This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "FusionForge".
The branch, master has been updated
via addfb9ca15447b8879d2d64c5bcb36a6ac242218 (commit)
from 949ab7e9bd6d561b1e358d0fde65ea29df673906 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
https://scm.fusionforge.org/anonscm/gitweb/?p=fusionforge/fusionforge.git;a=commitdiff;h=addfb9ca15447b8879d2d64c5bcb36a6ac242218
commit addfb9ca15447b8879d2d64c5bcb36a6ac242218
Author: Franck Villaume <[email protected]>
Date: Sat Oct 17 16:43:35 2015 +0200
implement [#795]: captcha in AuthBuiltIn plugin after 3 attempts with same
login
diff --git a/src/plugins/authbuiltin/common/AuthBuiltinPlugin.class.php
b/src/plugins/authbuiltin/common/AuthBuiltinPlugin.class.php
index 604f3e8..38aba06 100644
--- a/src/plugins/authbuiltin/common/AuthBuiltinPlugin.class.php
+++ b/src/plugins/authbuiltin/common/AuthBuiltinPlugin.class.php
@@ -3,7 +3,7 @@
* FusionForge authentication management
*
* Copyright 2011, Roland Mas
- * Copyright 2014, Franck Villaume - TrivialDev
+ * Copyright 2014-2015, Franck Villaume - TrivialDev
*
* This file is part of FusionForge. FusionForge is free software;
* you can redistribute it and/or modify it under the terms of the
@@ -61,6 +61,9 @@ class AuthBuiltinPlugin extends ForgeAuthPlugin {
}
$return_to = $params['return_to'];
$loginname = '';
+ if (isset($params['attempts']) && $params['attempts'] >= 1) {
+ $loginname = $params['previousLogin'];
+ }
$result = '';
@@ -79,6 +82,15 @@ class AuthBuiltinPlugin extends ForgeAuthPlugin {
$result .= html_ao('p')._('Password')._(':');
$result .= html_e('br').html_e('input', array('type' =>
'password', 'name' => 'form_pw', 'required' => 'required'));
$result .= html_ac(html_ap() -1);
+ if (isset($params['attempts'])) {
+ $result .= html_e('input', array('type' => 'hidden',
'name' => 'attempts', 'value' => $params['attempts']));
+ if (isset($params['previousLogin'])) {
+ $result .= html_e('input', array('type' =>
'hidden', 'name' => 'previous_login', 'value' => $params['previousLogin']));
+ }
+ if ($params['attempts'] > 3) {
+ plugin_hook_by_reference('captcha_form',
$result);
+ }
+ }
$result .= html_e('p', array(), html_e('input', array('type' =>
'submit', 'name' => 'login', 'value' => _('Login'))), false);
$result .= $HTML->closeForm();
$result .= html_e('p', array(),
util_make_link('/account/lostpw.php', _('[Lost your password?]')));
diff --git a/src/plugins/authbuiltin/www/post-login.php
b/src/plugins/authbuiltin/www/post-login.php
index bbe4de2..feb7e0c 100644
--- a/src/plugins/authbuiltin/www/post-login.php
+++ b/src/plugins/authbuiltin/www/post-login.php
@@ -9,6 +9,7 @@
* Copyright 1999-2001 (c) VA Linux Systems
* Copyright 2011, Roland Mas
* Copyright 2011, Franck Villaume - Capgemini
+ * Copyright 2015, Franck Villaume - TrivialDev
*
* This file is part of FusionForge. FusionForge is free software;
* you can redistribute it and/or modify it under the terms of the
@@ -44,6 +45,8 @@ $login = getStringFromRequest('login');
$form_loginname = getStringFromRequest('form_loginname');
$form_pw = getStringFromRequest('form_pw');
$triggered = getIntFromRequest('triggered');
+$attempts = getIntFromRequest('attempts');
+$previous_login = getStringFromRequest('previous_login');
if (session_loggedin())
session_redirect('/my');
@@ -77,7 +80,11 @@ if ($login) {
if (!form_key_is_valid(getStringFromRequest('form_key'))) {
exit_form_double_submit();
}
- if (session_check_credentials_in_database(strtolower($form_loginname),
$form_pw, false)) {
+
+ $valide = 1;
+ $params['valide'] =& $valide;
+ plugin_hook('captcha_check', $params);
+ if (session_check_credentials_in_database(strtolower($form_loginname),
$form_pw, false) && $valide) {
if ($plugin->isSufficient()) {
$plugin->startSession($form_loginname);
}
@@ -124,7 +131,12 @@ if ($login) {
$HTML->header(array('title'=>'Login'));
// Otherwise, display the login form again
-display_login_form($return_to, $triggered);
+if ($previous_login == $form_loginname) {
+ $attempts++;
+} else {
+ $attempts = 1;
+}
+display_login_form($return_to, $triggered, false, $attempts, $form_loginname);
$HTML->footer();
diff --git a/src/plugins/phpcaptcha/common/phpcaptchaPlugin.class.php
b/src/plugins/phpcaptcha/common/phpcaptchaPlugin.class.php
index 05a8052..93901c0 100644
