public function _login()
{
if (!$_POST || !isset($_POST['login'], $_POST['password']) || trim($_POST['login']) == '') {
go('/');
}
//Check ban and log-in attempts
$attempts_repo = new AdminUsersAttemptsEntityRepository();
$attempts_repo->setWhereIp(IP_LONG);
$attempts_obj = $attempts_repo->getFirstObjectFromCollection();
if ($attempts_obj) {
$attempts = $attempts_obj->getAsArray();
// Got info, check times
if ($attempts && $attempts['failed_attempts']) {
if ($attempts['failed_attempts'] > self::MAX_FAILED_ATTEMPTS && $attempts['last_attempt_ts'] + self::MAX_BAN_TIME > NOW) {
die('IP banned, wait till ' . date('H:i:s', $attempts['last_attempt_ts'] + self::MAX_BAN_TIME));
} elseif ($attempts['failed_attempts'] > self::FIRST_FAILED_ATTEMPTS && $attempts['last_attempt_ts'] + self::FIRST_BAN_TIME > NOW) {
die('IP banned, wait till ' . date('H:i:s', $attempts['last_attempt_ts'] + self::FIRST_BAN_TIME));
}
}
}
// Get user info
$user_collection = new AdminUserRepository();
$user_collection->setWhereLogin($_POST['login']);
$user_collection->setWhereActive(1);
$user_collection->setWherePassword(Users::getInstance()->generateHash($_POST['password']));
/** @var AdminUser $user */
$user = $user_collection->getFirstObjectFromCollection();
if ($user) {
// Removing user's bans
$attempts_repo->deleteObjectCollection();
// Auth in
$this->initLogInProcess($user);
} else {
// Check if no user exist in system
Users::getInstance()->recreateDefaults();
// Log attempt
if (!$attempts_obj || !$attempts_obj->getId()) {
// Check exists already
$attempts_obj = new AdminUsersAttemptsEntity();
$attempts_obj->setIp(IP_LONG);
}
$attempts_obj->setLastAttemptTs(NOW);
$attempts_obj->setFailedAttempts($attempts_obj->getFailedAttempts() + 1);
$attempts_obj->save();
go('/');
}
}