Hi everyone!, I´ll wait for your comments.
:::This function is called everytime someone tries to access an user
account and provides the system with a bad password (i.e. he/she
knows the username but maybe not the password).
We set the limit number of failed attemps in the PHP_FAILURES_TO_BLOCK
constant.
We set the time interval length we keep checking that user account once
we got a bad auth response in the PHP_BAD_PASSWORD_TIME_LIMIT constant.
The time we keep the user account blocked is set in another constant but
that is not used by this function.
/*--
* Función tryCounter($user)
*
* Disables the $user account when a number (PHP_FAILURES_TO_BLOCK) of
* unsuccesful access attempts are registered.
*
* @param string $user userid to check.
*
* @return This function always return true (unless some db error has occurred)
*
--*/
function tryCounter($user)
{
// db conection
if(!$conId) $conId = conectaBase();
// SQL::User data from our block table
$sqlq = "SELECT * FROM trycounter WHERE userid='$user'";
// Actual hour
$th = date("H:i:s");
$result = $conId->query($sqlq);
if(DB::IsError($result))
{
trigger_error("$sqlq", E_USER_ERROR);
dumpError("DB_ERROR","./");
return false;
}
// We've got the user data. Do the access counting and blocking stuff
if($row = $result->fetchRow(DB_FETCHMODE_ASSOC))
{
if($row["COUNTER"]==0)
{
// SQL::Ok, here we got the first bad pwd.
$sqlq = "UPDATE trycounter SET counter=1,countini={fn Now},lasttry={fn Now} WHERE userid='$user'";
$result = $conId->query($sqlq);
if(DB::IsError($result))
{
trigger_error("$sqlq", E_USER_ERROR);
dumpError("DB_ERROR","./");
return false;
}
return true;
}
else
{
// More than 1 bad pwd.
// Counting start time
$theHour = explode(" ",$row["COUNTINI"]);
$theHour = $theHour[1];
// More than PHP_BAD_PASSWORD_TIME_LIMIT since the counting start?
if(timeToSeconds($th)-timeToSeconds($theHour) > constant(PHP_BAD_PASSWORD_TIME_LIMIT))
{
// SQL
$sqlq = "UPDATE trycounter SET counter=1,countini={fn Now},lasttry={fn Now} WHERE userid='$user'";
$result = $conId->query($sqlq);
if(DB::IsError($result))
{
trigger_error("$sqlq", E_USER_ERROR);
dumpError("DB_ERROR","./");
return false;
}
return true;
}
else
{
// PHP_FAILURES_TO_BLOCK bad pwd's?
if($row["COUNTER"]==constant(PHP_FAILURES_TO_BLOCK))
{
// SQL::Yep. We do block the account
$sqlq = "UPDATE trycounter SET flagbloq=1,lasttry={fn Now} WHERE userid='$user'";
$result = $conId->query($sqlq);
if(DB::IsError($result))
{
trigger_error("$sqlq", E_USER_ERROR);
dumpError("DB_ERROR","./");
return false;
}
return true;
}
// mmmhh, Not yet
else
{
// Add one to our counter
$cntr = $row["COUNTER"]+1;
// SQL::and update it
$sqlq = "UPDATE trycounter SET lasttry={fn Now},counter='$cntr' WHERE userid='$user'";
$result = $conId->query($sqlq);
if(DB::IsError($result))
{
trigger_error("$sqlq", E_USER_ERROR);
dumpError("Error!:","./");
return false;
}
return true;
}
}
}
}
}
/*-
* ::CACHE TABLE::
*
* This is the cache table definition
*
* Class User.TRYCOUNTER Extends %Persistent [ ClassType = persistent, ProcedureBlock ]
* {
* Property USERID As %String(MAXLEN = 15) [ Required ];
* Property LASTTRY As %TimeStamp [ Required ];
* Property COUNTINI As %TimeStamp [ Required ];
* Property COUNTER As %Integer [ Required ];
* Property FLAGBLOQ As %Boolean;
* Index USERIDIndex On USERID [ Unique ];
* }
*
-*/
