Compare commits
3 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
8c4527cf4a | ||
|
|
deff15cc71 | ||
|
|
dd4dc12ed4 |
@@ -4,7 +4,8 @@
|
||||
-- count login errors
|
||||
ALTER TABLE edit_user ADD login_error_count INT DEFAULT 0;
|
||||
-- last login error date
|
||||
ALTER TABLE edit_user ADD login_error_date TIMESTAMP WITHOUT TIME ZONE;
|
||||
ALTER TABLE edit_user ADD login_error_date_last TIMESTAMP WITHOUT TIME ZONE;
|
||||
ALTER TABLE edit_user ADD login_error_date_first TIMESTAMP WITHOUT TIME ZONE;
|
||||
-- if this is set to true, this user gets locked after max login errors are reached
|
||||
ALTER TABLE edit_user ADD strict SMALLINT DEFAULT 0;
|
||||
ALTER TABLE edit_user ADD locked SMALLINT DEFAULT 0;
|
||||
|
||||
@@ -223,7 +223,8 @@
|
||||
{
|
||||
case "edit_users":
|
||||
$elements[] = $form->form_create_element("login_error_count");
|
||||
$elements[] = $form->form_create_element("login_error_date");
|
||||
$elements[] = $form->form_create_element("login_error_date_last");
|
||||
$elements[] = $form->form_create_element("login_error_date_first");
|
||||
$elements[] = $form->form_create_element("enabled");
|
||||
$elements[] = $form->form_create_element("username");
|
||||
$elements[] = $form->form_create_element("password");
|
||||
|
||||
@@ -124,9 +124,15 @@
|
||||
"type" => "view",
|
||||
"empty" => "0"
|
||||
),
|
||||
"login_error_date" => array (
|
||||
"login_error_date_last" => array (
|
||||
"output_name" => "Last login error",
|
||||
"value" => $GLOBALS['login_error_date'],
|
||||
"value" => $GLOBALS['login_error_date_liast'],
|
||||
"type" => "view",
|
||||
"empty" => "-"
|
||||
),
|
||||
"login_error_date_first" => array (
|
||||
"output_name" => "First login error",
|
||||
"value" => $GLOBALS['login_error_date_first'],
|
||||
"type" => "view",
|
||||
"empty" => "-"
|
||||
),
|
||||
|
||||
@@ -97,6 +97,8 @@
|
||||
public $class_info; // class info var
|
||||
|
||||
public $page_name;
|
||||
public $host_name;
|
||||
public $host_port;
|
||||
|
||||
private $error_id; // error ID for errors in classes
|
||||
private $error_string; // error strings in classes (for error_id)
|
||||
@@ -176,6 +178,7 @@
|
||||
|
||||
// set the page name
|
||||
$this->page_name = $this->get_page_name();
|
||||
$this->host_name = $this->get_host_name();
|
||||
|
||||
// set the paths matching to the valid file types
|
||||
$this->data_path = array (
|
||||
@@ -387,7 +390,7 @@
|
||||
$this->fdebug_fp();
|
||||
if ($enter)
|
||||
$string .= "\n";
|
||||
$string = "[".$this->print_time()."] [".$this->get_page_name()."] - ".$string;
|
||||
$string = "[".$this->print_time()."] [".$this->get_page_name(2)."] - ".$string;
|
||||
fwrite($this->debug_fp, $string);
|
||||
$this->fdebug_fp();
|
||||
}
|
||||
@@ -451,7 +454,7 @@
|
||||
if (!isset($this->error_msg[$level]))
|
||||
$this->error_msg[$level] = '';
|
||||
$error_string = '<div>';
|
||||
$error_string .= '[<span style="font-weight: bold; color: #5e8600;">'.$this->print_time().'</span>] [<span style="font-weight: bold; color: #c56c00;">'.$level.'</span>] [<span style="color: #08b369;">'.$this->get_page_name().'</span>] [<span style="color: #0062A2;">'.$this->running_uid.'</span>] {<span style="font-style: italic; color: #928100;">'.get_class($this).'</span>} - '.$string;
|
||||
$error_string .= '[<span style="font-weight: bold; color: #5e8600;">'.$this->print_time().'</span>] [<span style="font-weight: bold; color: #c56c00;">'.$level.'</span>] [<span style="color: #b000ab;">'.$this->host_name.'</span>] [<span style="color: #08b369;">'.$this->page_name.'</span>] [<span style="color: #0062A2;">'.$this->running_uid.'</span>] {<span style="font-style: italic; color: #928100;">'.get_class($this).'</span>} - '.$string;
|
||||
$error_string .= "</div><!--#BR#-->";
|
||||
if ($strip)
|
||||
{
|
||||
@@ -461,7 +464,7 @@
|
||||
$string = preg_replace("/(<\/?)(\w+)([^>]*>)/", "", $string);
|
||||
}
|
||||
// same string put for print (no html crap inside)
|
||||
$error_string_print = '['.$this->print_time().'] ['.$this->get_page_name().'] ['.$this->running_uid.'] {'.get_class($this).'} <'.$level.'> - '.$string;
|
||||
$error_string_print = '['.$this->print_time().'] ['.$this->host_name.'] ['.$this->get_page_name(2).'] ['.$this->running_uid.'] {'.get_class($this).'} <'.$level.'> - '.$string;
|
||||
$error_string_print .= "\n";
|
||||
// write to file if set
|
||||
