public function isValid($value, $context = null) { $registry = Zend_Registry::getInstance(); $credential = Ml_Model_Credential::getInstance(); $this->_setValue($value); $valueString = (string) $value; if (mb_strlen($value) < 6 || mb_strlen($value) > 20) { return false; } if (!$registry->isRegistered('loginUserInfo')) { return false; } $loginUserInfo = $registry->get('loginUserInfo'); $adapter = $credential->getAuthAdapter($loginUserInfo['id'], $value); // Get our authentication adapter and check credentials if ($adapter) { $auth = Zend_Auth::getInstance(); $result = $auth->authenticate($adapter); if ($result->isValid()) { return true; } $this->_error(self::MSG_WRONG_PASSWORD); Ml_Model_AntiAttack::log(Ml_Model_AntiAttack::WRONG_CREDENTIAL); } return false; }
public function cleanantiattackAction() { $maxAge = 24 * 60 * 60; $antiAttack = Ml_Model_AntiAttack::getInstance(); $deleted = $antiAttack->gc($maxAge); echo "Number of rows with age > " . $maxAge . " (seconds) deleted in antiattack: " . $deleted . "\n"; }
public function init() { $registry = Zend_Registry::getInstance(); $config = $registry->get("config"); $auth = Zend_Auth::getInstance(); $this->setMethod('post'); $this->addElementPrefixPath('Ml_Validate', 'Ml/Validate/', Zend_Form_Element::VALIDATE); $this->addElementPrefixPath('Ml_Filter', 'Ml/Filter/', Zend_Form_Element::FILTER); if ($auth->hasIdentity()) { $this->addElement('password', 'currentpassword', array('filters' => array('StringTrim'), 'validators' => array(array('validator' => 'matchPassword')), 'autocomplete' => 'off', 'required' => true, 'label' => 'Current Password:'******'class' => 'span3')); } $this->addElement('password', 'password', array('filters' => array('StringTrim'), 'description' => "Six or more characters required; case-sensitive", 'validators' => array(array('validator' => 'StringLength', 'options' => array(6, 20)), array('validator' => 'Hardpassword'), array('validator' => 'newPassword'), array('validator' => 'newPasswordRepeat')), 'autocomplete' => 'off', 'required' => true, 'label' => 'New Password:'******'class' => 'span3')); $this->addElement('password', 'password_confirm', array('filters' => array('StringTrim'), 'required' => true, 'label' => 'Confirm Password:'******'autocomplete' => 'off', 'class' => 'span3')); if ($registry->isRegistered("changeUserProperPassword")) { $this->addElement(Ml_Model_AntiAttack::captchaElement()); } $this->addElement('submit', 'submit', array('label' => 'Change it!', 'class' => 'btn primary')); if ($config['ssl']) { $this->getElement("submit")->addValidator("Https"); //By default the submit element doesn't display a error decorator $this->getElement("submit")->addDecorator("Errors"); } if ($auth->hasIdentity()) { $this->addElement(Ml_Model_MagicCookies::formElement()); } $this->setAttrib('class', 'form-stacked'); }
public function indexAction() { $registry = Zend_Registry::getInstance(); $auth = Zend_Auth::getInstance(); $config = $registry->get("config"); $sessionConfig = $config['resources']['session']; Ml_Model_AntiAttack::loadRules(); $credential = Ml_Model_Credential::getInstance(); $logger = Ml_Model_Logger::getInstance(); if ($auth->hasIdentity()) { return $this->_forward("goback"); } $request = $this->getRequest(); $form = $credential->loginForm(); if (Ml_Model_AntiAttack::ensureHuman()) { $ensureHuman = true; } else { $ensureHuman = false; } if ($request->isPost()) { ignore_user_abort(true); //A way to sign in only if captcha is right. This is a workaround to //signout if the captcha is wrong. // //I've decided to put the sign in code in the validator itself, //but couldn't find a way to make the password validator //load after the captcha one (but to let it come first in code, //and that's ugly on the screen) and get a result if the //validation