/** * Ritorna se l'email e la password passate corrispondono a un utente valido. * * @static * @param string $Email L'email dell'utente che si vuole loggare * @param string $Password La password dell'utente che si vuole loggare * @return bool Se lo login è andata a buon fine o meno */ public static function isValidLogin($Email, $Password) { $Auth = Zend_Auth::getInstance(); $Adapter = self::getAuthAdapter(); $Adapter->setIdentity($Email); $Adapter->setCredential($Password); self::$AuthResult = $Auth->authenticate($Adapter); if (self::$AuthResult->isValid()) { $Auth->getStorage()->write(self::getUserById($Adapter->getResultRowObject()->IDUser)); return true; } else { return false; } }
/** * Set the result for this validator * * @param \Zend_Auth_Result $result * @return boolean True when valid */ protected function setAuthResult(\Zend_Auth_Result $result) { $this->_authResult = $result; return $this->_authResult->isValid(); }
/** * Process everything after authentication. * * @param \Zend_Auth_Result $result */ protected function afterAuthorization(\Zend_Auth_Result $result, $lastAuthorizer = null) { try { $select = $this->db->select(); $select->from('gems__user_login_attempts', array('gula_failed_logins', 'gula_last_failed', 'gula_block_until', new \Zend_Db_Expr('UNIX_TIMESTAMP() - UNIX_TIMESTAMP(gula_last_failed) AS since_last')))->where('gula_login = ?', $this->getLoginName())->where('gula_id_organization = ?', $this->getCurrentOrganizationId())->limit(1); $values = $this->db->fetchRow($select); // The first login attempt if (!$values) { $values['gula_login'] = $this->getLoginName(); $values['gula_id_organization'] = $this->getCurrentOrganizationId(); $values['gula_failed_logins'] = 0; $values['gula_last_failed'] = null; $values['gula_block_until'] = null; $values['since_last'] = $this->failureIgnoreTime + 1; } if ($result->isValid()) { // Reset login failures $values['gula_failed_logins'] = 0; $values['gula_last_failed'] = null; $values['gula_block_until'] = null; } else { // Reset the counters when the last login was longer ago than the delay factor if ($values['since_last'] > $this->failureIgnoreTime) { $values['gula_failed_logins'] = 1; } elseif ($lastAuthorizer === 'pwd') { // Only increment failed login when password failed $values['gula_failed_logins'] += 1; } // If block is already set if ($values['gula_block_until']) { // Do not change it anymore unset($values['gula_block_until']); } else { // Only set the block when needed if ($this->failureBlockCount <= $values['gula_failed_logins']) { $values['gula_block_until'] = new \Zend_Db_Expr('DATE_ADD(CURRENT_TIMESTAMP, INTERVAL ' . $this->failureIgnoreTime . ' SECOND)'); } } // Always record the last fail $values['gula_last_failed'] = new \MUtil_Db_Expr_CurrentTimestamp(); $values['gula_failed_logins'] = max(1, $values['gula_failed_logins']); // Response gets slowly slower $sleepTime = min($values['gula_failed_logins'] - 1, 10) * 2; sleep($sleepTime); // \MUtil_Echo::track($sleepTime, $values, $result->getMessages()); } // Value not saveable unset($values['since_last']); if (isset($values['gula_login'])) { $this->db->insert('gems__user_login_attempts', $values); } else { $where = $this->db->quoteInto('gula_login = ? AND ', $this->getLoginName()); $where .= $this->db->quoteInto('gula_id_organization = ?', $this->getCurrentOrganizationId()); $this->db->update('gems__user_login_attempts', $values, $where); } } catch (\Zend_Db_Exception $e) { // Fall through as this does not work if the database upgrade did not yet run // \MUtil_Echo::r($e); } }
public function authenticate() { if (empty($this->_identity)) { return new Zend_Auth_Result(Zend_Auth_Result::FAILURE_IDENTITY_NOT_FOUND, $this->_identity, array(trlKwf('Please specify a user name.'))); } else { if ($this->_credential === null) { return new Zend_Auth_Result(Zend_Auth_Result::FAILURE_IDENTITY_NOT_FOUND, $this->_identity, array(trlKwf('Please specify a password.'))); } } $cache = $this->_getCache(); $failedLoginsFromThisIp = $cache->load($this->_getCacheId()); if ($failedLoginsFromThisIp && $failedLoginsFromThisIp >= 15) { return new Zend_Auth_Result(Zend_Auth_Result::FAILURE_UNCATEGORIZED, $this->_identity, array(trlKwf('Too many wrong logins.'), trlKwf('There were too many wrong logins from your connection. Please try again in 5 minutes.'))); } $ret = null; $validLogin = false; $row = null; $users = Zend_Registry::get('userModel'); foreach ($users->getAuthMethods() as $auth) { if ($this->_useCookieToken) { if ($auth instanceof Kwf_User_Auth_Interface_AutoLogin) { $row = $auth->getRowById($this->_identity); if ($row) { if ($auth->validateAutoLoginToken($row, $this->_credential)) { $ret = new Zend_Auth_Result(Zend_Auth_Result::SUCCESS, $this->_identity, array(trlKwf('Authentication successful'))); } else { $ret = new Zend_Auth_Result(Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID, $this->_identity, array(trlKwf('Supplied password is invalid'))); } break; } } } else { if ($auth instanceof Kwf_User_Auth_Interface_Password) { $row = $auth->getRowByIdentity($this->_identity); if ($row) { if ($this->_credential == 'test' && Kwf_Config::getValue('debug.testPasswordAllowed')) { $ret = new Zend_Auth_Result(Zend_Auth_Result::SUCCESS, $this->_identity, array(trlKwf('Authentication successful'))); } else { if ($auth->validatePassword($row, $this->_credential)) { $ret = new Zend_Auth_Result(Zend_Auth_Result::SUCCESS, $this->_identity, array(trlKwf('Authentication successful'))); } else { $ret = new Zend_Auth_Result(Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID, $this->_identity, array(trlKwf('Supplied password is invalid'))); } } break; } } } } if (!$row) { $ret = new Zend_Auth_Result(Zend_Auth_Result::FAILURE_IDENTITY_NOT_FOUND, $this->_identity, array(trlKwf('User not existent in this web'))); } else { if ($ret->isValid()) { $users->loginUserRow($row, true); } } if (!$ret->isValid()) { $cache = $this->_getCache(); $failedLoginsFromThisIp = $cache->load($this->_getCacheId()); if (!$failedLoginsFromThisIp) { $failedLoginsFromThisIp = 0; } $failedLoginsFromThisIp++; $cache->save($failedLoginsFromThisIp, $this->_getCacheId()); $this->_sendWrongLoginMail(array('Identity' => $this->_identity)); if ($failedLoginsFromThisIp > 3) { sleep(3); } } return $ret; }
public function setIdentity(Zend_Auth_Result $authResult) { if ($authResult->isValid()) { $this->getStorage()->write($authResult->getIdentity()); } }