"g-login-form")); $form->set_attr("class", "g-narrow"); $form->hidden("continue_url")->value(Session::instance()->get("continue_url")); $group = $form->group("login")->label(t("Login")); $group->input("name")->label(t("Username"))->id("g-username")->class(null) ->callback("auth::validate_too_many_failed_logins") ->error_messages( "too_many_failed_logins", t("Too many failed login attempts. Try again later")); $group->password("password")->label(t("Password"))->id("g-password")->class(null); $group->inputs["name"]->error_messages("invalid_login", t("Invalid name or password")); $group->submit("")->value(t("Login")); return $form; } static function login($user) { identity::set_active_user($user); if (identity::is_writable()) { $user->login_count += 1; $user->last_login = time(); $user->save(); } log::info("user", t("User %name logged in", array("name" => $user->name))); module::event("user_login", $user); } static function logout() { $user = identity::active_user(); if (!$user->guest) { try { Session::instance()->destroy(); } catch (Exception $e) { Kohana_Log::add("error", $e); } module::event("user_logout", $user); } log::info("user", t("User %name logged out", array("name" => $user->name)), t('%user_name', array("url" => user_profile::url($user->id), "user_name" => html::clean($user->name)))); } /** * After there have been 5 failed auth attempts, any failure leads to getting locked out for a * minute. */ static function too_many_failures($name) { $failed = ORM::factory("failed_auth") ->where("name", "=", $name) ->find(); return ($failed->loaded() && $failed->count > 5 && (time() - $failed->time < 60)); } static function validate_too_many_failed_logins($name_input) { if (auth::too_many_failures($name_input->value)) { $name_input->add_error("too_many_failed_logins", 1); } } static function validate_too_many_failed_auth_attempts($form_input) { if (auth::too_many_failures(identity::active_user()->name)) { $form_input->add_error("too_many_failed_auth_attempts", 1); } } /** * Record a failed authentication for this user */ static function record_failed_attempt($name) { $failed = ORM::factory("failed_auth") ->where("name", "=", $name) ->find(); if (!$failed->loaded()) { $failed->name = $name; } $failed->time = time(); $failed->count++; $failed->save(); } /** * Clear any failed logins for this user */ static function clear_failed_attempts($user) { ORM::factory("failed_auth") ->where("name", "=", $user->name) ->delete_all(); } /** * Checks whether the current user (= admin) must * actively re-authenticate before access is given * to the admin area. */ static function must_reauth_for_admin_area() { if (!identity::active_user()->admin) { access::forbidden(); } $session = Session::instance(); $last_active_auth = $session->get("active_auth_timestamp", 0); $last_admin_area_activity = $session->get("admin_area_activity_timestamp", 0); $admin_area_timeout = module::get_var("gallery", "admin_area_timeout"); if (max($last_active_auth, $last_admin_area_activity) + $admin_area_timeout < time()) { return true; } $session->set("admin_area_activity_timestamp", time()); return false; } }