WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the GNU General Public License for more details.
+<<<<<<< HEAD
* @version $Id: NP_SecurityEnforcer.php 1721 2012-03-31 10:18:25Z sakamocchi $
+=======
+* @version $Id: NP_SecurityEnforcer.php 1874 2012-06-17 07:27:38Z sakamocchi $
+>>>>>>> skinnable-master
*/
class NP_SecurityEnforcer extends NucleusPlugin
{
$this->createOption('login_lockout', '_SECURITYENFORCER_OPT_LOGIN_LOCKOUT', 'text', '15');
// create needed tables
+<<<<<<< HEAD
DB::execute("CREATE TABLE IF NOT EXISTS ". sql_table('plug_securityenforcer').
+=======
+ DB::execute('CREATE TABLE IF NOT EXISTS '. sql_table('plug_securityenforcer').
+>>>>>>> skinnable-master
" (login varchar(255),
fails int(11) NOT NULL default '0',
lastfail bigint NOT NULL default '0',
return;
}
- public function event_QuickMenu($data)
+ public function event_QuickMenu(&$data)
{
// only show when option enabled
global $member;
return;
}
- public function event_PrePasswordSet($data)
+ public function event_PrePasswordSet(&$data)
{
//password, errormessage, valid
if ( $this->enable_security == 'no' )
return;
}
- public function event_PostRegister($data)
+ public function event_PostRegister(&$data)
{
if ( $this->enable_security != 'yes' )
{
return;
}
- public function event_CustomLogin($data)
+ public function event_CustomLogin(&$data)
{
if ( $this->enable_security != 'yes' || $this->max_failed_login <= 0 )
{
global $_SERVER;
$login = $data['login'];
$ip = $_SERVER['REMOTE_ADDR'];
+<<<<<<< HEAD
DB::execute("DELETE FROM " . sql_table('plug_securityenforcer') . " WHERE lastfail < " . (time() - ($this->login_lockout * 60)));
$query = "SELECT fails as result FROM " . sql_table('plug_securityenforcer') . " ";
$query .= 'WHERE login=' . DB::quoteValue($login);
$flogin = DB::getValue($query);
$query = "SELECT fails as result FROM " . sql_table('plug_securityenforcer') . " ";
$query .= 'WHERE login=' . DB::quoteValue($ip);
+=======
+
+ $query = "DELETE FROM %s WHERE lastfail < %d;";
+ $query = sprintf($query, sql_table('plug_securityenforcer'), (integer) (time() - ($this->login_lockout * 60)));
+ DB::execute($query);
+
+ $query = "SELECT fails as result FROM %s WHERE login=%s;";
+ $query = sprintf($query, sql_table('plug_securityenforcer'), DB::quoteValue($login));
+ $flogin = DB::getValue($query);
+
+ $query = "SELECT fails as result FROM %s WHERE login=%s;";
+ $query = sprintf($query, sql_table('plug_securityenforcer'), DB::quoteValue($ip));
+>>>>>>> skinnable-master
$fip = DB::getValue($query);
if ( $flogin >= $this->max_failed_login || $fip >= $this->max_failed_login )
return;
}
- public function event_LoginSuccess($data)
+ public function event_LoginSuccess(&$data)
{
//member(obj),username
if ( $this->enable_security != 'yes' || $this->max_failed_login <= 0 )
global $_SERVER;
$login = $data['username'];
$ip = $_SERVER['REMOTE_ADDR'];
+<<<<<<< HEAD
DB::execute("DELETE FROM " . sql_table('plug_securityenforcer') . " WHERE login=" . DB::quoteValue($login));
DB::execute("DELETE FROM " . sql_table('plug_securityenforcer') . " WHERE login=" . DB::quoteValue($ip));
+=======
+ DB::execute('DELETE FROM ' . sql_table('plug_securityenforcer') . ' WHERE login=' . DB::quoteValue($login));
+ DB::execute('DELETE FROM ' . sql_table('plug_securityenforcer') . ' WHERE login=' . DB::quoteValue($ip));
+>>>>>>> skinnable-master
return;
}
- public function event_LoginFailed($data)
+ public function event_LoginFailed(&$data)
{
//username
if ( $this->enable_security != 'yes' || $this->max_failed_login <= 0 )
global $_SERVER;
$login = $data['username'];
$ip = $_SERVER['REMOTE_ADDR'];
+<<<<<<< HEAD
$lres = DB::getValue("SELECT * FROM " . sql_table('plug_securityenforcer') . ' WHERE login=' . DB::quoteValue($login));
if ( $lres )
{
else
{
DB::execute("INSERT INTO " . sql_table('plug_securityenforcer') . ' (login,fails,lastfail) VALUES (' . DB::quoteValue($ip) . ',1,' . time() . ')');
+=======
+ $lres = DB::getResult('SELECT * FROM ' . sql_table('plug_securityenforcer') . ' WHERE login=' . DB::quoteValue($login));
+ if ( $lres->rowCount() > 0 )
+ {
+ DB::execute('UPDATE ' . sql_table('plug_securityenforcer') . ' SET fails=fails+1, lastfail=' . time() . ' WHERE login=' . DB::quoteValue($login));
+ }
+ else
+ {
+ DB::execute('INSERT INTO ' . sql_table('plug_securityenforcer') . ' (login,fails,lastfail) VALUES (' . DB::quoteValue($login) . ',1,' . time() . ')');
+ }
+ $lres = DB::getResult('SELECT * FROM ' . sql_table('plug_securityenforcer') . ' WHERE login=' . DB::quoteValue($ip));
+ if ( $lres->rowCount() > 0 )
+ {
+ DB::execute('UPDATE ' . sql_table('plug_securityenforcer') . ' SET fails=fails+1, lastfail=' . time() . ' WHERE login=' . DB::quoteValue($ip));
+ }
+ else
+ {
+ DB::execute('INSERT INTO ' . sql_table('plug_securityenforcer') . ' (login,fails,lastfail) VALUES (' . DB::quoteValue($ip) . ',1,' . time() . ')');
+>>>>>>> skinnable-master
}
return;
}
{
$minlength = intval($minlength);
$complexity = intval($complexity);
+ $message = '';
if ( $minlength < 6 )
{
$complexity = 4;
}
+<<<<<<< HEAD
$ucchars = "[A-Z]";
$lcchars = "[a-z]";
$numchars = "[0-9]";
$ochars = "[-~!@#$%^&*()_+=,.<>?:;|]";
+=======
+ $ucchars = '[A-Z]';
+ $lcchars = '[a-z]';
+ $numchars = '[0-9]';
+ $ochars = '[#-~!@\\$%^&*()_+=,.<>?:;|]';
+>>>>>>> skinnable-master
$chartypes = array($ucchars, $lcchars, $numchars, $ochars);
$tot = array(0,0,0,0);
$i = 0;
foreach ( $chartypes as $value )
{
- $tot[$i] = preg_match("#{$value}#", $passwd);
+ $tot[$i] = preg_match("/" . $value . "/", $passwd);
$i = $i + 1;
}