enhanced loginAttemptCookie

- updated Config/Aauth
- updated Libraries/Aauth
- updated LoginAttemptModel
- updated CodeIgniter version in .gitlab-ci.yml & .travis.yml

.gitlab-ci.yml

@@ -20,7 +20,7 @@ variables:
   # Configure mysql environment variables (https://hub.docker.com/r/_/mysql/)
   MYSQL_DATABASE: aauth_v3_ci4_testing
   MYSQL_ROOT_PASSWORD: root
-  CODEIGNITER_VERSION: 'v4.0.0-alpha.4'
+  CODEIGNITER_VERSION: 'v4.0.0-beta.1'
 
 # Run our tests
 # If Xdebug was installed you can generate a coverage report and see code coverage metrics.

.travis.yml

@@ -33,7 +33,7 @@ before_install:
 before_script:
   - echo 'extension = memcached.so' >> ~/.phpenv/versions/$(phpenv version-name)/etc/php.ini
   - shopt -s extglob dotglob && mkdir aauth_temp && mv !(aauth_temp) aauth_temp
-  - git clone https://github.com/codeigniter4/CodeIgniter4.git CodeIgniter4 -b v4.0.0-alpha.4
+  - git clone https://github.com/codeigniter4/CodeIgniter4.git CodeIgniter4 -b v4.0.0-beta.1
   - cp -r aauth_temp/* CodeIgniter4 && cd CodeIgniter4 && cp _travis/env .env
   - composer install --prefer-source
   - composer require spomky-labs/otphp --prefer-source

app/Config/Aauth.php

@@ -151,6 +151,7 @@ class Aauth extends BaseConfig
 	| 'loginAttemptCookie'
 	|
 	|	Login attempts count & block trough Cookie instead of Login Attempt DB & IP
+	|	You can set a string to set the cookie name, default cookie name is logins.
 	|	(default: false)
 	|
 	| 'loginAttemptLimit'

app/Libraries/Aauth.php

@@ -227,7 +227,7 @@ class Aauth
 			{
 				$response = $request->getPostGet('g-recaptcha-response');
 			}
-			else if ($this->config->captchaType === 'recaptcha')
+			else if ($this->config->captchaType === 'hcaptcha')
 			{
 				$response = $request->getPostGet('h-captcha-response');
 			}

app/Models/Aauth/LoginAttemptModel.php

@@ -104,20 +104,31 @@ class LoginAttemptModel
 	 */
 	public function find()
 	{
-		$agent   = $this->request->getUserAgent();
+		if ($this->config->loginAttemptCookie)
-		$builder = $this->builder();
-		$builder->where('user_agent', md5($agent->getBrowser() . ' - ' . $agent->getVersion() . ' - ' . $agent->getPlatform()));
-		$builder->where('ip_address', $this->request->getIPAddress());
-		$builder->where('updated_at >=', date('Y-m-d H:i:s', strtotime('-' . $this->config->loginAttemptLimitTimePeriod)));
-
-		if ($builder->countAllResults() !== 0)
 		{
-			return $builder->get()->getFirstRow()->count;
+			helper('cookie');
+			$cookieName = $this->config->loginAttemptCookie === true ? 'logins' : $this->config->lologinAttemptCookie;
+
+			if ($cookie === get_cookie($cookieName))
+			{
+				return $cookie;
+			}
 		}
 		else
 		{
-			return 0;
+			$agent   = $this->request->getUserAgent();
+			$builder = $this->builder();
+			$builder->where('user_agent', md5($agent->getBrowser() . ' - ' . $agent->getVersion() . ' - ' . $agent->getPlatform()));
+			$builder->where('ip_address', $this->request->getIPAddress());
+			$builder->where('updated_at >=', date('Y-m-d H:i:s', strtotime('-' . $this->config->loginAttemptLimitTimePeriod)));
+
+			if ($builder->countAllResults() !== 0)
+			{
+				return $builder->get()->getFirstRow()->count;
+			}
 		}
+
+		return 0;
 	}
 