--- a/src/plugins/phpcaptcha/common/phpcaptchaPlugin.class.php
+++ b/src/plugins/phpcaptcha/common/phpcaptchaPlugin.class.php
@@ -4,7 +4,7 @@
* phpcaptchaPlugin Class
*
* Copyright 2010, Luis Daniel Ibáñez
- * Copyright 2013-2014, Franck Villaume - TrivialDev
+ * Copyright 2013-2015, Franck Villaume - TrivialDev
* http://fusionforge.org
*
* This file is part of FusionForge. FusionForge is free software;
@@ -46,20 +46,21 @@ class phpcaptchaPlugin extends Plugin {
}
}
- function captcha_form() {
+ function captcha_form(&$html) {
global $HTML;
if ($this->checkConfig()) {
- echo '<p>
+ $html .= '<p>
<img id="captcha"
src="/plugins/'.$this->name.'/securimage_show.php" alt="CAPTCHA Image" />
<a href="#"
onclick="document.getElementById(\'captcha\').src =
\'/plugins/'.$this->name.'/securimage_show.php?\' + Math.random(); return
false">';
- echo _('Reload image.').'</a>';
- echo '</p><p>';
- echo _('Write captcha here:').'<br />';
- echo '<input type="text" name="captcha_code" size="10"
maxlength="6" />';
- echo '</p>';
+ $html .= _('Reload image.').'</a>';
+ $html .= '</p><p>';
+ $html .= _('Write captcha here:').'<br />';
+ $html .= '<input type="text" name="captcha_code"
size="10" maxlength="6" required="required" />';
+ $html .= '</p>';
} else {
- echo $HTML->information(_('phpcaptcha seems not
installed. Contact your administrator for more informations.'));
+ $html .= $HTML->information(_('phpcaptcha seems not
installed. Contact your administrator for more information.'));
}
+ return $html;
}
function checkConfig() {
diff --git a/src/www/account/register.php b/src/www/account/register.php
index 1ed3b87..fc2583c 100644
--- a/src/www/account/register.php
+++ b/src/www/account/register.php
@@ -266,7 +266,9 @@ if($toDisplay != "") {
<?php print _('Activate this user immediately') ; ?>
</p>
<?php } else {
- plugin_hook('captcha_form');
+ $html = '';
+ plugin_hook_by_reference('captcha_form', $html);
+ echo $html;
}
echo $HTML->addRequiredFieldsInfoBox();
echo html_e('p', array(), html_e('input', array('type' => 'submit', 'name' =>
'submit', 'value' => _('Register'))));
diff --git a/src/www/include/login-form.php b/src/www/include/login-form.php
index 5ca4c0a..33b018d 100644
--- a/src/www/include/login-form.php
+++ b/src/www/include/login-form.php
@@ -3,7 +3,7 @@
* FusionForge login form functions
*
* Copyright 2011, Roland Mas
- * Copyright 2014, Franck Villaume - TrivialDev
+ * Copyright 2014-2015, Franck Villaume - TrivialDev
*
* This file is part of FusionForge. FusionForge is free software;
* you can redistribute it and/or modify it under the terms of the
@@ -39,11 +39,11 @@ function validate_return_to(&$return_to = '/') {
$return_to = $newrt;
}
-function display_login_page($return_to = '/', $triggered = false) {
- display_login_form($return_to, $triggered, true);
+function display_login_page($return_to = '/', $triggered = false, $attemps =
1, $previousLogin = null) {
+ display_login_form($return_to, $triggered, true, $attemps,
$previousLogin);
}
-function display_login_form($return_to = '/', $triggered = false, $full_page =
false) {
+function display_login_form($return_to = '/', $triggered = false, $full_page =
false, $attemps = 1, $previousLogin = null) {
global $HTML;
validate_return_to($return_to);
@@ -52,6 +52,8 @@ function display_login_form($return_to = '/', $triggered =
false, $full_page = f
$params['return_to'] = $return_to;
$params['html_snippets'] = array();
$params['transparent_redirect_urls'] = array();
+ $params['attemps'] = $attemps;
+ $params['previousLogin'] = $previousLogin;
plugin_hook_by_reference('display_auth_form', $params);
if ($full_page) {
-----------------------------------------------------------------------
Summary of changes:
.../authbuiltin/common/AuthBuiltinPlugin.class.php | 14 +++++++++++++-
src/plugins/authbuiltin/www/post-login.php | 16 ++++++++++++++--
.../phpcaptcha/common/phpcaptchaPlugin.class.php | 19 ++++++++++---------
src/www/account/register.php | 4 +++-
src/www/include/login-form.php | 10 ++++++----
5 files changed, 46 insertions(+), 17 deletions(-)
hooks/post-receive
--
FusionForge
_______________________________________________
Fusionforge-commits mailing list
[email protected]
http://lists.fusionforge.org/cgi-bin/mailman/listinfo/fusionforge-commits
