CC-2789: Prevent brue-force password guessing attacks

- add recaptcha on login page
2011-09-13 14:16:16 -04:00 · 2011-09-13 14:16:16 -04:00 · f25304bcb7
commit f25304bcb7
parent e6f7640c90
20 changed files with 2083 additions and 58 deletions
--- a/airtime_mvc/application/models/Subjects.php
+++ b/airtime_mvc/application/models/Subjects.php
@ -14,7 +14,7 @@ define('ALIBERR_BADSMEMB', 21);
 * @copyright 2010 Sourcefabric O.P.S.
 * @license http://www.gnu.org/licenses/gpl.txt
 */
-class Subjects {
+class Application_Model_Subjects {

    /* ======================================================= public methods */

@ -118,6 +118,38 @@ class Subjects {
        return (intval($res) > 0);
    } // fn isMemberOf

+    public static function increaseLoginAttempts($login){
+        global $CC_CONFIG, $CC_DBC;
+        $sql = "UPDATE ".$CC_CONFIG['subjTable']." SET login_attempts = login_attempts+1"
+            ." WHERE login='$login'";
+        $res = $CC_DBC->query($sql);
+        if (PEAR::isError($res)) {
+            return $res;
+        }
+        return (intval($res) > 0);
+    }
+    
+    public static function resetLoginAttempts($login){
+        global $CC_CONFIG, $CC_DBC;
+        $sql = "UPDATE ".$CC_CONFIG['subjTable']." SET login_attempts = '0'"
+            ." WHERE login='$login'";
+        $res = $CC_DBC->query($sql);
+        if (PEAR::isError($res)) {
+            return $res;
+        }
+        return (intval($res) > 0);
+    }
+    
+    public static function getLoginAttempts($login){
+        global $CC_CONFIG, $CC_DBC;
+        $sql = "SELECT login_attempts FROM ".$CC_CONFIG['subjTable']." WHERE login='$login'";
+        $res = $CC_DBC->getOne($sql);
+        Logging::log($res);
+        if (PEAR::isError($res)) {
+            return $res;
+        }
+        return $res;
+    }

 } // class Subjects