CC-2789: Prevent brue-force password guessing attacks

- add recaptcha on login page
2011-09-13 14:16:16 -04:00 · 2011-09-13 14:16:16 -04:00 · f25304bcb7
commit f25304bcb7
parent e6f7640c90
20 changed files with 2083 additions and 58 deletions
--- a/airtime_mvc/application/forms/Login.php
+++ b/airtime_mvc/application/forms/Login.php
@ -29,7 +29,16 @@ class Application_Form_Login extends Zend_Form
                'NotEmpty',
            )
        ));
-
+        
+        $recaptchaNeeded = false;
+        if(Application_Model_LoginAttempts::getAttempts($_SERVER['REMOTE_ADDR']) >= 3){
+            $recaptchaNeeded = true;
+        }
+        if($recaptchaNeeded){
+            // recaptcha
+            $this->addRecaptcha();
+        }
+        
 		// Add the submit button
        $this->addElement('submit', 'submit', array(
            'ignore'   => true,
@ -38,6 +47,25 @@ class Application_Form_Login extends Zend_Form
        ));

    }
+    
+    public function addRecaptcha(){
+        $pubKey = '6Ld4JsISAAAAAIxUKT4IjjOGi3DHqdoH2zk6WkYG';
+        $privKey = '6Ld4JsISAAAAAJynYlXdrE4hfTReTSxYFe5szdyv';
+        
+        $recaptcha = new Zend_Service_ReCaptcha($pubKey, $privKey);
+        
+        $captcha = new Zend_Form_Element_Captcha('captcha',
+            array(
+                'label' => 'Type the characters you see in the picture below.',
+                'captcha' =>  'ReCaptcha',
+                'captchaOptions'        => array(
+                    'captcha'   => 'ReCaptcha',
+                    'service' => $recaptcha
+                )
+            )
+        );
+        $this->addElement($captcha);
+    }


 }