public static function getLogger() { switch (ENV_RUNTIME) { case 'M2M': Logger::configure(bgp_log4php_api_conf()); return Logger::getLogger('api'); break; default: Logger::configure(bgp_log4php_def_conf()); return Logger::getLogger(self::getModuleName()); break; } }
/** * Security Counter * * Ban a user from being authenticated after unsuccessful attempts * * @param none * @return none * @access public */ public function incrementSecCount() { // Increment security counter if (empty($this->session['SEC_COUNT'])) { $this->session['SEC_COUNT'] = 1; } else { $this->session['SEC_COUNT'] += 1; } // Ban the user if too many attempts have been done // or the user is already banned but keeps trying if ($this->session['SEC_COUNT'] > CONF_SEC_LOGIN_ATTEMPTS || !empty($this->session['SEC_BAN'])) { // Time to ban this session // Reset counter unset($this->session['SEC_COUNT']); // Set ban $this->session['SEC_BAN'] = time() + CONF_SEC_BAN_DURATION; // Mark the end of the ban // Log Event Logger::configure(bgp_log4php_def_conf()); $logger = Logger::getLogger('core.auth'); $logger->info('Session banned.'); } // Push to global $_SESSION $_SESSION = $this->session; }
/** * User Password Renewal * * @param string $username * @param string $email * @param optional bool $captcha_validation * * @author Nikita Rousseau */ public function sendNewPassword($username, $email, $captcha_validation = TRUE) { $form = array('username' => $username, 'email' => $email); $errors = array(); // array to hold validation errors $data = array(); // array to pass back data $dbh = Core_DBH::getDBH(); // Get Database Handle // validate the variables ====================================================== $v = new Valitron\Validator($form); $rules = ['required' => [['username'], ['email']], 'alphaNum' => [['username']], 'email' => [['email']]]; $v->rules($rules); $v->validate(); $errors = $v->errors(); // Verify the form ============================================================= if (empty($errors)) { $username = $form['username']; $email = $form['email']; try { $sth = $dbh->prepare("\n\t\t\t\t\tSELECT user_id, email\n\t\t\t\t\tFROM " . DB_PREFIX . "user\n\t\t\t\t\tWHERE\n\t\t\t\t\t\tusername = :username AND\n\t\t\t\t\t\temail \t = :email AND\n\t\t\t\t\t\tstatus = 'active'\n\t\t\t\t\t;"); $sth->bindParam(':username', $username); $sth->bindParam(':email', $email); $sth->execute(); $result = $sth->fetchAll(); } catch (PDOException $e) { echo $e->getMessage() . ' in ' . $e->getFile() . ' on line ' . $e->getLine(); die; } if (!empty($result) && $captcha_validation == TRUE) { $authService = Core_AuthService::getAuthService(); // Reset Login Attempts $authService->rsSecCount(); // Reset User Passwd $plainTextPasswd = bgp_create_random_password(13); $digestPasswd = Core_AuthService::getHash($plainTextPasswd); // Update User Passwd $sth = $dbh->prepare("\n\t\t\t\t\tUPDATE " . DB_PREFIX . "user\n\t\t\t\t\tSET\n\t\t\t\t\t\tpassword \t= :password\n\t\t\t\t\tWHERE\n\t\t\t\t\t\tuser_id\t\t= :user_id\n\t\t\t\t\t;"); $sth->bindParam(':password', $digestPasswd); $sth->bindParam(':user_id', $result[0]['user_id']); $sth->execute(); // Send Email $to = htmlentities($result[0]['email'], ENT_QUOTES); $subject = T_('Reset Password'); $message = T_('Your password has been reset to:'); $message .= "<br /><br />" . $plainTextPasswd . "<br /><br />"; $message .= T_('With IP') . ': '; $message .= $_SERVER['REMOTE_ADDR']; $headers = 'MIME-Version: 1.0' . "\r\n"; $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n"; $headers .= 'From: Bright Game Panel System <localhost@' . $_SERVER['SERVER_NAME'] . '>' . "\r\n"; $headers .= 'X-Mailer: PHP/' . phpversion(); $mail = mail($to, $subject, $message, $headers); // Log Event Logger::configure(bgp_log4php_def_conf()); $logger = Logger::getLogger(self::getLoggerName()); $logger->info('Password reset.'); } else { // Call security component $authService = Core_AuthService::getAuthService(); $authService->incrementSecCount(); // Log Event Logger::configure(bgp_log4php_def_conf()); $logger = Logger::getLogger(self::getLoggerName()); $logger->info('Bad password reset.'); // Messages if (empty($result)) { $errors['username'] = T_('Wrong information.'); $errors['email'] = T_('Wrong information.'); } if ($captcha_validation == FALSE) { $errors['captcha'] = T_('Wrong CAPTCHA Code.'); } } } // return a response =========================================================== // response if there are errors if (!empty($errors)) { // if there are items in our errors array, return those errors $data['success'] = false; $data['errors'] = $errors; // notification $authService = Core_AuthService::getAuthService(); if ($authService->isBanned()) { $data['msgType'] = 'warning'; $data['msg'] = T_('You have been banned') . ' ' . CONF_SEC_BAN_DURATION . ' ' . T_('seconds!'); } else { $data['msgType'] = 'warning'; $data['msg'] = T_('Invalid information provided!'); } } else { if (!$mail) { // mail delivery error $data['success'] = false; // notification $data['msgType'] = 'danger'; $data['msg'] = T_('An error has occured while sending the email. Contact your system administrator.'); } else { $data['success'] = true; } } // return all our data to an AJAX call return $data; }