/** * Checks if we need to use a captcha and deactivates the original captcha. */ protected function readParameters($eventObj, $className) { // deactivate original captcha WCF::getSession()->register('captchaDone', true); if ($eventObj instanceof UserLoginForm) { if (LOGIN_USE_CAPTCHA) { $this->useCaptcha = true; } // workaround for for WBBs FaileLoginListener if (defined('FAILED_LOGIN_IP_CAPTCHA') && FAILED_LOGIN_IP_CAPTCHA > 0) { require_once WCF_DIR . 'lib/data/user/login/FailedLogin.class.php'; $failedLogins = FailedLogin::countFailedLogins(); if ($failedLogins >= FAILED_LOGIN_IP_CAPTCHA) { $this->useCaptcha = true; $this->forcedCaptcha = true; if (isset($_POST['captchaID'])) { // THIS is really dirty, but it is impossible to make a better workaround for this require_once WCF_DIR . 'lib/data/image/captcha/Captcha.class.php'; $captcha = new Captcha(intval($_POST['captchaID'])); $_POST['captchaString'] = $captcha->captchaString; } } } } elseif ($eventObj instanceof RegisterForm && REGISTER_USE_CAPTCHA) { $this->useCaptcha = true; } else { if (!$eventObj instanceof UserLoginForm && !$eventObj instanceof RegisterForm) { $this->useCaptcha = $eventObj->useCaptcha; } } if (WCF::getUser()->userID || WCF::getSession()->getVar('reCaptchaDone') && !$this->forcedCaptcha) { $this->useCaptcha = false; } }
/** * @see EventListener::execute() */ public function execute($eventObj, $className, $eventName) { if (FAILED_LOGIN_IP_CAPTCHA > 0 || FAILED_LOGIN_IP_BAN > 0) { if ($eventName == 'readParameters') { // get number of failed logins require_once WCF_DIR . 'lib/data/user/login/FailedLogin.class.php'; $failedLogins = FailedLogin::countFailedLogins(); if (FAILED_LOGIN_IP_BAN > 0 && $failedLogins >= FAILED_LOGIN_IP_BAN) { throw new PermissionDeniedException(); } else { if (FAILED_LOGIN_IP_CAPTCHA > 0 && $failedLogins >= FAILED_LOGIN_IP_CAPTCHA) { if (!$eventObj instanceof UserLoginForm || !LOGIN_USE_CAPTCHA || WCF::getSession()->getVar('captchaDone')) { $this->useCaptcha = true; } } } } else { if ($eventName == 'readFormParameters') { if ($this->useCaptcha) { if (isset($_POST['captchaID'])) { $this->captchaID = intval($_POST['captchaID']); } if (isset($_POST['captchaString'])) { $this->captchaString = StringUtil::trim($_POST['captchaString']); } } } else { if ($eventName == 'validate') { if ($this->useCaptcha) { $this->captcha = new Captcha($this->captchaID); $this->captcha->validate($this->captchaString); } } else { if ($eventName == 'save') { // delete captcha if ($this->useCaptcha) { $this->captcha->delete(); } } else { if ($eventName == 'readData') { // captcha $this->captchaID = 0; if ($this->useCaptcha) { $this->captchaID = Captcha::create(); } // save failed logins if ($eventObj->errorField == 'username' || $eventObj->errorField == 'password') { require_once WCF_DIR . 'lib/data/user/login/FailedLoginEditor.class.php'; FailedLoginEditor::create($eventObj instanceof UserLoginForm ? 'user' : 'admin', $eventObj->user !== null ? $eventObj->userID : 0, $eventObj->username, TIME_NOW, WCF::getSession()->ipAddress, WCF::getSession()->userAgent); } } else { if ($eventName == 'assignVariables') { if ($this->useCaptcha) { WCF::getTPL()->assign(array('captchaID' => $this->captchaID, 'errorField' => $eventObj->errorField, 'errorType' => $eventObj->errorType)); WCF::getTPL()->append('additionalFields', WCF::getTPL()->fetch('captcha')); WCF::getTPL()->clearAssign('captchaID'); } } } } } } } } }