$this->write_error_msg($level, $error_string_print);
|
||||
@@ -797,8 +800,22 @@
|
||||
return $atag.$email;
|
||||
}
|
||||
|
||||
// METHOD get_host_name
|
||||
// PARAMS none
|
||||
// RETURN host name
|
||||
// DESCRIPTION
|
||||
// get the host name without the port as given by the SELF var
|
||||
public static function get_host_name()
|
||||
{
|
||||
list($host_name, $port) = explode(":", $_SERVER['HTTP_HOST']);
|
||||
$self->host_port = $port;
|
||||
return $host_name;
|
||||
}
|
||||
|
||||
// METHOD get_page_name
|
||||
// PARAMS strip page file name extension, default is no
|
||||
// PARAMS 1: strip page file name extension
|
||||
// 0: keep filename as is
|
||||
// 2: keep filename as is, but add dirname too
|
||||
// RETURN filename
|
||||
// DESCRIPTION
|
||||
// get the page name of the curronte page:
|
||||
@@ -806,8 +823,10 @@
|
||||
{
|
||||
// get the file info
|
||||
$page_temp = pathinfo($_SERVER["PHP_SELF"]);
|
||||
if ($strip_ext)
|
||||
if ($strip_ext == 1)
|
||||
return $page_temp['filename'];
|
||||
elseif ($strip_ext == 2)
|
||||
return $_SERVER['PHP_SELF'];
|
||||
else
|
||||
return $page_temp['basename'];
|
||||
}
|
||||
|
||||
@@ -312,7 +312,7 @@
|
||||
$this->db_pwd = $db_config['db_pass'];
|
||||
$this->db_host = $db_config['db_host'];
|
||||
$this->db_port = array_key_exists('db_port', $db_config) ? $db_config['db_port'] : '5432';
|
||||
$this->db_schema = array_key_exists('db_schema', $db_config) ? $db_config['db_schema'] : 'public';
|
||||
$this->db_schema = array_key_exists('db_schema', $db_config) ? $db_config['db_schema'] : ''; // do not set to 'public' if not set, because the default is already public
|
||||
$this->db_encoding = array_key_exists('db_encoding', $db_config) ? $db_config['db_encoding'] : '';
|
||||
$this->db_type = 'db_'.$db_config['db_type'];
|
||||
$this->db_ssl = array_key_exists('db_ssl', $db_config) ? $db_config['db_ssl'] : 'allow';
|
||||
|
||||
@@ -243,7 +243,7 @@
|
||||
else
|
||||
{
|
||||
// we have to get the themes in here too
|
||||
$q = "SELECT eu.edit_user_id, username, password, eu.edit_group_id, eg.name AS edit_group_name, admin, eu.login_error_count, eu.login_error_date, eu.strict, eu.locked, ";
|
||||
$q = "SELECT eu.edit_user_id, username, password, eu.edit_group_id, eg.name AS edit_group_name, admin, eu.login_error_count, eu.login_error_date_last, eu.login_error_date_first, eu.strict, eu.locked, ";
|
||||
$q .= "debug, db_debug, ";
|
||||
$q .= "eareu.level AS user_level, eareu.type AS user_type, ";
|
||||
$q .= "eareg.level AS group_level, eareg.type AS group_type, ";
|
||||
@@ -267,6 +267,8 @@
|
||||
}
|
||||
else
|
||||
{
|
||||
// if login errors is half of max errors and the last login error was less than 10s ago, forbid any new login try
|
||||
|
||||
// check with what kind of prefix the password begins:
|
||||
// $2a$ or $2y$: BLOWFISCH
|
||||
// $1$: MD5
|
||||
@@ -332,7 +334,7 @@
|
||||
// reset any login error count for this user
|
||||
if ($res['login_error_count'] > 0)
|
||||
{
|
||||
$q = "UPDATE edit_user SET login_error_count = 0, login_error_date = NULL WHERE edit_user_id = ".$res['edit_user_id'];
|
||||
$q = "UPDATE edit_user SET login_error_count = 0, login_error_date_last = NULL, login_error_date_first = NULL WHERE edit_user_id = ".$res['edit_user_id'];
|
||||
$this->db_exec($q);
|
||||
}
|
||||
$pages = array();
|
||||
@@ -427,12 +429,15 @@
|
||||
$_SESSION["UNIT_ACL_LEVEL"] = $unit_acl;
|
||||
$_SESSION['EAID'] = $eauid;
|
||||
} // user has permission to THIS page
|
||||
} // user was not enabled
|
||||
} // user was not enabled or other login error
|
||||
if ($this->login_error)
|
||||
{
|
||||
if ($res['login_error_count'] == 0)
|
||||
$login_error_date_first = ', login_error_date_first = NOW()';
|
||||
// update login error count for this user
|
||||
$q = "UPDATE edit_user SET login_error_count = login_error_count + 1, login_error_date = NOW WHERE edit_user_id = ".$res['edit_user_id'];
|
||||
$q = "UPDATE edit_user SET login_error_count = login_error_count + 1, login_error_date_last = NOW() $login_error_date_first WHERE edit_user_id = ".$res['edit_user_id'];
|
||||
$this->db_exec($q);
|
||||
// totally lock the user if error max is reached
|
||||
if ($res['login_error_count'] + 1 > $this->max_login_error_count)
|
||||
{
|
||||
// do some alert reporting in case this error is too big
|
||||
|
||||
Reference in New Issue
Block a user