From 0d68f007100fe599b2b672eb77a6d8e30069894a Mon Sep 17 00:00:00 2001
From: Fred Tempez <ftempez@gmail.com>
Date: Thu, 28 May 2020 19:03:31 +0200
Subject: [PATCH] =?UTF-8?q?10.2.dev12=20=20s=C3=A9curit=C3=A9=20de=20la=20?=
 =?UTF-8?q?conenxion=20au=20compte?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 core/core.php                           | 10 ++++------
 core/module/config/config.php           | 21 ++++++++++++++++++++-
 core/module/config/view/index/index.php | 22 ++++++++++++++++++++++
 core/module/user/user.php               | 12 ++++++------
 4 files changed, 52 insertions(+), 13 deletions(-)

diff --git a/core/core.php b/core/core.php
index 1f1b8019..11c9b92c 100755
--- a/core/core.php
+++ b/core/core.php
@@ -35,15 +35,11 @@ class common {
 	const THUMBS_SEPARATOR = 'mini_';
 	const THUMBS_WIDTH = 640;
 
-	// Contrôle d'édition temps max en secondes.
+	// Contrôle d'édition temps max en secondes avant déconnexion 30 minutes
 	const ACCESS_TIMER = 1800;
-	// Nombre d'essais
-	const CONNECT_ATTEMPT = 3;
-	// Temps mort
-	const CONNECT_TIMEOUT = 1800;
 
 	// Numéro de version
-	const ZWII_VERSION = '10.2.00.dev11';
+	const ZWII_VERSION = '10.2.00.dev12';
 	const ZWII_UPDATE_CHANNEL = "v10";
 
 	public static $actions = [];
@@ -1314,6 +1310,8 @@ class common {
 		// Version 10.2.00
 		if ($this->getData(['core', 'dataVersion']) < 10200) {
 				$this->deleteData(['admin','colorButtonText']);
+				$this->setData(['config', 'connect', 'attempt',3]);
+				$this->setData(['config', 'connect', 'timeout',10]);
 			$this->setData(['core', 'dataVersion', 10200]);
 		}
 	}
diff --git a/core/module/config/config.php b/core/module/config/config.php
index c7a99437..4dc11705 100755
--- a/core/module/config/config.php
+++ b/core/module/config/config.php
@@ -165,7 +165,22 @@ class config extends common {
 		'tls' => 'START TLS',
 		'ssl' => 'SSL/TLS'
 	];
-
+	// Sécurité de la  connexion - tentative max avant blocage
+	public static $connectAttempt = [
+		999 => 'Aucun',
+		3 => '3 tentatives',
+		5 => '5 tentatives',
+		10=> '10 tentatives'
+	];
+	// Sécurité de la connexion - durée du blocage
+	public static $connectTimeout = [
+		0 => 'Aucun',
+		120 => '2 minutes',
+		240 => '4 minutes',
+		360 => '6 minutes',
+		480 => '8 minutes',
+		600 => '10 minutes'
+	];
 	public function generateFiles() {
 		// Mettre à jour le site map
 		$successSitemap=$this->createSitemap();
@@ -438,6 +453,10 @@ class config extends common {
 						'username' => $this->getInput('configSmtpUsername',helper::FILTER_STRING_SHORT),
 						'password' =>helper::encrypt($this->getData(['config','smtp','username']),$this->getInput('configSmtpPassword')),
 						'sender' => $this->getInput('configSmtpSender',helper::FILTER_MAIL)
+					],
+					'connect' => [
+						'attempt' => $this->getInput('configConnectAttempt',helper::FILTER_INT),
+						'timeout' => $this->getInput('configConnectTimeout',helper::FILTER_INT),
 					]
 				]
 			]);
diff --git a/core/module/config/view/index/index.php b/core/module/config/view/index/index.php
index 884abd64..6b3b1314 100755
--- a/core/module/config/view/index/index.php
+++ b/core/module/config/view/index/index.php
@@ -348,6 +348,28 @@
 		</div>
 	</div>
 </div>
+
+<div class="row">
+	<div class="col12">
+		<div class="block">
+			<h4>Connexion</h4>
+			<div class="row">
+				<div class="col4">
+					<?php echo template::select('configConnectAttempt', $module::$connectAttempt , [
+						'label' => 'Echecs avant blocage',
+						'selected' => $this->getData(['config', 'connect', 'attempt'])
+					]); ?>
+				</div>
+				<div class="col4">
+					<?php echo template::select('configConnectTimeout', $module::$connectTimeout , [
+						'label' => 'Durée du blocage',
+						'selected' => $this->getData(['config', 'connect', 'timeout'])
+					]); ?>
+				</div>
+			</div>
+		</div>
+	</div>
+</div>
 <div class="row">
 	<div class="col12">
 		<div class="block">
diff --git a/core/module/user/user.php b/core/module/user/user.php
index 10714bf0..ba90fa56 100755
--- a/core/module/user/user.php
+++ b/core/module/user/user.php
@@ -333,10 +333,10 @@ class user extends common {
 		if($this->isPost()) {
 			$userId = $this->getInput('userLoginId', helper::FILTER_ID, true);
 			// Contrôle du time out
-			if ( $this->getData(['user',$userId,'connectTimeout']) + self::CONNECT_TIMEOUT > time() &&
-				 $this->getData(['user',$userId,'connectFail']) > self::CONNECT_ATTEMPT	) {
+			if ( $this->getData(['user',$userId,'connectTimeout']) + $this->getData(['config', 'connect', 'timeout']) > time() &&
+				 $this->getData(['user',$userId,'connectFail']) > $this->getData(['config', 'connect', 'attempt'])	) {
 					$this->addOutput([
-						'notification' => 'Accès bloqué pour ' . self::CONNECT_TIMEOUT . ' minutes'
+						'notification' => 'Accès bloqué pour ' . $this->getData(['config', 'connect', 'timeout']) . ' minutes'
 					]);
 			}
 			// Connexion si les informations sont correctes
@@ -378,10 +378,10 @@ class user extends common {
 					$this->setData(['user',$userId,'connectFail',$this->getdata(['user',$userId,'connectFail']) + 1 ]);
 				}
 				// Mettre à jour le timer
-				if ( $this->getdata(['user',$userId,'connectFail']) > self::CONNECT_ATTEMPT) {
-					$notification = 'Trop de tentatives, accès bloqué durant ' . self::CONNECT_TIMEOUT / 360 . ' minutes après chaque tentative infructueuse';
+				if ( $this->getdata(['user',$userId,'connectFail']) > $this->getData(['config', 'connect', 'attempt'])) {
+					$notification = 'Trop de tentatives, accès bloqué durant ' . $this->getData(['config', 'connect', 'timeout']) . ' minutes.';
 					// Ne pas incrémenter le timer si actif
-					if ($this->getData(['user',$userId,'connectTimeout'])  + self::CONNECT_TIMEOUT < time() ) {
+					if ($this->getData(['user',$userId,'connectTimeout'])  + $this->getData(['config', 'connect', 'timeout']) < time() ) {
 						$this->setData(['user',$userId,'connectTimeout', time()]);
 					}
 				} else {