worked. Notice that it is only useful when //the captcha is required. if ($form->isValid($request->getPost())) { //@see below $session = Ml_Model_Session::getInstance(); //rememberMe and ForgetMe already regenerates the ID if ($form->getElement("remember_me")->isChecked()) { Zend_Session::rememberMe($sessionConfig['cookie_lifetime']); } else { Zend_Session::ForgetMe(); } $session->associate($auth->getIdentity(), Zend_Session::getId()); $logger->log(array("action" => "login", "username" => $form->getValue("username"))); $this->_forward("goback"); } else { //@see above if ($auth->hasIdentity()) { $auth->clearIdentity(); } $logger->log(array("action" => "login_denied", "username" => $form->getValue("username"))); $this->view->errorlogin = true; } //@end of workaround } $challenge = $form->getElement("challenge"); //don't show missing value in the first time that asks for the captcha if (!$ensureHuman && is_object($challenge)) { $challenge->setErrorMessages(array("missingValue" => '')); } $this->view->loginform = $form; }
public function init() { $this->setMethod('post'); $this->addElementPrefixPath('Ml_Validate', 'Ml/Validate/', Zend_Form_Element::VALIDATE); $this->addElementPrefixPath('Ml_Filter', 'Ml/Filter/', Zend_Form_Element::FILTER); $this->addElement('text', 'recover', array('label' => 'Username or e-mail:', 'required' => true, 'filters' => array('StringTrim', 'StringToLower'), 'validators' => array(array('validator' => 'StringLength', 'options' => array(1, 100)), array('validator' => 'accountRecover')), 'autocomplete' => 'off')); $this->addElement(Ml_Model_AntiAttack::captchaElement()); $this->addElement('submit', 'submit', array('label' => 'E-mail me!', 'class' => 'btn primary')); $this->setAttrib('class', 'form-stacked'); }
public function init() { $this->setMethod('post'); $this->addElementPrefixPath('Ml_Validate', 'Ml/Validate/', Zend_Form_Element::VALIDATE); $this->addElementPrefixPath('Ml_Filter', 'Ml/Filter/', Zend_Form_Element::FILTER); $this->addElement('password', 'password', array('filters' => array('StringTrim'), 'validators' => array(array('validator' => 'matchPassword')), 'required' => true, 'label' => 'Current Password:'******'hash', 'no_csrf_foo', array('salt' => 'K*#%JQk74#$*%Ĉ#%R*b', 'timeout' => 600)); $this->addElement(Ml_Model_AntiAttack::captchaElement()); $this->addElement('submit', 'submit', array('label' => 'Delete your account', 'class' => 'btn danger')); $this->setAttrib('class', 'form-stacked'); }
public function init() { $auth = Zend_Auth::getInstance(); $this->setMethod('post'); $this->addElementPrefixPath('Ml_Validate', 'Ml/Validate/', Zend_Form_Element::VALIDATE); $this->addElementPrefixPath('Ml_Filter', 'Ml/Filter/', Zend_Form_Element::FILTER); $this->addElement('text', 'abuse_reference', array('label' => 'Link to the abuse:', 'required' => true, 'filters' => array('StringTrim', 'UrlFilter'), 'validators' => array(array('validator' => 'StringLength', 'options' => array(1, 512), array('validator' => 'Url'))))); $this->addElement('textarea', 'abuse_description', array('label' => 'Explain (if necessary):', 'required' => false, 'filters' => array('StringTrim'), 'validators' => array(array('validator' => 'StringLength', 'options' => array(1, 2048))))); if (!$auth->hasIdentity()) { $this->addElement(Ml_Model_AntiAttack::captchaElement()); } $this->addElement('submit', 'report_abuse', array('label' => "Let us know", 'required' => false, 'class' => 'btn primary')); $this->setAttrib('class', 'form-stacked'); }
