Browse Source

10.2.dev26 + merge 10104 + correctif auth

pull/9/head
Fred Tempez 2 years ago
parent
commit
2d93f5c5f5
  1. 15
      core/core.php
  2. 13
      core/module/config/config.php
  3. 14
      core/module/user/user.php

15
core/core.php

@ -39,7 +39,7 @@ class common {
const ACCESS_TIMER = 1800;
// Numéro de version
const ZWII_VERSION = '10.2.00.dev25';
const ZWII_VERSION = '10.2.00.dev26';
const ZWII_UPDATE_CHANNEL = "v10";
public static $actions = [];
@ -1303,11 +1303,20 @@ class common {
// Réorganisation du thème
$this->setData(['theme','text','linkTextColor',$this->getData(['theme','link', 'textColor'])]);
}
// Version 10.1.04
if ($this->getData(['core', 'dataVersion']) < 10104) {
$this->setData(['theme','text','linkColor','rgba(74, 105, 189, 1)']);
$this->deleteData(['theme','text','linkTextColor']);
$this->setdata(['theme','block','backgroundColor','rgba(236, 239, 241, 1)']);
$this->setdata(['theme','block','borderColor','rgba(236, 239, 241, 1)']);
$this->setdata(['theme','menu','radius','0px']);
$this->setData(['core', 'dataVersion', 10104]);
}
// Version 10.2.00
if ($this->getData(['core', 'dataVersion']) < 10200) {
$this->deleteData(['admin','colorButtonText']);
$this->setData(['config', 'connect', 'attempt',3]);
$this->setData(['config', 'connect', 'timeout',600]);
$this->setData(['config', 'connect', 'attempt',999]);
$this->setData(['config', 'connect', 'timeout',0]);
$this->setData(['config', 'connect', 'log',false]);
// Remettre à zéro le thème pour la génération du CSS du blog
if (file_exists(self::DATA_DIR . 'theme.css')) {

13
core/module/config/config.php

@ -415,6 +415,19 @@ class config extends common {
} else {
$legalPageId = '';
}
// Contrôle de cohérence
$connectAttempt = $this->getInput('configConnectAttempt', helper::FILTER_INT);
$connectTimeout = $this->getInput('configConnectTimeout', helper::FILTER_INT);
if(
( $connectAttempt === 999 && $connectTimeout !== 0 )
) {
self::$inputNotices['configConnectAttempt'] = 'Valeur incorrecte';
}
if(
( $connectAttempt !== 999 && $connectTimeout === 0 )
) {
self::$inputNotices['configConnectTimeout'] = 'Valeur incorrecte';
}
$this->setData([
'config',

14
core/module/user/user.php

@ -350,13 +350,12 @@ class user extends common {
/**
* Compte valide :
* Timeout entre nombre de tentatives autorisées
* Mot de passe
* Groupe
*/
if( $this->getData(['user',$userId,'connectTimeout']) + $this->getData(['config', 'connect', 'timeout']) < time() &&
$this->getData(['user',$userId,'connectFail']) < $this->getData(['config', 'connect', 'attempt']) &&
password_verify($this->getInput('userLoginPassword', helper::FILTER_STRING_SHORT, true), $this->getData(['user', $userId, 'password']))
if( $this->getData(['user',$userId,'connectTimeout']) + $this->getData(['config', 'connect', 'timeout']) < time()
AND $this->getData(['user',$userId,'connectFail']) < $this->getData(['config', 'connect', 'attempt'])
AND password_verify($this->getInput('userLoginPassword', helper::FILTER_STRING_SHORT, true), $this->getData(['user', $userId, 'password']))
AND $this->getData(['user', $userId, 'group']) >= self::GROUP_MEMBER
) {
$expire = $this->getInput('userLoginLongTime') ? strtotime("+1 year") : 0;
@ -378,6 +377,7 @@ class user extends common {
else {
// RAZ compteur échec connexion
$this->setData(['user',$userId,'connectFail',0 ]);
$this->setData(['user',$userId,'connectTimeout',0 ]);
// Valeurs en sortie
$this->addOutput([
'notification' => 'Connexion réussie',
@ -393,10 +393,10 @@ class user extends common {
) {
$this->setData(['user',$userId,'connectFail',$this->getdata(['user',$userId,'connectFail']) + 1 ]);
// Mettre à jour le timer et notifier
if ( $this->getdata(['user',$userId,'connectFail']) > $this->getData(['config', 'connect', 'attempt'])
if ( $this->getdata(['user',$userId,'connectFail']) >= $this->getData(['config', 'connect', 'attempt'])
) {
$notification = 'Trop de tentatives, accès bloqué durant ' . ($this->getData(['config', 'connect', 'timeout']) / 60) . ' minutes.';
// Ne pas incrémenter le timer si actif
// Incrémenter le timer
if ($this->getData(['user',$userId,'connectTimeout']) + $this->getData(['config', 'connect', 'timeout']) < time() ) {
$this->setData(['user',$userId,'connectTimeout', time()]);
}
@ -406,7 +406,7 @@ class user extends common {
// L'utilisateur n'existe pas
// Bloquer l'IP après les tentatives autorisées avec ce compte,
} elseif (
$this->getData(['blacklist',$userId,'connectFail']) > $this->getData(['config', 'connect', 'attempt'])
$this->getData(['blacklist',$userId,'connectFail']) >= $this->getData(['config', 'connect', 'attempt'])
) {
$notification = 'Trop de tentatives, compte verrouillé';
}

Loading…
Cancel
Save