CoreLibs/development
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update login to use two last error vars

Browse Source 
First error date for the first error occured, last one for the last
error occured
This commit is contained in:
Clemens Schwaighofer
2014-09-01 15:13:25 +09:00
parent 96224d0d1e
commit dd4dc12ed4
4 changed files with 22 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
4dev/update/20140822_edit_update/edit_tables.sql
View File

@@ -4,7 +4,8 @@
-- count login errors
ALTER TABLE edit_user ADD login_error_count INT DEFAULT 0;
-- last login error date
ALTER TABLE edit_user ADD login_error_date TIMESTAMP WITHOUT TIME ZONE;
ALTER TABLE edit_user ADD login_error_date_last TIMESTAMP WITHOUT TIME ZONE;
ALTER TABLE edit_user ADD login_error_date_first TIMESTAMP WITHOUT TIME ZONE;
-- if this is set to true, this user gets locked after max login errors are reached
ALTER TABLE edit_user ADD strict SMALLINT DEFAULT 0;
ALTER TABLE edit_user ADD locked SMALLINT DEFAULT 0;

3
www/admin/edit_base.inc
View File

@@ -223,7 +223,8 @@
{
case "edit_users":
$elements[] = $form->form_create_element("login_error_count");
$elements[] = $form->form_create_element("login_error_date");
$elements[] = $form->form_create_element("login_error_date_last");
$elements[] = $form->form_create_element("login_error_date_first");
$elements[] = $form->form_create_element("enabled");
$elements[] = $form->form_create_element("username");
$elements[] = $form->form_create_element("password");

10
www/admin/table_arrays/array_edit_users.inc
View File

@@ -124,9 +124,15 @@
"type" => "view",
"empty" => "0"
),
"login_error_date" => array (
"login_error_date_last" => array (
"output_name" => "Last login error",
"value" => $GLOBALS['login_error_date'],
"value" => $GLOBALS['login_error_date_liast'],
"type" => "view",
"empty" => "-"
),
"login_error_date_first" => array (
"output_name" => "First login error",
"value" => $GLOBALS['login_error_date_first'],
"type" => "view",
"empty" => "-"
),

14
www/libs/Class.Login.inc
View File

@@ -243,7 +243,7 @@
else
{
// we have to get the themes in here too
$q = "SELECT eu.edit_user_id, username, password, eu.edit_group_id, eg.name AS edit_group_name, admin, eu.login_error_count, eu.login_error_date, eu.strict, eu.locked, ";
$q = "SELECT eu.edit_user_id, username, password, eu.edit_group_id, eg.name AS edit_group_name, admin, eu.login_error_count, eu.login_error_date_last, eu.login_error_date_first, eu.strict, eu.locked, ";
$q .= "debug, db_debug, ";
$q .= "eareu.level AS user_level, eareu.type AS user_type, ";
$q .= "eareg.level AS group_level, eareg.type AS group_type, ";
@@ -267,6 +267,9 @@
}
else
{
// if login errors is half of max errors and the last login error was less than 10s ago, forbid any new login try
// check with what kind of prefix the password begins:
// $2a$ or $2y$: BLOWFISCH
// $1$: MD5
@@ -332,7 +335,7 @@
// reset any login error count for this user
if ($res['login_error_count'] > 0)
{
$q = "UPDATE edit_user SET login_error_count = 0, login_error_date = NULL WHERE edit_user_id = ".$res['edit_user_id'];
$q = "UPDATE edit_user SET login_error_count = 0, login_error_date_last = NULL, login_error_date_first = NULL WHERE edit_user_id = ".$res['edit_user_id'];
$this->db_exec($q);
}
$pages = array();
@@ -427,12 +430,15 @@
$_SESSION["UNIT_ACL_LEVEL"] = $unit_acl;
$_SESSION['EAID'] = $eauid;
} // user has permission to THIS page
} // user was not enabled
} // user was not enabled or other login error
if ($this->login_error)
{
if ($res['login_error_count'] == 0)
$login_error_date_first = ', login_error_date_first = NOW()';
// update login error count for this user
$q = "UPDATE edit_user SET login_error_count = login_error_count + 1, login_error_date = NOW WHERE edit_user_id = ".$res['edit_user_id'];
$q = "UPDATE edit_user SET login_error_count = login_error_count + 1, login_error_date_last = NOW() $login_error_date_first WHERE edit_user_id = ".$res['edit_user_id'];
$this->db_exec($q);
// totally lock the user if error max is reached
if ($res['login_error_count'] + 1 > $this->max_login_error_count)
{
// do some alert reporting in case this error is too big