public function __construct() { parent::__construct(); $oAffModel = new AffiliateModel(); $oSecurityModel = new SecurityModel(); $sEmail = $this->httpRequest->post('mail'); $sPassword = $this->httpRequest->post('password'); /** Check if the connection is not locked **/ $bIsLoginAttempt = (bool) DbConfig::getSetting('isAffiliateLoginAttempt'); $iMaxAttempts = (int) DbConfig::getSetting('maxAffiliateLoginAttempts'); $iTimeDelay = (int) DbConfig::getSetting('loginAffiliateAttemptTime'); if ($bIsLoginAttempt && !$oSecurityModel->checkLoginAttempt($iMaxAttempts, $iTimeDelay, $sEmail, $this->view, 'Affiliates')) { \PFBC\Form::setError('form_login_aff', Form::loginAttemptsExceededMsg($iTimeDelay)); return; // Stop execution of the method. } // Check Login $sLogin = $oAffModel->login($sEmail, $sPassword, 'Affiliates'); if ($sLogin === 'email_does_not_exist' || $sLogin === 'password_does_not_exist') { sleep(1); // Security against brute-force attack to avoid drowning the server and the database if ($sLogin === 'email_does_not_exist') { $this->session->set('captcha_enabled', 1); // Enable Captcha \PFBC\Form::setError('form_login_aff', t('Oops! "%0%" is not associated with any %site_name% account.', escape(substr($sEmail, 0, PH7_MAX_EMAIL_LENGTH)))); $oSecurityModel->addLoginLog($sEmail, 'Guest', 'No Password', 'Failed! Incorrect Username', 'Affiliates'); } elseif ($sLogin === 'password_does_not_exist') { $oSecurityModel->addLoginLog($sEmail, 'Guest', $sPassword, 'Failed! Incorrect Password', 'Affiliates'); if ($bIsLoginAttempt) { $oSecurityModel->addLoginAttempt('Affiliates'); } $this->session->set('captcha_enabled', 1); // Enable Captcha $sWrongPwdTxt = t('Oops! This password you entered is incorrect.') . '<br />'; $sWrongPwdTxt .= t('Please try again (make sure your caps lock is off).') . '<br />'; $sWrongPwdTxt .= t('Forgot your password? <a href="%0%">Request a new one</a>.', Uri::get('lost-password', 'main', 'forgot', 'affiliate')); \PFBC\Form::setError('form_login_aff', $sWrongPwdTxt); } } else { $oSecurityModel->clearLoginAttempts('Affiliates'); $this->session->remove('captcha_enabled'); $iId = $oAffModel->getId($sEmail, null, 'Affiliates'); $oAffData = $oAffModel->readProfile($iId, 'Affiliates'); if (true !== ($mStatus = (new AffiliateCore())->checkAccountStatus($oAffData))) { \PFBC\Form::setError('form_login_aff', $mStatus); } else { // Is disconnected if the user is logged on as "user" or "administrator". if (UserCore::auth() || AdminCore::auth()) { $this->session->destroy(); } // Regenerate the session ID to prevent the session fixation $this->session->regenerateId(); $aSessionData = ['affiliate_id' => $oAffData->profileId, 'affiliate_email' => $oAffData->email, 'affiliate_username' => $oAffData->username, 'affiliate_first_name' => $oAffData->firstName, 'affiliate_sex' => $oAffData->sex, 'affiliate_ip' => Ip::get(), 'affiliate_http_user_agent' => $this->browser->getUserAgent(), 'affiliate_token' => Various::genRnd($oAffData->email)]; $this->session->set($aSessionData); $oSecurityModel->addLoginLog($oAffData->email, $oAffData->username, '*****', 'Logged in!', 'Affiliates'); $oAffModel->setLastActivity($oAffData->profileId, 'Affiliates'); Header::redirect(Uri::get('affiliate', 'account', 'index'), t('You are successfully logged!')); } } }
public function __construct() { parent::__construct(); $sIp = Ip::get(); $oAdminModel = new AdminModel(); $oSecurityModel = new SecurityModel(); $sEmail = $this->httpRequest->post('mail'); $sUsername = $this->httpRequest->post('username'); $sPassword = $this->httpRequest->post('password'); /*** Security IP Login ***/ $sIpLogin = DbConfig::getSetting('ipLogin'); /*** Check if the connection is not locked ***/ $bIsLoginAttempt = (bool) DbConfig::getSetting('isAdminLoginAttempt'); $iMaxAttempts = (int) DbConfig::getSetting('maxAdminLoginAttempts'); $iTimeDelay = (int) DbConfig::getSetting('loginAdminAttemptTime'); if ($bIsLoginAttempt && !$oSecurityModel->checkLoginAttempt($iMaxAttempts, $iTimeDelay, $sEmail, $this->view, 'Admins')) { \PFBC\Form::setError('form_admin_login', Form::loginAttemptsExceededMsg($iTimeDelay)); return; // Stop execution of the method. } /*** Check Login ***/ $bIsLogged = $oAdminModel->adminLogin($sEmail, $sUsername, $sPassword); $bIsIpBanned = !empty($sIpLogin) && $sIpLogin !== $sIp; if (!$bIsLogged || $bIsIpBanned) { sleep(2); // Security against brute-force attack to avoid drowning the server and the database if (!