ZwiiCMS-Team
/
ZwiiCMS
3
3
Fork 2
Code Issues Releases 98 Activity
Browse Source

10.2.dev26 + merge 10104 + correctif auth

pull/9/head
Fred Tempez 2 years ago
parent
75ac83331c
commit
2d93f5c5f5
3 changed files with 32 additions and 10 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 15
      core/core.php
  2. 13
      core/module/config/config.php
  3. 14
      core/module/user/user.php

15
core/core.php
Unescape View File

@ -39,7 +39,7 @@ class common {
const ACCESS_TIMER = 1800;
// Numéro de version
const ZWII_VERSION = '10.2.00.dev25';
const ZWII_VERSION = '10.2.00.dev26';
const ZWII_UPDATE_CHANNEL = "v10";
public static $actions = [];
@ -1303,11 +1303,20 @@ class common {
// Réorganisation du thème
$this->setData(['theme','text','linkTextColor',$this->getData(['theme','link', 'textColor'])]);
}
// Version 10.1.04
if ($this->getData(['core', 'dataVersion']) < 10104) {
$this->setData(['theme','text','linkColor','rgba(74, 105, 189, 1)']);
$this->deleteData(['theme','text','linkTextColor']);
$this->setdata(['theme','block','backgroundColor','rgba(236, 239, 241, 1)']);
$this->setdata(['theme','block','borderColor','rgba(236, 239, 241, 1)']);
$this->setdata(['theme','menu','radius','0px']);
$this->setData(['core', 'dataVersion', 10104]);
}
// Version 10.2.00
if ($this->getData(['core', 'dataVersion']) < 10200) {
$this->deleteData(['admin','colorButtonText']);
$this->setData(['config', 'connect', 'attempt',3]);
$this->setData(['config', 'connect', 'timeout',600]);
$this->setData(['config', 'connect', 'attempt',999]);
$this->setData(['config', 'connect', 'timeout',0]);
$this->setData(['config', 'connect', 'log',false]);
// Remettre à zéro le thème pour la génération du CSS du blog
if (file_exists(self::DATA_DIR . 'theme.css')) {

13
core/module/config/config.php
Unescape View File

@ -415,6 +415,19 @@ class config extends common {
} else {
$legalPageId = '';
}
// Contrôle de cohérence
$connectAttempt = $this->getInput('configConnectAttempt', helper::FILTER_INT);
$connectTimeout = $this->getInput('configConnectTimeout', helper::FILTER_INT);
if(
( $connectAttempt === 999 && $connectTimeout !== 0 )
) {
self::$inputNotices['configConnectAttempt'] = 'Valeur incorrecte';
}
if(
( $connectAttempt !== 999 && $connectTimeout === 0 )
) {
self::$inputNotices['configConnectTimeout'] = 'Valeur incorrecte';
}
$this->setData([
'config',

14
core/module/user/user.php
Unescape View File

@ -350,13 +350,12 @@ class user extends common {
/**
* Compte valide :
* Timeout entre nombre de tentatives autorisées
* Mot de passe
* Groupe
*/
if( $this->getData(['user',$userId,'connectTimeout']) + $this->getData(['config', 'connect', 'timeout']) < time() &&
$this->getData(['user',$userId,'connectFail']) < $this->getData(['config', 'connect', 'attempt']) &&
password_verify($this->getInput('userLoginPassword', helper::FILTER_STRING_SHORT, true), $this->getData(['user', $userId, 'password']))
if( $this->getData(['user',$userId,'connectTimeout']) + $this->getData(['config', 'connect', 'timeout']) < time()
AND $this->getData(['user',$userId,'connectFail']) < $this->getData(['config', 'connect', 'attempt'])
AND password_verify($this->getInput('userLoginPassword', helper::FILTER_STRING_SHORT, true), $this->getData(['user', $userId, 'password']))
AND $this->getData(['user', $userId, 'group']) >= self::GROUP_MEMBER
) {
$expire = $this->getInput('userLoginLongTime') ? strtotime("+1 year") : 0;
@ -378,6 +377,7 @@ class user extends common {
else {
// RAZ compteur échec connexion
$this->setData(['user',$userId,'connectFail',0 ]);
$this->setData(['user',$userId,'connectTimeout',0 ]);
// Valeurs en sortie
$this->addOutput([
'notification' => 'Connexion réussie',
@ -393,10 +393,10 @@ class user extends common {
) {
$this->setData(['user',$userId,'connectFail',$this->getdata(['user',$userId,'connectFail']) + 1 ]);
// Mettre à jour le timer et notifier
if ( $this->getdata(['user',$userId,'connectFail']) > $this->getData(['config', 'connect', 'attempt'])
if ( $this->getdata(['user',$userId,'connectFail']) >= $this->getData(['config', 'connect', 'attempt'])
) {
$notification = 'Trop de tentatives, accès bloqué durant ' . ($this->getData(['config', 'connect', 'timeout']) / 60) . ' minutes.';
// Ne pas incrémenter le timer si actif
// Incrémenter le timer
if ($this->getData(['user',$userId,'connectTimeout']) + $this->getData(['config', 'connect', 'timeout']) < time() ) {
$this->setData(['user',$userId,'connectTimeout', time()]);
}
@ -406,7 +406,7 @@ class user extends common {
// L'utilisateur n'existe pas
// Bloquer l'IP après les tentatives autorisées avec ce compte,
} elseif (
$this->getData(['blacklist',$userId,'connectFail']) > $this->getData(['config', 'connect', 'attempt'])
$this->getData(['blacklist',$userId,'connectFail']) >= $this->getData(['config', 'connect', 'attempt'])
) {
$notification = 'Trop de tentatives, compte verrouillé';
}

Write Preview
Loading…
Cancel
Save