 	/**
@@ -129,40 +140,69 @@ class LoginAttemptModel
 	 */
 	public function save()
 	{
-		$ipAddress = $this->request->getIPAddress();
+		if ($this->config->loginAttemptCookie)
-		$agent     = $this->request->getUserAgent();
-		$userAgent = md5($agent->getBrowser() . ' - ' . $agent->getVersion() . ' - ' . $agent->getPlatform());
-		$builder   = $this->builder();
-		$builder->where('user_agent', $userAgent);
-		$builder->where('ip_address', $ipAddress);
-		$builder->where('updated_at >=', date('Y-m-d H:i:s', strtotime('-' . $this->config->loginAttemptLimitTimePeriod)));
-
-		if (! $row = $builder->get()->getFirstRow())
 		{
-			$data['ip_address'] = $ipAddress;
+			helper('cookie');
-			$data['user_agent'] = $userAgent;
+			$cookieName = $this->config->loginAttemptCookie === true ? 'logins' : $this->config->lologinAttemptCookie;
-			$data['count']      = 1;
+			$expire     = strtotime($this->config->loginAttemptLimitTimePeriod) - strtotime('now');
-			$data['created_at'] = date('Y-m-d H:i:s');
-			$data['updated_at'] = date('Y-m-d H:i:s');
 
-			$builder->insert($data);
+			if ($cookie = get_cookie($cookieName))
+			{
+				set_cookie($cookieName, $cookie + 1, $expire);
 
-			return true;
+				if ($cookie >= $this->config->loginAttemptLimit)
+				{
+					return false;
+				}
+				else
+				{
+					return true;
+				}
+			}
+			else
+			{
+				set_cookie($cookieName, 1, $expire);
+
+				return true;
+			}
 		}
 		else
 		{
-			$data['count']      = $row->count + 1;
+			$ipAddress = $this->request->getIPAddress();
-			$data['updated_at'] = date('Y-m-d H:i:s');
+			$agent     = $this->request->getUserAgent();
-
+			$userAgent = md5($agent->getBrowser() . ' - ' . $agent->getVersion() . ' - ' . $agent->getPlatform());
-			$builder->update($data, ['id' => $row->id]);
+			$builder   = $this->builder();
+			$builder->where('user_agent', $userAgent);
+			$builder->where('ip_address', $ipAddress);
+			$builder->where('updated_at >=', date('Y-m-d H:i:s', strtotime('-' . $this->config->loginAttemptLimitTimePeriod)));
 
-			if ($data['count'] >= $this->config->loginAttemptLimit)
+			if (! $row = $builder->get()->getFirstRow())
 			{
-				return false;
+				$data['ip_address'] = $ipAddress;
+				$data['user_agent'] = $userAgent;
+				$data['count']      = 1;
+				$data['created_at'] = date('Y-m-d H:i:s');
+				$data['updated_at'] = date('Y-m-d H:i:s');
+
+				$builder->insert($data);
+
+				return true;
 			}
 			else
 			{
-				return true;
+				$data['count']      = $row->count + 1;
+				$data['updated_at'] = date('Y-m-d H:i:s');
+
+				$builder->update($data, ['id' => $row->id]);
+
+				if ($data['count'] >= $this->config->loginAttemptLimit)
+				{
+					return false;
+				}
+				else
+				{
+					return true;
+				}
 			}
 		}
 	}
@@ -176,13 +216,21 @@ class LoginAttemptModel
 	 */
 	public function delete()
 	{
-		$agent   = $this->request->getUserAgent();
+		if ($this->config->loginAttemptCookie)
-		$builder = $this->builder();
+		{
-		$builder->where('user_agent', md5($agent->getBrowser() . ' - ' . $agent->getVersion() . ' - ' . $agent->getPlatform()));
+			helper('cookie');
-		$builder->where('ip_address', $this->request->getIPAddress());
+			$cookieName = $this->config->loginAttemptCookie === true ? 'logins' : $this->config->lologinAttemptCookie;
-		$builder->where('updated_at >=', date('Y-m-d H:i:s', strtotime('-' . $this->config->loginAttemptLimitTimePeriod)));
+			delete_cookie($cookieName);
-
+		}
-		$builder->delete();
+		else
+		{
+			$agent   = $this->request->getUserAgent();
+			$builder = $this->builder();
+			$builder->where('user_agent', md5($agent->getBrowser() . ' - ' . $agent->getVersion() . ' - ' . $agent->getPlatform()));
+			$builder->where('ip_address', $this->request->getIPAddress());
+			$builder->where('updated_at >=', date('Y-m-d H:i:s', strtotime('-' . $this->config->loginAttemptLimitTimePeriod)));
+			$builder->delete();
+		}
 
 		return true;
 	}