forked from ZwiiCMS-Team/ZwiiCMS
10.2.dev26 + merge 10104 + correctif auth
This commit is contained in:
parent
75ac83331c
commit
2d93f5c5f5
@ -39,7 +39,7 @@ class common {
|
||||
const ACCESS_TIMER = 1800;
|
||||
|
||||
// Numéro de version
|
||||
const ZWII_VERSION = '10.2.00.dev25';
|
||||
const ZWII_VERSION = '10.2.00.dev26';
|
||||
const ZWII_UPDATE_CHANNEL = "v10";
|
||||
|
||||
public static $actions = [];
|
||||
@ -1303,11 +1303,20 @@ class common {
|
||||
// Réorganisation du thème
|
||||
$this->setData(['theme','text','linkTextColor',$this->getData(['theme','link', 'textColor'])]);
|
||||
}
|
||||
// Version 10.1.04
|
||||
if ($this->getData(['core', 'dataVersion']) < 10104) {
|
||||
$this->setData(['theme','text','linkColor','rgba(74, 105, 189, 1)']);
|
||||
$this->deleteData(['theme','text','linkTextColor']);
|
||||
$this->setdata(['theme','block','backgroundColor','rgba(236, 239, 241, 1)']);
|
||||
$this->setdata(['theme','block','borderColor','rgba(236, 239, 241, 1)']);
|
||||
$this->setdata(['theme','menu','radius','0px']);
|
||||
$this->setData(['core', 'dataVersion', 10104]);
|
||||
}
|
||||
// Version 10.2.00
|
||||
if ($this->getData(['core', 'dataVersion']) < 10200) {
|
||||
$this->deleteData(['admin','colorButtonText']);
|
||||
$this->setData(['config', 'connect', 'attempt',3]);
|
||||
$this->setData(['config', 'connect', 'timeout',600]);
|
||||
$this->setData(['config', 'connect', 'attempt',999]);
|
||||
$this->setData(['config', 'connect', 'timeout',0]);
|
||||
$this->setData(['config', 'connect', 'log',false]);
|
||||
// Remettre à zéro le thème pour la génération du CSS du blog
|
||||
if (file_exists(self::DATA_DIR . 'theme.css')) {
|
||||
|
@ -415,6 +415,19 @@ class config extends common {
|
||||
} else {
|
||||
$legalPageId = '';
|
||||
}
|
||||
// Contrôle de cohérence
|
||||
$connectAttempt = $this->getInput('configConnectAttempt', helper::FILTER_INT);
|
||||
$connectTimeout = $this->getInput('configConnectTimeout', helper::FILTER_INT);
|
||||
if(
|
||||
( $connectAttempt === 999 && $connectTimeout !== 0 )
|
||||
) {
|
||||
self::$inputNotices['configConnectAttempt'] = 'Valeur incorrecte';
|
||||
}
|
||||
if(
|
||||
( $connectAttempt !== 999 && $connectTimeout === 0 )
|
||||
) {
|
||||
self::$inputNotices['configConnectTimeout'] = 'Valeur incorrecte';
|
||||
}
|
||||
|
||||
$this->setData([
|
||||
'config',
|
||||
|
@ -350,13 +350,12 @@ class user extends common {
|
||||
|
||||
/**
|
||||
* Compte valide :
|
||||
* Timeout entre nombre de tentatives autorisées
|
||||
* Mot de passe
|
||||
* Groupe
|
||||
*/
|
||||
if( $this->getData(['user',$userId,'connectTimeout']) + $this->getData(['config', 'connect', 'timeout']) < time() &&
|
||||
$this->getData(['user',$userId,'connectFail']) < $this->getData(['config', 'connect', 'attempt']) &&
|
||||
password_verify($this->getInput('userLoginPassword', helper::FILTER_STRING_SHORT, true), $this->getData(['user', $userId, 'password']))
|
||||
if( $this->getData(['user',$userId,'connectTimeout']) + $this->getData(['config', 'connect', 'timeout']) < time()
|
||||
AND $this->getData(['user',$userId,'connectFail']) < $this->getData(['config', 'connect', 'attempt'])
|
||||
AND password_verify($this->getInput('userLoginPassword', helper::FILTER_STRING_SHORT, true), $this->getData(['user', $userId, 'password']))
|
||||
AND $this->getData(['user', $userId, 'group']) >= self::GROUP_MEMBER
|
||||
) {
|
||||
$expire = $this->getInput('userLoginLongTime') ? strtotime("+1 year") : 0;
|
||||
@ -378,6 +377,7 @@ class user extends common {
|
||||
else {
|
||||
// RAZ compteur échec connexion
|
||||
$this->setData(['user',$userId,'connectFail',0 ]);
|
||||
$this->setData(['user',$userId,'connectTimeout',0 ]);
|
||||
// Valeurs en sortie
|
||||
$this->addOutput([
|
||||
'notification' => 'Connexion réussie',
|
||||
@ -393,10 +393,10 @@ class user extends common {
|
||||
) {
|
||||
$this->setData(['user',$userId,'connectFail',$this->getdata(['user',$userId,'connectFail']) + 1 ]);
|
||||
// Mettre à jour le timer et notifier
|
||||
if ( $this->getdata(['user',$userId,'connectFail']) > $this->getData(['config', 'connect', 'attempt'])
|
||||
if ( $this->getdata(['user',$userId,'connectFail']) >= $this->getData(['config', 'connect', 'attempt'])
|
||||
) {
|
||||
$notification = 'Trop de tentatives, accès bloqué durant ' . ($this->getData(['config', 'connect', 'timeout']) / 60) . ' minutes.';
|
||||
// Ne pas incrémenter le timer si actif
|
||||
// Incrémenter le timer
|
||||
if ($this->getData(['user',$userId,'connectTimeout']) + $this->getData(['config', 'connect', 'timeout']) < time() ) {
|
||||
$this->setData(['user',$userId,'connectTimeout', time()]);
|
||||
}
|
||||
@ -406,7 +406,7 @@ class user extends common {
|
||||
// L'utilisateur n'existe pas
|
||||
// Bloquer l'IP après les tentatives autorisées avec ce compte,
|
||||
} elseif (
|
||||
$this->getData(['blacklist',$userId,'connectFail']) > $this->getData(['config', 'connect', 'attempt'])
|
||||
$this->getData(['blacklist',$userId,'connectFail']) >= $this->getData(['config', 'connect', 'attempt'])
|
||||
) {
|
||||
$notification = 'Trop de tentatives, compte verrouillé';
|
||||
}
|
||||
|
Loading…
x
Reference in New Issue
Block a user