enhanced loginAttemptCookie

- updated Config/Aauth - updated Libraries/Aauth - updated LoginAttemptModel - updated CodeIgniter version in .gitlab-ci.yml & .travis.yml
6 years ago · bfac5ad95e
5 changed files with 91 additions and 42 deletions
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -20,7 +20,7 @@ variables:
  # Configure mysql environment variables (https://hub.docker.com/r/_/mysql/)
  MYSQL_DATABASE: aauth_v3_ci4_testing
  MYSQL_ROOT_PASSWORD: root
-  CODEIGNITER_VERSION: 'v4.0.0-alpha.4'
+  CODEIGNITER_VERSION: 'v4.0.0-beta.1'

 # Run our tests
 # If Xdebug was installed you can generate a coverage report and see code coverage metrics.
--- a/.travis.yml
+++ b/.travis.yml
@ -33,7 +33,7 @@ before_install:
 before_script:
  - echo 'extension = memcached.so' >> ~/.phpenv/versions/$(phpenv version-name)/etc/php.ini
  - shopt -s extglob dotglob && mkdir aauth_temp && mv !(aauth_temp) aauth_temp
-  - git clone https://github.com/codeigniter4/CodeIgniter4.git CodeIgniter4 -b v4.0.0-alpha.4
+  - git clone https://github.com/codeigniter4/CodeIgniter4.git CodeIgniter4 -b v4.0.0-beta.1
  - cp -r aauth_temp/* CodeIgniter4 && cd CodeIgniter4 && cp _travis/env .env
  - composer install --prefer-source
  - composer require spomky-labs/otphp --prefer-source
--- a/app/Config/Aauth.php
+++ b/app/Config/Aauth.php
@ -151,6 +151,7 @@ class Aauth extends BaseConfig
 	| 'loginAttemptCookie'
 	|
 	|	Login attempts count & block trough Cookie instead of Login Attempt DB & IP
+	|	You can set a string to set the cookie name, default cookie name is logins.
 	|	(default: false)
 	|
 	| 'loginAttemptLimit'
--- a/app/Libraries/Aauth.php
+++ b/app/Libraries/Aauth.php
@ -227,7 +227,7 @@ class Aauth
 			{
 				$response = $request->getPostGet('g-recaptcha-response');
 			}
-			else if ($this->config->captchaType === 'recaptcha')
+			else if ($this->config->captchaType === 'hcaptcha')
 			{
 				$response = $request->getPostGet('h-captcha-response');
 			}
--- a/app/Models/Aauth/LoginAttemptModel.php
+++ b/app/Models/Aauth/LoginAttemptModel.php
@ -104,20 +104,31 @@ class LoginAttemptModel
 	 */
 	public function find()
 	{
-		$agent   = $this->request->getUserAgent();
-		$builder = $this->builder();
-		$builder->where('user_agent', md5($agent->getBrowser() . ' - ' . $agent->getVersion() . ' - ' . $agent->getPlatform()));
-		$builder->where('ip_address', $this->request->getIPAddress());
-		$builder->where('updated_at >=', date('Y-m-d H:i:s', strtotime('-' . $this->config->loginAttemptLimitTimePeriod)));
-
-		if ($builder->countAllResults() !== 0)
+		if ($this->config->loginAttemptCookie)
 		{
-			return $builder->get()->getFirstRow()->count;
+			helper('cookie');
+			$cookieName = $this->config->loginAttemptCookie === true ? 'logins' : $this->config->lologinAttemptCookie;
+
+			if ($cookie === get_cookie($cookieName))
+			{
+				return $cookie;
+			}
 		}
 		else
 		{
-			return 0;
+			$agent   = $this->request->getUserAgent();
+			$builder = $this->builder();
+			$builder->where('user_agent', md5($agent->getBrowser() . ' - ' . $agent->getVersion() . ' - ' . $agent->getPlatform()));
+			$builder->where('ip_address', $this->request->getIPAddress());
+			$builder->where('updated_at >=', date('Y-m-d H:i:s', strtotime('-' . $this->config->loginAttemptLimitTimePeriod)));
+
+			if ($builder->countAllResults() !== 0)
+			{
+				return $builder->get()->getFirstRow()->count;
+			}
 		}
+
+		return 0;
 	}