public function init() { $registry = Zend_Registry::getInstance(); $config = $registry->get("config"); $this->setMethod('post'); $this->addElementPrefixPath('Ml_Validate', 'Ml/Validate/', Zend_Form_Element::VALIDATE); $this->addElementPrefixPath('Ml_Filter', 'Ml/Filter/', Zend_Form_Element::FILTER); $this->addElement('text', 'name', array('label' => 'Name:', 'required' => true, 'filters' => array('StringTrim'), 'validators' => array(array('validator' => 'StringLength', 'options' => array(1, 50))))); $email = $this->addElement('text', 'email', array('label' => 'E-mail address:', 'required' => true, 'description' => '<small>Read the <a href="/privacy" class="new-window">' . 'Privacy Policy</a> before proceeding</small>', 'filters' => array('StringTrim', 'StringToLower'), 'validators' => array(array('validator' => 'StringLength', 'options' => array(1, 60)), array('validator' => 'emailNewUser'), array('validator' => 'EmailAddress')))); if ($config['signup']['inviteonly']) { $this->addElement('text', 'invitecode', array('label' => 'Invite code:', 'required' => true, 'autoInsertNotEmptyValidator' => false, 'validators' => array(array('validator' => 'Invite')))); $this->getElement("invitecode")->setAttrib('class', 'span3'); } $this->addElement(Ml_Model_AntiAttack::captchaElement()); $this->addElement('submit', 'submit', array('label' => 'Sign up!', 'class' => 'btn primary')); $this->setAttrib('class', 'form-stacked'); }
public function init() { $registry = Zend_Registry::getInstance(); $config = $registry->get("config"); $this->addElementPrefixPath('Ml_Validate', 'Ml/Validate/', Zend_Form_Element::VALIDATE); $this->addElementPrefixPath('Ml_Filter', 'Ml/Filter/', Zend_Form_Element::FILTER); $this->addElement('text', 'username', array('label' => 'Username or e-mail:', 'required' => true, 'autofocus' => 'autofocus', 'filters' => array('StringTrim', 'StringToLower'), 'validators' => array(array('validator' => 'username')))); $this->getElement("username")->setAttrib('required', 'required'); $this->addElement('password', 'password', array('label' => 'Password:'******'required' => true, 'filters' => array('StringTrim'), 'validators' => array(array('validator' => 'StringLength', 'options' => array(5, 20)), array('validator' => 'password')))); $this->getElement("password")->setAttrib('required', 'required'); $this->addElement('checkbox', 'remember_me', array('label' => 'Remember me')); if (Ml_Model_AntiAttack::ensureHuman()) { $this->addElement(Ml_Model_AntiAttack::captchaElement()); } $login = $this->addElement('submit', 'login', array('required' => false, 'ignore' => true, 'label' => 'Sign in', 'class' => 'btn primary')); if ($config['ssl']) { $this->getElement("login")->addValidator("Https"); //By default the submit element doesn't display a error decorator $this->getElement("login")->addDecorator("Errors"); } $this->getElement("username")->setAttrib('class', 'span3'); $this->getElement("password")->setAttrib('class', 'span3'); $this->setAttrib('class', 'form-stacked'); }
public static function getCode() { $antiAttack = self::getInstance(); if (self::$_code != '') { return self::$_code; } $select = $antiAttack->_dbTable->select()->where("ip = ?", $_SERVER['REMOTE_ADDR'])->where("CURRENT_TIMESTAMP < TIMESTAMP(timestamp, '00:15:00')"); $ip = substr(long2ip(ip2long($_SERVER['REMOTE_ADDR'])), 0, -2) . '%'; $select->orWhere("ip LIKE ?", $ip)->where("CURRENT_TIMESTAMP < TIMESTAMP(timestamp, '00:05:00')"); $loggedMetaInfo = $antiAttack->_dbTable->fetchAll($select); //avoid DoS attacks... //And if something happens with the connection with //the database, it may be handy also. if (!is_object($loggedMetaInfo)) { $behavior = Ml_Model_AntiAttack::ACCESS_FORBIDDEN; } else { $loggedMetaInfoData = $loggedMetaInfo->toArray(); $size = sizeof($loggedMetaInfoData); if ($size > 250) { $behavior = Ml_Model_AntiAttack::ACCESS_FORBIDDEN; } else { if ($size > 8) { $behavior = Ml_Model_AntiAttack::ACCESS_ENSURE_HUMAN; } else { //It defaults to ACCESS_FREE $behavior = Ml_Model_AntiAttack::ACCESS_FREE; } } } self::$_code = $behavior; return $behavior; }