10.2.dev26 + merge 10104 + correctif auth

3 years ago · 2d93f5c5f5
parent 75ac83331c
commit 2d93f5c5f5
3 changed files with 32 additions and 10 deletions
--- a/core/core.php
+++ b/core/core.php
@ -39,7 +39,7 @@ class common {
 	const ACCESS_TIMER = 1800;

 	// Numéro de version
-	const ZWII_VERSION = '10.2.00.dev25';
+	const ZWII_VERSION = '10.2.00.dev26';
 	const ZWII_UPDATE_CHANNEL = "v10";

 	public static $actions = [];
@ -1303,11 +1303,20 @@ class common {
 			// Réorganisation du thème
 			$this->setData(['theme','text','linkTextColor',$this->getData(['theme','link', 'textColor'])]);
 		}
+		// Version 10.1.04
+		if ($this->getData(['core', 'dataVersion']) < 10104) {
+			$this->setData(['theme','text','linkColor','rgba(74, 105, 189, 1)']);
+			$this->deleteData(['theme','text','linkTextColor']);
+			$this->setdata(['theme','block','backgroundColor','rgba(236, 239, 241, 1)']);
+			$this->setdata(['theme','block','borderColor','rgba(236, 239, 241, 1)']);
+			$this->setdata(['theme','menu','radius','0px']);
+			$this->setData(['core', 'dataVersion', 10104]);
+		}		
 		// Version 10.2.00
 		if ($this->getData(['core', 'dataVersion']) < 10200) {
 				$this->deleteData(['admin','colorButtonText']);
-				$this->setData(['config', 'connect', 'attempt',3]);
-				$this->setData(['config', 'connect', 'timeout',600]);
+				$this->setData(['config', 'connect', 'attempt',999]);
+				$this->setData(['config', 'connect', 'timeout',0]);
 				$this->setData(['config', 'connect', 'log',false]);
 				// Remettre à zéro le thème pour la génération du CSS du blog
 				if (file_exists(self::DATA_DIR . 'theme.css')) {
--- a/core/module/config/config.php
+++ b/core/module/config/config.php
@ -415,6 +415,19 @@ class config extends common {
 			} else {
 				$legalPageId = '';
 			}
+			// Contrôle de cohérence
+			$connectAttempt = $this->getInput('configConnectAttempt', helper::FILTER_INT);
+			$connectTimeout = $this->getInput('configConnectTimeout', helper::FILTER_INT);
+			if(
+				( $connectAttempt === 999 && $connectTimeout !== 0 )
+			) {
+				self::$inputNotices['configConnectAttempt'] = 'Valeur incorrecte';
+			}
+			if(
+				( $connectAttempt !== 999 && $connectTimeout === 0 )
+			) {
+				self::$inputNotices['configConnectTimeout'] = 'Valeur incorrecte';
+			}

 			$this->setData([
 				'config',
--- a/core/module/user/user.php
+++ b/core/module/user/user.php
@ -350,13 +350,12 @@ class user extends common {

 			/**
 			 *  Compte valide :
-			 *  Timeout entre nombre de tentatives autorisées
 			 *  Mot de passe
 			 *  Groupe
 			*/
-			if( $this->getData(['user',$userId,'connectTimeout']) + $this->getData(['config', 'connect', 'timeout']) < time() &&
-				$this->getData(['user',$userId,'connectFail']) < $this->getData(['config', 'connect', 'attempt']) &&
-				password_verify($this->getInput('userLoginPassword', helper::FILTER_STRING_SHORT, true), $this->getData(['user', $userId, 'password']))
+			if( $this->getData(['user',$userId,'connectTimeout']) + $this->getData(['config', 'connect', 'timeout']) < time()
+				AND $this->getData(['user',$userId,'connectFail']) < $this->getData(['config', 'connect', 'attempt'])
+				AND password_verify($this->getInput('userLoginPassword', helper::FILTER_STRING_SHORT, true), $this->getData(['user', $userId, 'password']))
 				AND $this->getData(['user', $userId, 'group']) >= self::GROUP_MEMBER
 			) {
 				$expire = $this->getInput('userLoginLongTime') ? strtotime("+1 year") : 0;
@ -378,6 +377,7 @@ class user extends common {
 				else {
 					// RAZ compteur échec connexion
 					$this->setData(['user',$userId,'connectFail',0 ]);
+					$this->setData(['user',$userId,'connectTimeout',0 ]);
 					// Valeurs en sortie
 					$this->addOutput([
 						'notification' => 'Connexion réussie',
@ -393,10 +393,10 @@ class user extends common {
 				) {
 					$this->setData(['user',$userId,'connectFail',$this->getdata(['user',$userId,'connectFail']) + 1 ]);
 					// Mettre à jour le timer et notifier
-					if ( $this->getdata(['user',$userId,'connectFail']) > $this->getData(['config', 'connect', 'attempt'])
+					if ( $this->getdata(['user',$userId,'connectFail']) >= $this->getData(['config', 'connect', 'attempt'])
 					) {
 						$notification = 'Trop de tentatives, accès bloqué durant ' . ($this->getData(['config', 'connect', 'timeout']) / 60) . ' minutes.';
-						// Ne pas incrémenter le timer si actif
+						// Incrémenter le timer
 						if ($this->getData(['user',$userId,'connectTimeout'])  + $this->getData(['config', 'connect', 'timeout']) < time() ) {
 							$this->setData(['user',$userId,'connectTimeout', time()]);
 						}
@ -406,7 +406,7 @@ class user extends common {
 				// L'utilisateur n'existe pas
 				// Bloquer l'IP après les tentatives autorisées avec ce compte,
 				} elseif (
-							$this->getData(['blacklist',$userId,'connectFail']) > $this->getData(['config', 'connect', 'attempt'])
+							$this->getData(['blacklist',$userId,'connectFail']) >= $this->getData(['config', 'connect', 'attempt'])
 						 ) {
 							$notification = 'Trop de tentatives, compte verrouillé';
 				}