diff options
Diffstat (limited to 'modules/gallery/helpers/auth.php')
| -rw-r--r-- | modules/gallery/helpers/auth.php | 81 |
1 files changed, 58 insertions, 23 deletions
diff --git a/modules/gallery/helpers/auth.php b/modules/gallery/helpers/auth.php index 717cf40a..f5454f85 100644 --- a/modules/gallery/helpers/auth.php +++ b/modules/gallery/helpers/auth.php @@ -20,7 +20,7 @@ class auth_Core { static function get_login_form($url) { $form = new Forge($url, "", "post", array("id" => "g-login-form")); - $form->set_attr('class', "g-narrow"); + $form->set_attr("class", "g-narrow"); $group = $form->group("login")->label(t("Login")); $group->input("name")->label(t("Username"))->id("g-username")->class(null) ->callback("auth::validate_too_many_failed_logins") @@ -60,52 +60,87 @@ class auth_Core { } /** - * After there have been 5 failed login attempts, any failure leads to getting locked out for a + * After there have been 5 failed auth attempts, any failure leads to getting locked out for a * minute. */ - static function too_many_failed_logins($name) { - $failed_login = ORM::factory("failed_login") + static function too_many_failures($name) { + $failed = ORM::factory("failed_auth") ->where("name", "=", $name) ->find(); - return ($failed_login->loaded() && - $failed_login->count > 5 && - (time() - $failed_login->time < 60)); + return ($failed->loaded() && + $failed->count > 5 && + (time() - $failed->time < 60)); } static function validate_too_many_failed_logins($name_input) { - if (self::too_many_failed_logins($name_input->value)) { + if (self::too_many_failures($name_input->value)) { $name_input->add_error("too_many_failed_logins", 1); } } - static function validate_too_many_failed_password_changes($password_input) { - if (self::too_many_failed_logins(identity::active_user()->name)) { - $password_input->add_error("too_many_failed_password_changes", 1); + static function validate_too_many_failed_auth_attempts($form_input) { + if (self::too_many_failures(identity::active_user()->name)) { + $form_input->add_error("too_many_failed_auth_attempts", 1); } } /** - * Record a failed login for this user + * Record a failed authentication for this user */ - static function record_failed_auth_attempts($name) { - $failed_login = ORM::factory("failed_login") + static function record_failed_attempt($name) { + $failed = ORM::factory("failed_auth") ->where("name", "=", $name) ->find(); - if (!$failed_login->loaded()) { - $failed_login->name = $name; + if (!$failed->loaded()) { + $failed->name = $name; } - $failed_login->time = time(); - $failed_login->count++; - $failed_login->save(); + $failed->time = time(); + $failed->count++; + $failed->save(); } /** * Clear any failed logins for this user */ - static function clear_failed_logins($user) { - db::build() - ->delete("failed_logins") + static function clear_failed_attempts($user) { + ORM::factory("failed_auth") ->where("name", "=", $user->name) - ->execute(); + ->delete_all(); + } + + /** + * Checks whether the current user (= admin) must + * actively re-authenticate before access is given + * to the admin area. + */ + static function must_reauth_for_admin_area() { + if (!identity::active_user()->admin) { + access::forbidden(); + } + + $session = Session::instance(); + $last_active_auth = $session->get("active_auth_timestamp", 0); + $last_admin_area_activity = $session->get("admin_area_activity_timestamp", 0); + $admin_area_timeout = module::get_var("gallery", "admin_area_timeout"); + + if (max($last_active_auth, $last_admin_area_activity) + $admin_area_timeout < time()) { + return true; + } + + $session->set("admin_area_activity_timestamp", time()); + return false; + } + + /** + * Redirect to the login page. + */ + static function require_login() { + $view = new Theme_View("page.html", "other", "login"); + $view->page_title = t("Log in to Gallery"); + $view->content = new View("login_ajax.html"); + $view->content->form = auth::get_login_form("login/auth_html"); + // Avoid anti-phishing protection by passing the url as session variable. + Session::instance()->set("continue_url", url::current(true)); + return $view; } }
\ No newline at end of file |