mirror of
https://github.com/slawkens/myaac.git
synced 2025-10-19 04:03:26 +02:00
Merge branch 'develop' into feature/new-router
# Conflicts: # composer.json # system/login.php
This commit is contained in:
slawkens
@@ -59,18 +59,33 @@ if(!$logged && isset($_POST['account_login'], $_POST['password_login']))
|
||||
$t = isset($tmp[$ip]) ? $tmp[$ip] : NULL;
|
||||
}
|
||||
|
||||
if(config('recaptcha_enabled') && !config('account_create_auto_login'))
|
||||
{
|
||||
require_once LIBS . 'GoogleReCAPTCHA.php';
|
||||
if (!GoogleReCAPTCHA::verify('login')) {
|
||||
$errors[] = GoogleReCAPTCHA::getErrorMessage();
|
||||
}
|
||||
}
|
||||
|
||||
$account_logged = new OTS_Account();
|
||||
if(USE_ACCOUNT_NAME)
|
||||
$account_logged->find($login_account);
|
||||
else
|
||||
$account_logged->load($login_account, true);
|
||||
if (config('account_login_by_email')) {
|
||||
$account_logged->findByEMail($login_account);
|
||||
}
|
||||
|
||||
if (!config('account_login_by_email') || config('account_login_by_email_fallback')) {
|
||||
if(USE_ACCOUNT_NAME) {
|
||||
$account_logged->find($login_account);
|
||||
} else {
|
||||
$account_logged->load($login_account, true);
|
||||
}
|
||||
}
|
||||
|
||||
$config_salt_enabled = $db->hasColumn('accounts', 'salt');
|
||||
if($account_logged->isLoaded() && encrypt(($config_salt_enabled ? $account_logged->getCustomField('salt') : '') . $login_password) == $account_logged->getPassword()
|
||||
&& (!isset($t) || $t['attempts'] < 5)
|
||||
)
|
||||
{
|
||||
setSession('account', $account_logged->getId());
|
||||
setSession('account', $account_logged->getNumber());
|
||||
setSession('password', encrypt(($config_salt_enabled ? $account_logged->getCustomField('salt') : '') . $login_password));
|
||||
if($remember_me) {
|
||||
setSession('remember_me', true);
|
||||
@@ -96,6 +111,8 @@ if(!$logged && isset($_POST['account_login'], $_POST['password_login']))
|
||||
{
|
||||
$hooks->trigger(HOOK_LOGIN_ATTEMPT, array('account' => $login_account, 'password' => $login_password, 'remember_me' => $remember_me));
|
||||
|
||||
$errorMessage = getAccountLoginByLabel() . ' or password is not correct.';
|
||||
|
||||
// temporary solution for blocking failed login attempts
|
||||
if($cache->enabled())
|
||||
{
|
||||
@@ -107,24 +124,24 @@ if(!$logged && isset($_POST['account_login'], $_POST['password_login']))
|
||||
if($t['attempts'] >= 5)
|
||||
$errors[] = 'A wrong password has been entered 5 times in a row. You are unable to log into your account for the next 5 minutes. Please wait.';
|
||||
else
|
||||
$errors[] = 'Account name or password is not correct.';
|
||||
$errors[] = $errorMessage;
|
||||
}
|
||||
else
|
||||
{
|
||||
$t = array('attempts' => 1, 'last' => time());
|
||||
$errors[] = 'Account name or password is not correct.';
|
||||
$errors[] = $errorMessage;
|
||||
}
|
||||
|
||||
$tmp[$ip] = $t;
|
||||
$cache->set('failed_logins', serialize($tmp), 60 * 60); // save for 1 hour
|
||||
}
|
||||
else {
|
||||
$errors[] = 'Account name or password is not correct.';
|
||||
$errors[] = $errorMessage;
|
||||
}
|
||||
}
|
||||
}
|
||||
else {
|
||||
$errors[] = 'Please enter your account ' . (USE_ACCOUNT_NAME ? 'name' : 'number') . ' and password.';
|
||||
$errors[] = 'Please enter your ' . getAccountLoginByLabel() . ' and password.';
|
||||
|
||||
$hooks->trigger(HOOK_LOGIN_ATTEMPT, array('account' => $login_account, 'password' => $login_password, 'remember_me' => $remember_me));
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user