Development

Revision 1399, 7.1 kB (checked in by scitech, 2 weeks ago)
Fixed #1557: Error -> Duplicate entry 'xxxxx' for key 1 while logging into ISPCP

Line
1	<?php
2	/**
3	* ispCP ω (OMEGA) a Virtual Hosting Control System
4	*
5	* @copyright 2001-2006 by moleSoftware GmbH
6	* @copyright 2006-2008 by ispCP \| http://isp-control.net
7	* @version SVN: $Id$
8	* @link http://isp-control.net
9	* @author ispCP Team (2007)
10	*
11	* @license
12	* This program is free software; you can redistribute it and/or modify it under
13	* the terms of the MPL General Public License as published by the Free Software
14	* Foundation; either version 1.1 of the License, or (at your option) any later
15	* version.
16	* You should have received a copy of the MPL Mozilla Public License along with
17	* this program; if not, write to the Open Source Initiative (OSI)
18	* http://opensource.org \| osi@opensource.org
19	*/
20
21	function username_exists($username) {
22	$sql = Database::getInstance();
23
24	$query = 'SELECT admin_id FROM admin WHERE admin_name=?';
25	$res = exec_query($sql, $query, array($username));
26
27	return ($res->RecordCount() == 1);
28	}
29
30	function get_userdata($username) {
31	$sql = Database::getInstance();
32
33	$query = 'SELECT * FROM admin WHERE admin_name=?';
34	$res = exec_query($sql, $query, array($username));
35
36	return $res->FetchRow();
37
38	}
39
40	function is_userdomain_ok($username) {
41	$sql = Database::getInstance();
42
43	$udata = get_userdata($username);
44
45	if (!is_array($udata)) {
46	return false;
47	}
48
49	if ($udata['admin_type'] != 'user') {
50	return true;
51	}
52
53	$query = 'SELECT domain_status FROM domain WHERE domain_admin_id=?';
54
55	$res = exec_query($sql, $query, array($udata['admin_id']));
56
57	$row = $res->FetchRow();
58
59	return ($row['domain_status'] == Config::get('ITEM_OK_STATUS'));
60	}
61
62	function unblock($timeout = null, $type = 'bruteforce') {
63	$sql = Database::getInstance();
64
65	if ($timeout === null) {
66	$timeout = Config::get('BRUTEFORCE_BLOCK_TIME');
67	}
68
69	$max = 0;
70
71	$timeout = time() - ($timeout * 60);
72
73	switch ($type) {
74	case 'bruteforce':
75	$query = "UPDATE login SET login_count='1' WHERE login_count > ? AND lastaccess < ? AND user_name is NULL";
76	$max = Config::get('BRUTEFORCE_MAX_LOGIN');
77	break;
78	case 'captcha':
79	$query = "UPDATE login SET captcha_count='1' WHERE captcha_count > ? AND lastaccess < ? AND user_name is NULL";
80	$max = Config::get('BRUTEFORCE_MAX_CAPTCHA');
81	break;
82	default:
83	die('FIXME: '.__FILE__.':'.__LINE__);
84	break;
85	}
86
87	exec_query($sql, $query, array($max, $timeout));
88
89	}
90
91	function is_ipaddr_blocked($ipaddr = null, $type = 'bruteforce', $autodeny = false) {
92	$sql = Database::getInstance();
93
94	if ($ipaddr === null) {
95	$ipaddr = getipaddr();
96	}
97
98	$max = 0;
99
100	switch ($type) {
101	case 'bruteforce':
102	$query = "SELECT * FROM login WHERE ipaddr=? AND login_count=?";
103	$max = Config::get('BRUTEFORCE_MAX_LOGIN');
104	break;
105	case 'captcha':
106	$query = "SELECT * FROM login WHERE ipaddr=? AND captcha_count=?";
107	$max = Config::get('BRUTEFORCE_MAX_CAPTCHA');
108	break;
109	default:
110	die('FIXME: '.__FILE__.':'.__LINE__);
111	break;
112	}
113	$res = exec_query($sql, $query, array($ipaddr, $max));
114
115	if ($res->RecordCount() == 0) {
116	return false;
117	} else if (!$autodeny) {
118	return true;
119	}
120
121	deny_access();
122	return true;
123	}
124
125	function shall_user_wait($ipaddr = null, $displayMessage = true) {
126	$sql = Database::getInstance();
127
128	if (!Config::get('BRUTEFORCE'))
129	return false;
130
131	if ($ipaddr === null) {
132	$ipaddr = getipaddr();
133	}
134
135	$query = 'SELECT lastaccess FROM login WHERE ipaddr=? AND user_name is NULL';
136	$res = exec_query($sql, $query, array($ipaddr));
137
138	if ($res->RecordCount() == 0) {
139	return false;
140	}
141
142	$data = $res->FetchRow();
143
144	$lastaccess = $data['lastaccess'];
