Skip to content

Commit 15934fd

Browse files
author
David McReynolds
committed
fix: for issue #581
1 parent 8a0d88a commit 15934fd

File tree

1 file changed

+54
-27
lines changed

1 file changed

+54
-27
lines changed

Diff for: fuel/modules/fuel/controllers/Login.php

+54-27
Original file line numberDiff line numberDiff line change
@@ -111,32 +111,8 @@ public function index()
111111
}
112112
else
113113
{
114-
// check if they are no longer in the locked out state and reset variables
115-
if (isset($user_data['failed_login_timer']) AND (time() - $user_data['failed_login_timer']) > (int)$this->fuel->config('seconds_to_unlock'))
116-
{
117-
$user_data['failed_login_attempts'] = 0;
118-
$this->session->unset_userdata('failed_login_timer');
119-
unset($user_data['failed_login_timer']);
120-
}
121-
else
122-
{
123-
// add to the number of attempts if it's an invalid login'
124-
$num_attempts = (!isset($user_data['failed_login_attempts'])) ? 0 : $user_data['failed_login_attempts'] + 1;
125-
$user_data['failed_login_attempts'] = $num_attempts;
126-
}
114+
$this->check_login_attempts($user_data, 'username');
127115

128-
// check if they should be locked out
129-
if (isset($user_data['failed_login_attempts']) AND $user_data['failed_login_attempts'] >= (int)$this->fuel->config('num_logins_before_lock') -1)
130-
{
131-
$this->fuel_users_model->add_error(lang('error_max_attempts', $this->fuel->config('seconds_to_unlock')));
132-
$user_data['failed_login_timer'] = time();
133-
$this->fuel->logs->write(lang('auth_log_account_lockout', $this->input->post('user_name', TRUE), $this->input->ip_address()), 'debug');
134-
}
135-
else
136-
{
137-
$this->fuel_users_model->add_error(lang('error_invalid_login'));
138-
$this->fuel->logs->write(lang('auth_log_failed_login', $this->input->post('user_name', TRUE), $this->input->ip_address(), ($user_data['failed_login_attempts'] + 1)), 'debug');
139-
}
140116
}
141117
}
142118
else
@@ -188,14 +164,26 @@ public function pwd_reset()
188164

189165
$this->js_controller_params['method'] = 'add_edit';
190166

167+
$session_key = $this->fuel->auth->get_session_namespace();
168+
169+
$user_data = $this->session->userdata($session_key);
170+
191171
if ( ! empty($_POST))
192172
{
193-
if ($this->input->post('email'))
173+
if (isset($user_data['failed_login_timer']) AND (time() - $user_data['failed_login_timer']) < (int)$this->fuel->config('seconds_to_unlock'))
174+
{
175+
$this->fuel_users_model->add_error(lang('error_max_attempts', $this->fuel->config('seconds_to_unlock')));
176+
$user_data['failed_login_timer'] = time();
177+
}
178+
elseif ($this->input->post('email'))
194179
{
195180
$user = $this->fuel_users_model->find_one_array(array('email' => $this->input->post('email')));
196181

197182
if ( ! empty($user['email']))
198183
{
184+
// reset failed login attempts
185+
$user_data['failed_login_timer'] = 0;
186+
199187
// This generates and saves a token to the user model, returns the token string.
200188
$token = $this->fuel_users_model->get_reset_password_token($user['email']);
201189

@@ -231,8 +219,10 @@ public function pwd_reset()
231219
}
232220
else
233221
{
234-
$this->fuel_users_model->add_error(lang('error_invalid_email'));
222+
$this->check_login_attempts($user_data, 'email');
235223
}
224+
225+
$this->session->set_userdata($session_key, $user_data);
236226
}
237227
else
238228
{
@@ -260,6 +250,43 @@ public function pwd_reset()
260250

261251
}
262252

253+
protected function check_login_attempts(&$user_data, $field)
254+
{
255+
if (isset($user_data['failed_login_timer']) AND (time() - $user_data['failed_login_timer']) > (int)$this->fuel->config('seconds_to_unlock'))
256+
{
257+
$user_data['failed_login_attempts'] = 0;
258+
$this->session->unset_userdata('failed_login_timer');
259+
unset($user_data['failed_login_timer']);
260+
}
261+
else
262+
{
263+
// add to the number of attempts if it's an invalid login'
264+
$num_attempts = (!isset($user_data['failed_login_attempts'])) ? 0 : $user_data['failed_login_attempts'] + 1;
265+
$user_data['failed_login_attempts'] = $num_attempts;
266+
}
267+
268+
// check if they should be locked out
269+
if (isset($user_data['failed_login_attempts']) AND $user_data['failed_login_attempts'] >= (int)$this->fuel->config('num_logins_before_lock') -1)
270+
{
271+
$this->fuel_users_model->add_error(lang('error_max_attempts', $this->fuel->config('seconds_to_unlock')));
272+
$user_data['failed_login_timer'] = time();
273+
$this->fuel->logs->write(lang('auth_log_account_lockout', $this->input->post($field, TRUE), $this->input->ip_address()), 'debug');
274+
}
275+
else
276+
{
277+
if ($field == 'email')
278+
{
279+
$this->fuel_users_model->add_error(lang('error_invalid_email'));
280+
$this->fuel->logs->write(lang('error_invalid_email', $this->input->post('email', TRUE), $this->input->ip_address(), ($user_data['failed_login_attempts'] + 1)), 'debug');
281+
}
282+
else
283+
{
284+
$this->fuel_users_model->add_error(lang('error_invalid_login'));
285+
$this->fuel->logs->write(lang('auth_log_failed_login', $this->input->post('user_name', TRUE), $this->input->ip_address(), ($user_data['failed_login_attempts'] + 1)), 'debug');
286+
}
287+
}
288+
}
289+
263290
// THIS HANDLES A POST REQUEST FOR USER SETTING A NEW PASSWORD
264291
public function reset_password()
265292
{

0 commit comments

Comments
 (0)