| | |
|---|
| | | <?php |
|---|
| | | |
|---|
| | | /* |
|---|
| | | /** |
|---|
| | | +-----------------------------------------------------------------------+ |
|---|
| | | | This file is part of the Roundcube Webmail client | |
|---|
| | | | Copyright (C) 2005-2012, The Roundcube Dev Team | |
|---|
| | |
|---|
| | | |
|---|
| | | // don't save prefs with default values if they haven't been changed yet |
|---|
| | | foreach ($a_user_prefs as $key => $value) { |
|---|
| | | if ($value === null || (!isset($old_prefs[$key]) && ($value == $config->get($key)))) |
|---|
| | | if ($value === null || (!isset($old_prefs[$key]) && ($value == $config->get($key)))) { |
|---|
| | | unset($save_prefs[$key]); |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | $save_prefs = serialize($save_prefs); |
|---|
| | |
|---|
| | | $this->data['preferences'] = $save_prefs; |
|---|
| | | |
|---|
| | | if (!$no_session) { |
|---|
| | | $config->set_user_prefs($a_user_prefs); |
|---|
| | | $config->set_user_prefs($this->prefs); |
|---|
| | | |
|---|
| | | if (isset($_SESSION['preferences'])) { |
|---|
| | | $this->rc->session->remove('preferences'); |
|---|
| | |
|---|
| | | ) { |
|---|
| | | $_SESSION['preferences'] = $save_prefs; |
|---|
| | | $_SESSION['preferences_time'] = time(); |
|---|
| | | $config->set_user_prefs($a_user_prefs); |
|---|
| | | $config->set_user_prefs($this->prefs); |
|---|
| | | $this->data['preferences'] = $save_prefs; |
|---|
| | | } |
|---|
| | | |
|---|
| | |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Update user's failed_login timestamp and counter |
|---|
| | | */ |
|---|
| | | function failed_login() |
|---|
| | | { |
|---|
| | | if ($this->ID && ($rate = (int) $this->rc->config->get('login_rate_limit', 3))) { |
|---|
| | | if (empty($this->data['failed_login'])) { |
|---|
| | | $failed_login = new DateTime('now'); |
|---|
| | | $counter = 1; |
|---|
| | | } |
|---|
| | | else { |
|---|
| | | $failed_login = new DateTime($this->data['failed_login']); |
|---|
| | | $threshold = new DateTime('- 60 seconds'); |
|---|
| | | |
|---|
| | | if ($failed_login < $threshold) { |
|---|
| | | $failed_login = new DateTime('now'); |
|---|
| | | $counter = 1; |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | $this->db->query( |
|---|
| | | "UPDATE " . $this->db->table_name('users', true) |
|---|
| | | . " SET `failed_login` = " . $this->db->fromunixtime($failed_login->format('U')) |
|---|
| | | . ", `failed_login_counter` = " . ($counter ?: "`failed_login_counter` + 1") |
|---|
| | | . " WHERE `user_id` = ?", |
|---|
| | | $this->ID); |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Checks if the account is locked, e.g. as a result of brute-force prevention |
|---|
| | | */ |
|---|
| | | function is_locked() |
|---|
| | | { |
|---|
| | | if (empty($this->data['failed_login'])) { |
|---|
| | | return false; |
|---|
| | | } |
|---|
| | | |
|---|
| | | if ($rate = (int) $this->rc->config->get('login_rate_limit', 3)) { |
|---|
| | | $last_failed = new DateTime($this->data['failed_login']); |
|---|
| | | $threshold = new DateTime('- 60 seconds'); |
|---|
| | | |
|---|
| | | if ($last_failed > $threshold && $this->data['failed_login_counter'] >= $rate) { |
|---|
| | | return true; |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | return false; |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Clear the saved object state |
|---|
| | | */ |
|---|
| | | function reset() |
|---|
| | | { |
|---|
| | | $this->ID = null; |
|---|
| | | $this->ID = null; |
|---|
| | | $this->data = null; |
|---|
| | | } |
|---|
| | | |
|---|
| | |
|---|
| | | } |
|---|
| | | |
|---|
| | | // user already registered -> overwrite username |
|---|
| | | if ($sql_arr) |
|---|
| | | if ($sql_arr) { |
|---|
| | | return new rcube_user($sql_arr['user_id'], $sql_arr); |
|---|
| | | else |
|---|
| | | return false; |
|---|
| | | } |
|---|
| | | |
|---|
| | | return false; |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