145
146	if (Config::get('BRUTEFORCE_BETWEEN')) {
147	$btime = $lastaccess + Config::get('BRUTEFORCE_BETWEEN_TIME');
148	} else {
149	return false;
150	}
151
152	if ($btime > time()) {
153	if ($displayMessage) {
154	$backButtonDestination = "http://" . Config::get('BASE_SERVER_VHOST');
155	system_message(tr('You have to wait %d seconds', $btime - time()), $backButtonDestination);
156	}
157	return true;
158	} else {
159	return false;
160	}
161
162	}
163
164	function check_ipaddr($ipaddr = null, $type = "bruteforce") {
165	$sql = Database::getInstance();
166
167	if ($ipaddr === null) {
168	$ipaddr = getipaddr();
169	}
170
171	$sess_id = session_id();
172	$query = "SELECT session_id, ipaddr, user_name, lastaccess, login_count, captcha_count FROM login WHERE ipaddr=? AND user_name is NULL";
173	$res = exec_query($sql, $query, array($ipaddr));
174
175	if ($res->RecordCount() == 0) {
176	$query = "REPLACE INTO login (session_id, ipaddr, lastaccess, login_count, captcha_count) VALUES (?,?,UNIX_TIMESTAMP(),?,?)";
177	exec_query($sql, $query, array($sess_id, $ipaddr, (int)($type=='bruteforce'),(int)($type=='captcha')));
178	return false;
179	}
180
181	$data = $res->FetchRow();
182
183	$lastaccess = $data['lastaccess'];
184	$logincount = $data['login_count'];
185	$captchacount = $data['captcha_count'];
186
187	if ($type == 'bruteforce' && Config::get('BRUTEFORCE') && $logincount > Config::get('BRUTEFORCE_MAX_LOGIN')) {
188	block_ipaddr($ipaddr, 'Login');
189	}
190
191	if ($type == 'captcha' && Config::get('BRUTEFORCE') && $captchacount > Config::get('BRUTEFORCE_MAX_CAPTCHA') && Config::get('BRUTEFORCE')) {
192	block_ipaddr($ipaddr, 'CAPTCHA');
193	}
194
195	if (Config::get('BRUTEFORCE_BETWEEN')) {
196	$btime = $lastaccess + Config::get('BRUTEFORCE_BETWEEN_TIME');
197	} else {
198	$btime = 0;
199	}
200
201	if ($btime < time()) {
202	if ($type == "bruteforce") {
203	$query = "UPDATE login SET lastaccess=UNIX_TIMESTAMP(), login_count=login_count+1 WHERE ipaddr=? AND user_name is NULL";
204	} else if ($type == "captcha") {
205	$query = "UPDATE login SET lastaccess=UNIX_TIMESTAMP(), captcha_count=captcha_count+1 WHERE ipaddr=? AND user_name is NULL";
206	}
207
208	exec_query($sql, $query, $ipaddr);
209	return false;
210	} else {
211	$backButtonDestination = "http://" . Config::get('BASE_SERVER_VHOST');
212
213	write_log("Login error, <b><i>$ipaddr</i></b> wait " . ($btime - time()) . " seconds", E_USER_NOTICE);
214	system_message(tr('You have to wait %d seconds', $btime - time()), $backButtonDestination);
215
216	return false;
217	}
218	}
219
220	function block_ipaddr($ipaddr, $type = 'General') {
221	write_log("$type protection, <b><i> " . htmlspecialchars($ipaddr, ENT_QUOTES, "UTF-8") . "</i></b> blocked for " . Config::get('BRUTEFORCE_BLOCK_TIME') . " minutes.");
222	deny_access();
223	}
224
225	function deny_access() {
226	$backButtonDestination = "http://" . Config::get('BASE_SERVER_VHOST');
227	system_message(tr('You have been blocked for %d minutes', Config::get('BRUTEFORCE_BLOCK_TIME')), $backButtonDestination);
228	}
229
230	function getipaddr() {
231	return $_SERVER['REMOTE_ADDR'];
232	}
233
234	function do_session_timeout() {
235	$sql = Database::getInstance();
236
237	$ttl = time() - Config::get('SESSION_TIMEOUT') * 60;
238
239	$query = "DELETE FROM login WHERE lastaccess < ?";
240	exec_query($sql, $query, array($ttl));
241
242	if (!session_exists(session_id())) {
243	if (isset($_SESSION['user_logged']))
244	unset($_SESSION['user_logged']);
245	unset_user_login_data();
246	}
247	}
248
249	function session_exists($sess_id) {
250	$sql = Database::getInstance();
251
252	$query = "SELECT session_id FROM login WHERE session_id=?";
253	$res = exec_query($sql, $query, array($sess_id));
254
255	return ($res->RecordCount() == 1);
256	}
257
258	?>
259

Note: See TracBrowser for help on using the browser.

Development

root/trunk/gui/include/login-functions.php

Download in other formats: