1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
|
<?php defined("SYSPATH") or die("No direct script access.");
/**
* Gallery - a web based photo album viewer and editor
* Copyright (C) 2000-2009 Bharat Mediratta
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or (at
* your option) any later version.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
*/
class auth_Core {
static function get_login_form($url) {
$form = new Forge($url, "", "post", array("id" => "g-login-form"));
$form->set_attr("class", "g-narrow");
$group = $form->group("login")->label(t("Login"));
$group->input("name")->label(t("Username"))->id("g-username")->class(null)
->callback("auth::validate_too_many_failed_logins")
->error_messages(
"too_many_failed_logins", t("Too many failed login attempts. Try again later"));
$group->password("password")->label(t("Password"))->id("g-password")->class(null);
$group->inputs["name"]->error_messages("invalid_login", t("Invalid name or password"));
$group->submit("")->value(t("Login"));
return $form;
}
static function login($user) {
identity::set_active_user($user);
if (identity::is_writable()) {
$user->login_count += 1;
$user->last_login = time();
$user->save();
}
log::info("user", t("User %name logged in", array("name" => $user->name)));
module::event("user_login", $user);
}
static function logout() {
$user = identity::active_user();
if (!$user->guest) {
try {
Session::instance()->destroy();
} catch (Exception $e) {
Kohana_Log::add("error", $e);
}
module::event("user_logout", $user);
}
log::info("user", t("User %name logged out", array("name" => $user->name)),
t('<a href="%url">%user_name</a>',
array("url" => user_profile::url($user->id),
"user_name" => html::clean($user->name))));
}
/**
* After there have been 5 failed auth attempts, any failure leads to getting locked out for a
* minute.
*/
static function too_many_failures($name) {
$failed = ORM::factory("failed_auth")
->where("name", "=", $name)
->find();
return ($failed->loaded() &&
$failed->count > 5 &&
(time() - $failed->time < 60));
}
static function validate_too_many_failed_logins($name_input) {
if (self::too_many_failures($name_input->value)) {
$name_input->add_error("too_many_failed_logins", 1);
}
}
static function validate_too_many_failed_auth_attempts($form_input) {
if (self::too_many_failures(identity::active_user()->name)) {
$form_input->add_error("too_many_failed_auth_attempts", 1);
}
}
/**
* Record a failed authentication for this user
*/
static function record_failed_attempt($name) {
$failed = ORM::factory("failed_auth")
->where("name", "=", $name)
->find();
if (!$failed->loaded()) {
$failed->name = $name;
}
$failed->time = time();
$failed->count++;
$failed->save();
}
/**
* Clear any failed logins for this user
*/
static function clear_failed_attempts($user) {
ORM::factory("failed_auth")
->where("name", "=", $user->name)
->delete_all();
}
/**
* Checks whether the current user (= admin) must
* actively re-authenticate before access is given
* to the admin area.
*/
static function must_reauth_for_admin_area() {
if (!identity::active_user()->admin) {
access::forbidden();
}
$session = Session::instance();
$last_active_auth = $session->get("active_auth_timestamp", 0);
$last_admin_area_activity = $session->get("admin_area_activity_timestamp", 0);
$admin_area_timeout = module::get_var("gallery", "admin_area_timeout");
if (max($last_active_auth, $last_admin_area_activity) + $admin_area_timeout < time()) {
return true;
}
$session->set("admin_area_activity_timestamp", time());
return false;
}
}
|
