1 files changed, 52 insertions, 3 deletions

diff --git a/modules/gallery/helpers/auth.php b/modules/gallery/helpers/auth.php
index 21a39bfb..16f8915a 100644
--- a/modules/gallery/helpers/auth.php
+++ b/modules/gallery/helpers/auth.php
@@ -22,7 +22,10 @@ class auth_Core {
     $form = new Forge($url, "", "post", array("id" => "g-login-form"));
     $form->set_attr('class', "g-narrow");
     $group = $form->group("login")->label(t("Login"));
-    $group->input("name")->label(t("Username"))->id("g-username")->class(null);
+    $group->input("name")->label(t("Username"))->id("g-username")->class(null)
+      ->callback("auth::validate_too_many_failed_logins")
+      ->error_messages(
+        "too_many_failed_logins", t("Too many failed login attempts.  Try again later"));
     $group->password("password")->label(t("Password"))->id("g-password")->class(null);
     $group->inputs["name"]->error_messages("invalid_login", t("Invalid name or password"));
     $group->submit("")->value(t("Login"));
@@ -30,12 +33,12 @@ class auth_Core {
   }
 
   static function login($user) {
+    identity::set_active_user($user);
     if (identity::is_writable()) {
       $user->login_count += 1;
       $user->last_login = time();
       $user->save();
     }
-    identity::set_active_user($user);
     log::info("user", t("User %name logged in", array("name" => $user->name)));
     module::event("user_login", $user);
   }
@@ -51,6 +54,52 @@ class auth_Core {
       module::event("user_logout", $user);
     }
     log::info("user", t("User %name logged out", array("name" => $user->name)),
-              html::anchor("user/$user->id", html::clean($user->name)));
+              t('<a href="%url">%user_name</a>',
+                array("url" => user_profile::url($user->id),
+                      "user_name" => html::clean($user->name))));
+  }
+
+  /**
+   * After there have been 5 failed login attempts, any failure leads to getting locked out for a
+   * minute.
+   */
+  static function too_many_failed_logins($name) {
+    $failed_login = ORM::factory("failed_login")
+      ->where("name", "=", $name)
+      ->find();
+    return ($failed_login->loaded() &&
+            $failed_login->count > 5 &&
+            (time() - $failed_login->time < 60));
+  }
+
+  static function validate_too_many_failed_logins($name_input) {
+    if (self::too_many_failed_logins($name_input->value)) {
+      $name_input->add_error("too_many_failed_logins", 1);
+    }
+  }
+
+  /**
+   * Record a failed login for this user
+   */
+  static function record_failed_login($name) {
+    $failed_login = ORM::factory("failed_login")
+      ->where("name", "=", $name)
+      ->find();
+    if (!$failed_login->loaded()) {
+      $failed_login->name = $name;
+    }
+    $failed_login->time = time();
+    $failed_login->count++;
+    $failed_login->save();
+  }
+
+  /**
+   * Clear any failed logins for this user
+   */
+  static function record_successful_login($user) {
+    db::build()
+      ->delete("failed_logins")
+      ->where("name", "=", $user->name)
+      ->execute();
   }
 }
\ No newline at end of file