From dd4dc12ed43ac0679acdc83f4ff9c3f41b8b3f72 Mon Sep 17 00:00:00 2001
From: Clemens Schwaighofer <clemens.schwaighofer@e-graphics.com>
Date: Mon, 1 Sep 2014 15:13:25 +0900
Subject: [PATCH] Update login to use two last error vars

First error date for the first error occured, last one for the last
error occured
---
 4dev/update/20140822_edit_update/edit_tables.sql |  3 ++-
 www/admin/edit_base.inc                          |  3 ++-
 www/admin/table_arrays/array_edit_users.inc      | 10 ++++++++--
 www/libs/Class.Login.inc                         | 14 ++++++++++----
 4 files changed, 22 insertions(+), 8 deletions(-)

diff --git a/4dev/update/20140822_edit_update/edit_tables.sql b/4dev/update/20140822_edit_update/edit_tables.sql
index 6189c2a0..37a75e85 100644
--- a/4dev/update/20140822_edit_update/edit_tables.sql
+++ b/4dev/update/20140822_edit_update/edit_tables.sql
@@ -4,7 +4,8 @@
 -- count login errors
 ALTER TABLE edit_user ADD login_error_count INT DEFAULT 0;
 -- last login error date
-ALTER TABLE edit_user ADD login_error_date TIMESTAMP WITHOUT TIME ZONE;
+ALTER TABLE edit_user ADD login_error_date_last TIMESTAMP WITHOUT TIME ZONE;
+ALTER TABLE edit_user ADD login_error_date_first TIMESTAMP WITHOUT TIME ZONE;
 -- if this is set to true, this user gets locked after max login errors are reached
 ALTER TABLE edit_user ADD strict SMALLINT DEFAULT 0;
 ALTER TABLE edit_user ADD locked SMALLINT DEFAULT 0;
diff --git a/www/admin/edit_base.inc b/www/admin/edit_base.inc
index 252772bb..78b84876 100644
--- a/www/admin/edit_base.inc
+++ b/www/admin/edit_base.inc
@@ -223,7 +223,8 @@
 		{
 			case "edit_users":
 				$elements[] = $form->form_create_element("login_error_count");
-				$elements[] = $form->form_create_element("login_error_date");
+				$elements[] = $form->form_create_element("login_error_date_last");
+				$elements[] = $form->form_create_element("login_error_date_first");
 				$elements[] = $form->form_create_element("enabled");
 				$elements[] = $form->form_create_element("username");
 				$elements[] = $form->form_create_element("password");
diff --git a/www/admin/table_arrays/array_edit_users.inc b/www/admin/table_arrays/array_edit_users.inc
index d82a6f87..a581257b 100644
--- a/www/admin/table_arrays/array_edit_users.inc
+++ b/www/admin/table_arrays/array_edit_users.inc
@@ -124,9 +124,15 @@
 				"type" => "view",
 				"empty" => "0"
 			),
-			"login_error_date" => array (
+			"login_error_date_last" => array (
 				"output_name" => "Last login error",
-				"value" => $GLOBALS['login_error_date'],
+				"value" => $GLOBALS['login_error_date_liast'],
+				"type" => "view",
+				"empty" => "-"
+			),
+			"login_error_date_first" => array (
+				"output_name" => "First login error",
+				"value" => $GLOBALS['login_error_date_first'],
 				"type" => "view",
 				"empty" => "-"
 			),
diff --git a/www/libs/Class.Login.inc b/www/libs/Class.Login.inc
index 379bbc88..6a41df03 100644
--- a/www/libs/Class.Login.inc
+++ b/www/libs/Class.Login.inc
@@ -243,7 +243,7 @@
 				else
 				{
 					// we have to get the themes in here too
-					$q = "SELECT eu.edit_user_id, username, password, eu.edit_group_id, eg.name AS edit_group_name, admin, eu.login_error_count, eu.login_error_date, eu.strict, eu.locked, ";
+					$q = "SELECT eu.edit_user_id, username, password, eu.edit_group_id, eg.name AS edit_group_name, admin, eu.login_error_count, eu.login_error_date_last, eu.login_error_date_first, eu.strict, eu.locked, ";
 					$q .= "debug, db_debug, ";
 					$q .= "eareu.level AS user_level, eareu.type AS user_type, ";
 					$q .= "eareg.level AS group_level, eareg.type AS group_type, ";
@@ -267,6 +267,9 @@
 					}
 					else
 					{
+						// if login errors is half of max errors and the last login error was less than 10s ago, forbid any new login try
+
+
 						// check with what kind of prefix the password begins:
 						// $2a$ or $2y$: BLOWFISCH
 						// $1$: MD5
@@ -332,7 +335,7 @@
 								// reset any login error count for this user
 								if ($res['login_error_count'] > 0)
 								{
-									$q = "UPDATE edit_user SET login_error_count = 0, login_error_date = NULL WHERE edit_user_id = ".$res['edit_user_id'];
+									$q = "UPDATE edit_user SET login_error_count = 0, login_error_date_last = NULL, login_error_date_first = NULL WHERE edit_user_id = ".$res['edit_user_id'];
 									$this->db_exec($q);
 								}
 								$pages = array();
@@ -427,12 +430,15 @@
 								$_SESSION["UNIT_ACL_LEVEL"] = $unit_acl;
 								$_SESSION['EAID'] = $eauid;
 							} // user has permission to THIS page
-						} // user was not enabled
+						} // user was not enabled or other login error
 						if ($this->login_error)
 						{
+							if ($res['login_error_count'] == 0)
+								$login_error_date_first = ', login_error_date_first = NOW()';
 							// update login error count for this user
-							$q = "UPDATE edit_user SET login_error_count = login_error_count + 1, login_error_date = NOW WHERE edit_user_id = ".$res['edit_user_id'];
+							$q = "UPDATE edit_user SET login_error_count = login_error_count + 1, login_error_date_last = NOW() $login_error_date_first WHERE edit_user_id = ".$res['edit_user_id'];
 							$this->db_exec($q);
+							// totally lock the user if error max is reached
 							if ($res['login_error_count'] + 1 > $this->max_login_error_count)
 							{
 								// do some alert reporting in case this error is too big