@@ -111,32 +111,8 @@ public function index()
111111 }
112112 else
113113 {
114- // check if they are no longer in the locked out state and reset variables
115- if (isset ($ user_data ['failed_login_timer ' ]) AND (time () - $ user_data ['failed_login_timer ' ]) > (int )$ this ->fuel ->config ('seconds_to_unlock ' ))
116- {
117- $ user_data ['failed_login_attempts ' ] = 0 ;
118- $ this ->session ->unset_userdata ('failed_login_timer ' );
119- unset($ user_data ['failed_login_timer ' ]);
120- }
121- else
122- {
123- // add to the number of attempts if it's an invalid login'
124- $ num_attempts = (!isset ($ user_data ['failed_login_attempts ' ])) ? 0 : $ user_data ['failed_login_attempts ' ] + 1 ;
125- $ user_data ['failed_login_attempts ' ] = $ num_attempts ;
126- }
114+ $ this ->check_login_attempts ($ user_data , 'username ' );
127115
128- // check if they should be locked out
129- if (isset ($ user_data ['failed_login_attempts ' ]) AND $ user_data ['failed_login_attempts ' ] >= (int )$ this ->fuel ->config ('num_logins_before_lock ' ) -1 )
130- {
131- $ this ->fuel_users_model ->add_error (lang ('error_max_attempts ' , $ this ->fuel ->config ('seconds_to_unlock ' )));
132- $ user_data ['failed_login_timer ' ] = time ();
133- $ this ->fuel ->logs ->write (lang ('auth_log_account_lockout ' , $ this ->input ->post ('user_name ' , TRUE ), $ this ->input ->ip_address ()), 'debug ' );
134- }
135- else
136- {
137- $ this ->fuel_users_model ->add_error (lang ('error_invalid_login ' ));
138- $ this ->fuel ->logs ->write (lang ('auth_log_failed_login ' , $ this ->input ->post ('user_name ' , TRUE ), $ this ->input ->ip_address (), ($ user_data ['failed_login_attempts ' ] + 1 )), 'debug ' );
139- }
140116 }
141117 }
142118 else
@@ -188,14 +164,26 @@ public function pwd_reset()
188164
189165 $ this ->js_controller_params ['method ' ] = 'add_edit ' ;
190166
167+ $ session_key = $ this ->fuel ->auth ->get_session_namespace ();
168+
169+ $ user_data = $ this ->session ->userdata ($ session_key );
170+
191171 if ( ! empty ($ _POST ))
192172 {
193- if ($ this ->input ->post ('email ' ))
173+ if (isset ($ user_data ['failed_login_timer ' ]) AND (time () - $ user_data ['failed_login_timer ' ]) < (int )$ this ->fuel ->config ('seconds_to_unlock ' ))
174+ {
175+ $ this ->fuel_users_model ->add_error (lang ('error_max_attempts ' , $ this ->fuel ->config ('seconds_to_unlock ' )));
176+ $ user_data ['failed_login_timer ' ] = time ();
177+ }
178+ elseif ($ this ->input ->post ('email ' ))
194179 {
195180 $ user = $ this ->fuel_users_model ->find_one_array (array ('email ' => $ this ->input ->post ('email ' )));
196181
197182 if ( ! empty ($ user ['email ' ]))
198183 {
184+ // reset failed login attempts
185+ $ user_data ['failed_login_timer ' ] = 0 ;
186+
199187 // This generates and saves a token to the user model, returns the token string.
200188 $ token = $ this ->fuel_users_model ->get_reset_password_token ($ user ['email ' ]);
201189
@@ -231,8 +219,10 @@ public function pwd_reset()
231219 }
232220 else
233221 {
234- $ this ->fuel_users_model -> add_error ( lang ( ' error_invalid_email ' ) );
222+ $ this ->check_login_attempts ( $ user_data , ' email ' );
235223 }
224+
225+ $ this ->session ->set_userdata ($ session_key , $ user_data );
236226 }
237227 else
238228 {
@@ -260,6 +250,43 @@ public function pwd_reset()
260250
261251 }
262252
253+ protected function check_login_attempts (&$ user_data , $ field )
254+ {
255+ if (isset ($ user_data ['failed_login_timer ' ]) AND (time () - $ user_data ['failed_login_timer ' ]) > (int )$ this ->fuel ->config ('seconds_to_unlock ' ))
256+ {
257+ $ user_data ['failed_login_attempts ' ] = 0 ;
258+ $ this ->session ->unset_userdata ('failed_login_timer ' );
259+ unset($ user_data ['failed_login_timer ' ]);
260+ }
261+ else
262+ {
263+ // add to the number of attempts if it's an invalid login'
264+ $ num_attempts = (!isset ($ user_data ['failed_login_attempts ' ])) ? 0 : $ user_data ['failed_login_attempts ' ] + 1 ;
265+ $ user_data ['failed_login_attempts ' ] = $ num_attempts ;
266+ }
267+
268+ // check if they should be locked out
269+ if (isset ($ user_data ['failed_login_attempts ' ]) AND $ user_data ['failed_login_attempts ' ] >= (int )$ this ->fuel ->config ('num_logins_before_lock ' ) -1 )
270+ {
271+ $ this ->fuel_users_model ->add_error (lang ('error_max_attempts ' , $ this ->fuel ->config ('seconds_to_unlock ' )));
272+ $ user_data ['failed_login_timer ' ] = time ();
273+ $ this ->fuel ->logs ->write (lang ('auth_log_account_lockout ' , $ this ->input ->post ($ field , TRUE ), $ this ->input ->ip_address ()), 'debug ' );
274+ }
275+ else
276+ {
277+ if ($ field == 'email ' )
278+ {
279+ $ this ->fuel_users_model ->add_error (lang ('error_invalid_email ' ));
280+ $ this ->fuel ->logs ->write (lang ('error_invalid_email ' , $ this ->input ->post ('email ' , TRUE ), $ this ->input ->ip_address (), ($ user_data ['failed_login_attempts ' ] + 1 )), 'debug ' );
281+ }
282+ else
283+ {
284+ $ this ->fuel_users_model ->add_error (lang ('error_invalid_login ' ));
285+ $ this ->fuel ->logs ->write (lang ('auth_log_failed_login ' , $ this ->input ->post ('user_name ' , TRUE ), $ this ->input ->ip_address (), ($ user_data ['failed_login_attempts ' ] + 1 )), 'debug ' );
286+ }
287+ }
288+ }
289+
263290 // THIS HANDLES A POST REQUEST FOR USER SETTING A NEW PASSWORD
264291 public function reset_password ()
265292 {
0 commit comments