$bIsLogged) { $oSecurityModel->addLoginLog($sEmail, $sUsername, $sPassword, 'Failed! Incorrect Email, Username or Password', 'Admins'); if ($bIsLoginAttempt) { $oSecurityModel->addLoginAttempt('Admins'); } $this->session->set('captcha_admin_enabled', 1); // Enable Captcha \PFBC\Form::setError('form_admin_login', t('"Email", "Username" or "Password" is Incorrect')); } elseif ($bIsIpBanned) { $this->session->set('captcha_admin_enabled', 1); // Enable Captcha \PFBC\Form::setError('form_admin_login', t('Incorrect Login!')); $oSecurityModel->addLoginLog($sEmail, $sUsername, $sPassword, 'Failed! Bad Ip adress', 'Admins'); } } else { $oSecurityModel->clearLoginAttempts('Admins'); $this->session->remove('captcha_admin_enabled'); // Is disconnected if the user is logged on as "user" or "affiliate". if (UserCore::auth() || AffiliateCore::auth()) { $this->session->destroy(); } $iId = $oAdminModel->getId($sEmail, null, 'Admins'); $oAdminData = $oAdminModel->readProfile($iId, 'Admins'); // Regenerate the session ID to prevent the session fixation $this->session->regenerateId(); $aSessionData = array('admin_id' => $oAdminData->profileId, 'admin_email' => $oAdminData->email, 'admin_username' => $oAdminData->username, 'admin_first_name' => $oAdminData->firstName, 'admin_ip' => $sIp, 'admin_http_user_agent' => $this->browser->getUserAgent(), 'admin_token' => Various::genRnd($oAdminData->email)); $this->session->set($aSessionData); $oSecurityModel->addLoginLog($sEmail, $sUsername, '*****', 'Logged in!', 'Admins'); $oAdminModel->setLastActivity($oAdminData->profileId, 'Admins'); HeaderUrl::redirect(Uri::get(PH7_ADMIN_MOD, 'main', 'index'), t('You signup is successfully!')); } }
public function __construct() { parent::__construct(); $oUserModel = new UserCoreModel(); $oSecurityModel = new SecurityModel(); $sEmail = $this->httpRequest->post('mail'); $sPassword = $this->httpRequest->post('password'); /** Check if the connection is not locked **/ $bIsLoginAttempt = (bool) DbConfig::getSetting('isUserLoginAttempt'); $iMaxAttempts = (int) DbConfig::getSetting('maxUserLoginAttempts'); $iTimeDelay = (int) DbConfig::getSetting('loginUserAttemptTime'); if ($bIsLoginAttempt && !$oSecurityModel->checkLoginAttempt($iMaxAttempts, $iTimeDelay, $sEmail, $this->view)) { \PFBC\Form::setError('form_login_user', Form::loginAttemptsExceededMsg($iTimeDelay)); return; // Stop execution of the method. } // Check Login $sLogin = $oUserModel->login($sEmail, $sPassword); if ($sLogin === 'email_does_not_exist' || $sLogin === 'password_does_not_exist') { sleep(1); // Security against brute-force attack to avoid drowning the server and the database if ($sLogin === 'email_does_not_exist') { $this->session->set('captcha_enabled', 1); // Enable Captcha \PFBC\Form::setError('form_login_user', t('Oops! "%0%" is not associated with any %site_name% account.', escape(substr($sEmail, 0, PH7_MAX_EMAIL_LENGTH)))); $oSecurityModel->addLoginLog($sEmail, 'Guest', 'No Password', 'Failed! Incorrect Username'); } elseif ($sLogin === 'password_does_not_exist') { $oSecurityModel->addLoginLog($sEmail, 'Guest', $sPassword, 'Failed! Incorrect Password'); if ($bIsLoginAttempt) { $oSecurityModel->addLoginAttempt(); } $this->session->set('captcha_enabled', 1); // Enable Captcha $sWrongPwdTxt = t('Oops! This password you entered is incorrect.') . '<br />'; $sWrongPwdTxt .= t('Please try again (make sure your caps lock is off).') . '<br />'; $sWrongPwdTxt .= t('Forgot your password? <a href="%0%">Request a new one</a>.', Uri::get('lost-password', 'main', 'forgot', 'user')); \PFBC\Form::setError('form_login_user', $sWrongPwdTxt); } } else { $oSecurityModel->clearLoginAttempts(); $this->session->remove('captcha_enabled'); $iId = $oUserModel->getId($sEmail); $oUserData = $oUserModel->readProfile($iId); if ($this->httpRequest->postExists('remember')) { // We hash again the password (new Framework\Cookie\Cookie())->set(array('member_remember' => Security::hashCookie($oUserData->password), 'member_id' => $oUserData->profileId)); } $oUser = new UserCore(); if (true !== ($mStatus = $oUser->checkAccountStatus($oUserData))) { \PFBC\Form::setError('form_login_user', $mStatus); } else { $oUser->setAuth($oUserData, $oUserModel, $this->session); Header::redirect(Uri::get('user', 'account', 'index'), t('You are successfully logged!')); } } }