/** * Logins the user (performing the brute force attack check) * * @param myUser $userSf * @param PcUser $userApp - the user trying to login * @param boolean $rememberme - whether the user wanted to remember the login * @param boolean $remembermeCookieAlreadySet - in this case, if even * $rememberme is true, the cookie is not set because it is already available * @return boolean - false if the account is blocked because of a brute * force attack detection */ public static function login(myUser $userSf, PcUser $userApp, $rememberme = false, $remembermeCookieAlreadySet = false) { // Check whether the account must be block because of a // brute force attack detection $c = new Criteria(); $c->addJoin(PcUserPeer::ID, PcFailedLoginsPeer::USER_ID, Criteria::INNER_JOIN); $c->add(PcUserPeer::ID, $userApp->getId(), Criteria::EQUAL); $row = PcFailedLoginsPeer::doSelectOne($c); if ($row) { $maxAttempts = sfConfig::get('app_bruteForceLockout_loginAttemptThreshold'); $currentAttempts = $row->getTimes(); $timeout = sfConfig::get('app_bruteForceLockout_lockoutDuration'); $secondsElapsedFromLastAttempt = time() - strtotime($row->getUpdatedAt()); if ($secondsElapsedFromLastAttempt > $timeout) { // reset the 'failed logins' situation for the user $row->delete(); } else { if ($currentAttempts >= $maxAttempts) { PcWatchdog::alert('Brute force attack attempt', 'For the userid ' . $row->getUserId()); return false; } } } $userApp->setLanguage(PcUtils::getVisitorAcceptLanguage()); $userApp->setIpAddress(PcUtils::getVisitorIPAddress()); $userApp->save(); $userSf->setAuthenticated(true); $userSf->setAttribute('userid', $userApp->getId()); if ($userApp->isAdmin()) { $userSf->addCredential('admin'); } if ($userApp->isStaffMember()) { $userSf->addCredential('staffMember'); } if ($userApp->isContractor()) { $userSf->addCredential('contractor'); } if ($userApp->isEditor()) { $userSf->addCredential('editor'); } if ($userApp->isTranslator()) { $userSf->addCredential('translator'); } if ($rememberme && !$remembermeCookieAlreadySet) { self::setRememberMeCookie($userSf, $userApp); } else { if (!$rememberme) { // the user may login a second time (while still logged in because of forum integration problems), without // ticking the rememberme checkbox self::resetRememberMeCookie(); } else { // if $rememberme and $remembermeCookieAlreadySet // are both true we don't need to do anything } } sfContext::getInstance()->getEventDispatcher()->notify(new sfEvent('CustomAuthLogin', 'custom_auth.login', array('user' => $userApp, 'rememberme' => $rememberme))); return true; }
public function executePasswordReset(sfWebRequest $request) { $token = ''; if ($request->getParameter('t')) { $token = $request->getParameter('t'); } else { $param = $request->getParameter('passwordReset'); $token = $param['t']; } $token = trim($token); // if the user is authenticated, they shouldn't get here PcUtils::redirectLoggedInUser($this->getUser(), $this); // Check the token is valid $c = new Criteria(); $c->add(PcPasswordResetTokenPeer::TOKEN, $token, Criteria::EQUAL); $entry = PcPasswordResetTokenPeer::doSelectOne($c); if (!is_object($entry)) { // the token is not valid PcWatchdog::alert('Invalid Password Reset Token', 'This is the token ' . $token); $this->forward('customAuth', 'passwordResetInvalidToken'); } $this->form = new PasswordResetForm(array('t' => $token)); if ($request->isMethod('post')) { $this->form->bind($request->getParameter('passwordReset')); if ($this->form->isValid()) { $fields = $request->getParameter('passwordReset'); $user = CustomAuth::resetPassword($token, $fields['password1']); $this->redirect('/' . sfConfig::get('app_accountApp_frontController')); } } }