrementSecCount()
{
// Increment security counter
if (empty($this->session['SEC_COUNT'])) {
$this->session['SEC_COUNT'] = 1;
} else {
$this->session['SEC_COUNT'] += 1;
}
// Ban the user if too many attempts have been done
// or the user is already banned but keeps trying
if ($this->session['SEC_COUNT'] > CONF_SEC_LOGIN_ATTEMPTS || !empty($this->session['SEC_BAN'])) {
// Time to ban this session
// Reset counter
unset($this->session['SEC_COUNT']);
// Set ban
$this->session['SEC_BAN'] = time() + CONF_SEC_BAN_DURATION;
// Mark the end of the ban
// Log Event
Logger::configure(bgp_log4php_def_conf());
$logger = Logger::getLogger('core.auth');
$logger->info('Session banned.');
}
// Push to global $_SESSION
$_SESSION = $this->session;
}
/**
* User Password Renewal
*
* @param string $username
* @param string $email
* @param optional bool $captcha_validation
*
* @author Nikita Rousseau
*/
public function sendNewPassword($username, $email, $captcha_validation = TRUE)
{
$form = array('username' => $username, 'email' => $email);
$errors = array();
// array to hold validation errors
$data = array();
// array to pass back data
$dbh = Core_DBH::getDBH();
// Get Database Handle
// validate the variables ======================================================
$v = new Valitron\Validator($form);
$rules = ['required' => [['username'], ['email']], 'alphaNum' => [['username']], 'email' => [['email']]];
$v->rules($rules);
$v->validate();
$errors = $v->errors();
// Verify the form =============================================================
if (empty($errors)) {
$username = $form['username'];
$email = $form['email'];
try {
$sth = $dbh->prepare("\n\t\t\t\t\tSELECT user_id, email\n\t\t\t\t\tFROM " . DB_PREFIX . "user\n\t\t\t\t\tWHERE\n\t\t\t\t\t\tusername = :username AND\n\t\t\t\t\t\temail \t = :email AND\n\t\t\t\t\t\tstatus = 'active'\n\t\t\t\t\t;");
$sth->bindParam(':username', $username);
$sth->bindParam(':email', $email);
$sth->execute();
$result = $sth->fetchAll();
} catch (PDOException $e) {
echo $e->getMessage() . ' in ' . $e->getFile() . ' on line ' . $e->getLine();
die;
}
if (!empty($result) && $captcha_validation == TRUE) {
$authService = Core_AuthService::getAuthService();
// Reset Login Attempts
$authService->rsSecCount();
// Reset User Passwd
$plainTextPasswd = bgp_create_random_password(13);
$digestPasswd = Core_AuthService::getHash($plainTextPasswd);
// Update User Passwd
$sth = $dbh->prepare("\n\t\t\t\t\tUPDATE " . DB_PREFIX . "user\n\t\t\t\t\tSET\n\t\t\t\t\t\tpassword \t= :password\n\t\t\t\t\tWHERE\n\t\t\t\t\t\tuser_id\t\t= :user_id\n\t\t\t\t\t;");
$sth->bindParam(':password', $digestPasswd);
$sth->bindParam(':user_id', $result[0]['user_id']);
$sth->execute();
// Send Email
$to = htmlentities($result[0]['email'], ENT_QUOTES);
$subject = T_('Reset Password');
$message = T_('Your password has been reset to:');
$message .= "<br /><br />" . $plainTextPasswd . "<br /><br />";
$message .= T_('With IP') . ': ';
$message .= $_SERVER['REMOTE_ADDR'];
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
$headers .= 'From: Bright Game Panel System <localhost@' . $_SERVER['SERVER_NAME'] . '>' . "\r\n";
$headers .= 'X-Mailer: PHP/' . phpversion();
$mail = mail($to, $subject, $message, $headers);
// Log Event
Logger::configure(bgp_log4php_def_conf());
$logger = Logger::getLogger(self::getLoggerName());
$logger->info('Password reset.');
} else {
// Call security component
$authService = Core_AuthService::getAuthService();
$authService->incrementSecCount();
// Log Event
Logger::configure(bgp_log4php_def_conf());
$logger = Logger::getLogger(self::getLoggerName());
$logger->info('Bad password reset.');
// Messages
if (empty($result)) {
$errors['username'] = T_('Wrong information.');
$errors['email'] = T_('Wrong information.');
}
if ($captcha_validation == FALSE) {
$errors['captcha'] = T_('Wrong CAPTCHA Code.');
}
}
}
// return a response ===========================================================
// response if there are errors
if (!empty($errors)) {
// if there are items in our errors array, return those errors
$data['success'] = false;
$data['errors'] = $errors;
// notification
$authService = Core_AuthService::getAuthService();
if ($authService->isBanned()) {
$data['msgType'] = 'warning';
$data['msg'] = T_('You have been banned') . ' ' . CONF_SEC_BAN_DURATION . ' ' . T_('seconds!');
} else {
$data['msgType'] = 'warning';
$data['msg'] = T_('Invalid information provided!');
}
} else {
if (!$mail) {
// mail delivery error
$data['success'] = false;
// notification
$data['msgType'] = 'danger';
$data['msg'] = T_('An error has occured while sending the email. Contact your system administrator.');
} else {
$data['success'] = true;
}
}
// return all our data to an AJAX call
return $data;
}