 	/**
@ -129,40 +140,69 @@ class LoginAttemptModel
 	 */
 	public function save()
 	{
-		$ipAddress = $this->request->getIPAddress();
-		$agent     = $this->request->getUserAgent();
-		$userAgent = md5($agent->getBrowser() . ' - ' . $agent->getVersion() . ' - ' . $agent->getPlatform());
-		$builder   = $this->builder();
-		$builder->where('user_agent', $userAgent);
-		$builder->where('ip_address', $ipAddress);
-		$builder->where('updated_at >=', date('Y-m-d H:i:s', strtotime('-' . $this->config->loginAttemptLimitTimePeriod)));
-
-		if (! $row = $builder->get()->getFirstRow())
+		if ($this->config->loginAttemptCookie)
 		{
-			$data['ip_address'] = $ipAddress;
-			$data['user_agent'] = $userAgent;
-			$data['count']      = 1;
-			$data['created_at'] = date('Y-m-d H:i:s');
-			$data['updated_at'] = date('Y-m-d H:i:s');
+			helper('cookie');
+			$cookieName = $this->config->loginAttemptCookie === true ? 'logins' : $this->config->lologinAttemptCookie;
+			$expire     = strtotime($this->config->loginAttemptLimitTimePeriod) - strtotime('now');

-			$builder->insert($data);
+			if ($cookie = get_cookie($cookieName))
+			{
+				set_cookie($cookieName, $cookie + 1, $expire);

-			return true;
+				if ($cookie >= $this->config->loginAttemptLimit)
+				{
+					return false;
+				}
+				else
+				{
+					return true;
+				}
+			}
+			else
+			{
+				set_cookie($cookieName, 1, $expire);
+
+				return true;
+			}
 		}
 		else
 		{
-			$data['count']      = $row->count + 1;
-			$data['updated_at'] = date('Y-m-d H:i:s');
-
-			$builder->update($data, ['id' => $row->id]);
+			$ipAddress = $this->request->getIPAddress();
+			$agent     = $this->request->getUserAgent();
+			$userAgent = md5($agent->getBrowser() . ' - ' . $agent->getVersion() . ' - ' . $agent->getPlatform());
+			$builder   = $this->builder();
+			$builder->where('user_agent', $userAgent);
+			$builder->where('ip_address', $ipAddress);
+			$builder->where('updated_at >=', date('Y-m-d H:i:s', strtotime('-' . $this->config->loginAttemptLimitTimePeriod)));

-			if ($data['count'] >= $this->config->loginAttemptLimit)
+			if (! $row = $builder->get()->getFirstRow())
 			{
-				return false;
+				$data['ip_address'] = $ipAddress;
+				$data['user_agent'] = $userAgent;
+				$data['count']      = 1;
+				$data['created_at'] = date('Y-m-d H:i:s');
+				$data['updated_at'] = date('Y-m-d H:i:s');
+
+				$builder->insert($data);
+
+				return true;
 			}
 			else
 			{
-				return true;
+				$data['count']      = $row->count + 1;
+				$data['updated_at'] = date('Y-m-d H:i:s');
+
+				$builder->update($data, ['id' => $row->id]);
+
+				if ($data['count'] >= $this->config->loginAttemptLimit)
+				{
+					return false;
+				}
+				else
+				{
+					return true;
+				}
 			}
 		}
 	}
@ -176,13 +216,21 @@ class LoginAttemptModel
 	 */
 	public function delete()
 	{
-		$agent   = $this->request->getUserAgent();
-		$builder = $this->builder();
-		$builder->where('user_agent', md5($agent->getBrowser() . ' - ' . $agent->getVersion() . ' - ' . $agent->getPlatform()));
-		$builder->where('ip_address', $this->request->getIPAddress());
-		$builder->where('updated_at >=', date('Y-m-d H:i:s', strtotime('-' . $this->config->loginAttemptLimitTimePeriod)));
-
-		$builder->delete();
+		if ($this->config->loginAttemptCookie)
+		{
+			helper('cookie');
+			$cookieName = $this->config->loginAttemptCookie === true ? 'logins' : $this->config->lologinAttemptCookie;
+			delete_cookie($cookieName);
+		}
+		else
+		{
+			$agent   = $this->request->getUserAgent();
+			$builder = $this->builder();
+			$builder->where('user_agent', md5($agent->getBrowser() . ' - ' . $agent->getVersion() . ' - ' . $agent->getPlatform()));
+			$builder->where('ip_address', $this->request->getIPAddress());
+			$builder->where('updated_at >=', date('Y-m-d H:i:s', strtotime('-' . $this->config->loginAttemptLimitTimePeriod)));
+			$builder->delete();
+		}

 		return true;
 	}