File Manager

Current Directory: /home/astoriaah/www/old15/plugins/system/admintools/feature
Viewing File: /home/astoriaah/www/old15/plugins/system/admintools/feature/trackfailedlogins.php
<?php /** * @package AdminTools * @copyright Copyright (c)2010-2015 Nicholas K. Dionysopoulos * @license GNU General Public License version 3, or later */ defined('_JEXEC') or die; class AtsystemFeatureTrackfailedlogins extends AtsystemFeatureAbstract { protected $loadOrder = 800; /** * Is this feature enabled? * * @return bool */ public function isEnabled() { return ($this->cparams->getValue('trackfailedlogins', 0) == 1); } /** * Treat failed logins as security exceptions * * @param JAuthenticationResponse $response */ public function onUserLoginFailure($response) { $user = $this->input->getCmd('username', null); $pass = $this->input->getCmd('password', null); if (empty($pass)) { $pass = $this->input->getCmd('passwd', null); } $extraInfo = null; if (!empty($user)) { $extraInfo = 'Username: ' . $user; if ($this->cparams->getValue('showpwonloginfailure', 1)) { $extraInfo = 'Username: ' . $user . ' -- Password: ' . $pass; } } $this->exceptionsHandler->logAndAutoban('loginfailure', $user, $extraInfo); $this->deactivateUser($user); } private function deactivateUser($username) { $userParams = JComponentHelper::getParams('com_users'); // User registration disabled or no user activation - Let's stop here if (!$userParams->get('allowUserRegistration') || ($userParams->get('useractivation') == 0)) { return; } $ip = AtsystemUtilFilter::getIp(); // If I can't detect the IP there's not point in continuing if (!$ip) { return; } $limit = $this->cparams->getValue('deactivateusers_num', 3); $numfreq = $this->cparams->getValue('deactivateusers_numfreq', 1); $frequency = $this->cparams->getValue('deactivateusers_frequency', 'hour'); // The user didn't set any limit nor frequency value, let's stop here if (!$limit || !$numfreq) { return; } $userid = JUserHelper::getUserId($username); // The user doesn't exists, let's stop here if (!$userid) { return; } $user = JFactory::getUser($userid); // Username doesn't match, the user is blocked or is not active? Let's stop here if ($user->username != $username || $user->block || !(empty($user->activation))) { return; } // If I'm here, it means that this is a valid user, let's see if I have to deactivate him $where = array( 'ip' => $ip, 'reason' => 'loginfailure' ); $deactivate = $this->checkLogFrequency($limit, $numfreq, $frequency, $where); if (!$deactivate) { return; } JPluginHelper::importPlugin('user'); $db = $this->db; $data['activation'] = JApplication::getHash(JUserHelper::genRandomPassword()); $data['block'] = 1; $data['lastvisitDate'] = $db->getNullDate(); // If an admin needs to activate the user, I have to set the activate flag if ($userParams->get('useractivation') == 2) { $user->setParam('activate', 1); } if (!$user->bind($data)) { return; } if (!$user->save()) { return; } // Ok, now it's time to send the activation email again $template = $this->exceptionsHandler->getEmailTemplate('user-reactivate'); // Well, this should never happen... if (!$template) { return; } $subject = $template[0]; $body = $template[1]; $config = JFactory::getConfig(); $mailer = JFactory::getMailer(); $sitename = $config->get('sitename'); $mailfrom = $config->get('mailfrom'); $fromname = $config->get('fromname'); $uri = JUri::getInstance(); $base = $uri->toString(array('scheme', 'user', 'pass', 'host', 'port')); $activate = $base . JRoute::_('index.php?option=com_users&task=registration.activate&token=' . $data['activation'], false); // Send e-mail to the user if ($userParams->get('useractivation') == 1) { $mailer->addRecipient($user->email); } // Send e-mail to Super Users elseif ($userParams->get('useractivation') == 2) { // get all admin users $query = $db->getQuery(true) ->select($db->qn(array('name', 'email', 'sendEmail', 'id'))) ->from($db->qn('#__users')) ->where($db->qn('sendEmail') . ' = ' . 1); $rows = $db->setQuery($query)->loadObjectList(); // Send mail to all users with users creating permissions and receiving system emails foreach ($rows as $row) { $usercreator = JFactory::getUser($row->id); if ($usercreator->authorise('core.create', 'com_users')) { $mailer->addRecipient($usercreator->email); } } } else { // Future-proof check return; } $tokens = array( '[SITENAME]' => $sitename, '[DATE]' => gmdate('Y-m-d H:i:s') . " GMT", '[USER]' => $username, '[IP]' => $ip, '[ACTIVATE]' => '<a href="' . $activate . '">' . $activate . '</a>', ); $subject = str_replace(array_keys($tokens), array_values($tokens), $subject); $body = str_replace(array_keys($tokens), array_values($tokens), $body); $mailer->isHtml(true); $mailer->setSender(array($mailfrom, $fromname)); $mailer->setSubject($subject); $mailer->setBody($body); $mailer->Send(); } private function checkLogFrequency($limit, $numfreq, $frequency, array $extraWhere) { JLoader::import('joomla.utilities.date'); $db = $this->db; $mindatestamp = 0; switch ($frequency) { case 'second': break; case 'minute': $numfreq *= 60; break; case 'hour': $numfreq *= 3600; break; case 'day': $numfreq *= 86400; break; case 'ever': $mindatestamp = 946706400; // January 1st, 2000 break; } $jNow = new JDate(); if ($mindatestamp == 0) { $mindatestamp = $jNow->toUnix() - $numfreq; } $jMinDate = new JDate($mindatestamp); $minDate = $jMinDate->toSql(); $sql = $db->getQuery(true) ->select('COUNT(*)') ->from($db->qn('#__admintools_log')) ->where($db->qn('logdate') . ' >= ' . $db->q($minDate)); foreach ($extraWhere as $column => $value) { $sql->where($db->qn($column) . ' = ' . $db->q($value)); } $db->setQuery($sql); try { $numOffenses = $db->loadResult(); } catch (Exception $e) { $numOffenses = 0; } if ($numOffenses < $limit) { return false; } return true; } }