Пример #1
0
 public static function getInstance()
 {
     if (!isset(self::$instance)) {
         self::$instance = new LockoutEngine();
     }
     return self::$instance;
 }
 public static function run($inContent = '')
 {
     $lockoutEngine = LockoutEngine::getInstance();
     $lockout = $lockoutEngine->getLockout($_SERVER['REMOTE_ADDR']);
     if ($lockout === false) {
         return;
     }
     $lockoutEngine->removeLockout($lockout);
 }
Пример #3
0
 public function logIn($userName, $password)
 {
     if (!is_string($userName)) {
         return false;
     }
     if (!is_string($password)) {
         return false;
     }
     if ($this->isLoggedIn) {
         return true;
     }
     if (LockoutEngine::getInstance()->isLockedOut($_SERVER['REMOTE_ADDR'])) {
         return false;
     }
     //repeated twice just in case a plugin logs the user in
     if ($this->isLoggedIn) {
         return true;
     }
     $database = Database::getInstance();
     $database->connect();
     if (!$database->isConnected()) {
         return false;
     }
     $userName = $database->escapeString(trim($userName));
     $column = 'userID, roleID, userName, givenIdentifier, password, firstName, lastName, email, profilePictureLocation, birthday';
     $table = 'user';
     $where = '((email = \'' . $userName . '\') OR (userName = \'' . $userName . '\') OR (givenIdentifier = \'' . $userName . '\'))';
     if ($database->isConnected()) {
         $results = $database->getData($column, $table, $where);
     } else {
         $results = null;
     }
     //If there weren't any accounts found or too many accounts found
     if ($results === null) {
         return false;
     }
     if (count($results) > 1) {
         return false;
     }
     $dbPassword = $results[0]['password'];
     if (!Hasher::verifyHash($password, $dbPassword)) {
         return false;
     }
     self::setUserSession(new CurrentUser($results[0]['userID'], $results[0]['roleID'], $results[0]['givenIdentifier'], $results[0]['userName'], $results[0]['firstName'], $results[0]['lastName'], $results[0]['email'], new Link($results[0]['profilePictureLocation'], true), new DateTime($results[0]['birthday']), true));
     $this->isLoggedIn = true;
     $userID = $database->escapeString($this->getUserID());
     $database->updateTable('user', 'lastAccess = CURRENT_TIMESTAMP', "userID={$userID}");
     return true;
 }
Пример #4
0
 private function minutesLeftInLockout()
 {
     $lockoutEngine = LockoutEngine::getInstance();
     $lockout = $lockoutEngine->getLockout($_SERVER['REMOTE_ADDR']);
     if ($lockout === false) {
         return $lockoutEngine->getLockoutPeriod();
     }
     $totalLockoutLength = $lockout->getNumberOfFailedAttempts() * $lockoutEngine->getLockoutPeriod();
     $lockoutStart = clone $lockout->lastUpdated();
     $lockedOutUntil = $lockoutStart->add(DateInterval::createFromDateString($totalLockoutLength . ' minutes'));
     $currentTime = new DateTime();
     $minutesLeft = $currentTime->diff($lockedOutUntil);
     $minutesLeft = $minutesLeft->days * 24 * 60 + $minutesLeft->h * 60 + $minutesLeft->i;
     $minutesLeft += 1;
     return $minutesLeft;
 }
Пример #5
0
 public function __construct(Request $request)
 {
     $inParams = $request->getParameters(true);
     if (isset($inParams[3])) {
         $this->response = Response::fourOhFour();
         return;
     }
     if ($inParams[1] !== "forgotPassword") {
         $this->response = Response::fourOhFour();
         return;
     }
     $this->request = $request;
     $lockoutEngine = LockoutEngine::getInstance();
     if ($lockoutEngine->isLockedOut($_SERVER['REMOTE_ADDR'])) {
         $this->response = Response::redirect(new Link("users/login"));
         return;
     }
     if (isset($inParams[2])) {
         $this->secondStep($inParams[2]);
         return;
     }
     $this->forgotPasswordContent();
 }
 public static function run($inContent = '')
 {
     $lockoutEngine = LockoutEngine::getInstance();
     $lockout = $lockoutEngine->getLockout($_SERVER['REMOTE_ADDR']);
     if ($lockout === false) {
         $attempts = $lockoutEngine->getNumberOfAttemptsBeforeLockout();
         $lockout = new Lockout($_SERVER['REMOTE_ADDR'], 1, new DateTime(), $attempts);
         $lockoutEngine->addLockout($lockout);
         $period = $lockoutEngine->getLockoutPeriod();
         $notice = new Notice('warning', "You have {$attempts} attempts left before you're locked out for {$period} minutes.");
         NoticeEngine::getInstance()->addNotice($notice);
         return;
     }
     $lockout->failedAttemptMade();
     $lockoutEngine->setLockout($lockout);
     $attempts = $lockout->getNumberOfAttemptsLeft();
     $period = $lockout->getNumberOfFailedAttempts() * $lockoutEngine->getLockoutPeriod();
     if ($attempts === 1) {
         $notice = new Notice('warning', "You have {$attempts} attempt left before you're locked out for {$period} minutes.");
     } else {
         $notice = new Notice('warning', "You have {$attempts} attempts left before you're locked out for {$period} minutes.");
     }
     NoticeEngine::getInstance()->addNotice($notice);
 }