本文整理汇总了PHP中login_attempt_failed函数的典型用法代码示例。如果您正苦于以下问题:PHP login_attempt_failed函数的具体用法?PHP login_attempt_failed怎么用?PHP login_attempt_failed使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了login_attempt_failed函数的4个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: authenticate_user_login
//.........这里部分代码省略.........
// User does not exist.
$auths = $authsenabled;
$user = new stdClass();
$user->id = 0;
}
if ($ignorelockout) {
// Some other mechanism protects against brute force password guessing, for example login form might include reCAPTCHA
// or this function is called from a SSO script.
} else {
if ($user->id) {
// Verify login lockout after other ways that may prevent user login.
if (login_is_lockedout($user)) {
$failurereason = AUTH_LOGIN_LOCKOUT;
// Trigger login failed event.
$event = \core\event\user_login_failed::create(array('userid' => $user->id, 'other' => array('username' => $username, 'reason' => $failurereason)));
$event->trigger();
error_log('[client ' . getremoteaddr() . "] {$CFG->wwwroot} Login lockout: {$username} " . $_SERVER['HTTP_USER_AGENT']);
return false;
}
} else {
// We can not lockout non-existing accounts.
}
}
foreach ($auths as $auth) {
$authplugin = get_auth_plugin($auth);
// On auth fail fall through to the next plugin.
if (!$authplugin->user_login($username, $password)) {
continue;
}
// Successful authentication.
if ($user->id) {
// User already exists in database.
if (empty($user->auth)) {
// For some reason auth isn't set yet.
$DB->set_field('user', 'auth', $auth, array('id' => $user->id));
$user->auth = $auth;
}
// If the existing hash is using an out-of-date algorithm (or the legacy md5 algorithm), then we should update to
// the current hash algorithm while we have access to the user's password.
update_internal_user_password($user, $password);
if ($authplugin->is_synchronised_with_external()) {
// Update user record from external DB.
$user = update_user_record_by_id($user->id);
}
} else {
// The user is authenticated but user creation may be disabled.
if (!empty($CFG->authpreventaccountcreation)) {
$failurereason = AUTH_LOGIN_UNAUTHORISED;
// Trigger login failed event.
$event = \core\event\user_login_failed::create(array('other' => array('username' => $username, 'reason' => $failurereason)));
$event->trigger();
error_log('[client ' . getremoteaddr() . "] {$CFG->wwwroot} Unknown user, can not create new accounts: {$username} " . $_SERVER['HTTP_USER_AGENT']);
return false;
} else {
$user = create_user_record($username, $password, $auth);
}
}
$authplugin->sync_roles($user);
foreach ($authsenabled as $hau) {
$hauth = get_auth_plugin($hau);
$hauth->user_authenticated_hook($user, $username, $password);
}
if (empty($user->id)) {
$failurereason = AUTH_LOGIN_NOUSER;
// Trigger login failed event.
$event = \core\event\user_login_failed::create(array('other' => array('username' => $username, 'reason' => $failurereason)));
$event->trigger();
return false;
}
if (!empty($user->suspended)) {
// Just in case some auth plugin suspended account.
$failurereason = AUTH_LOGIN_SUSPENDED;
// Trigger login failed event.
$event = \core\event\user_login_failed::create(array('userid' => $user->id, 'other' => array('username' => $username, 'reason' => $failurereason)));
$event->trigger();
error_log('[client ' . getremoteaddr() . "] {$CFG->wwwroot} Suspended Login: {$username} " . $_SERVER['HTTP_USER_AGENT']);
return false;
}
login_attempt_valid($user);
$failurereason = AUTH_LOGIN_OK;
return $user;
}
// Failed if all the plugins have failed.
if (debugging('', DEBUG_ALL)) {
error_log('[client ' . getremoteaddr() . "] {$CFG->wwwroot} Failed Login: {$username} " . $_SERVER['HTTP_USER_AGENT']);
}
if ($user->id) {
login_attempt_failed($user);
$failurereason = AUTH_LOGIN_FAILED;
// Trigger login failed event.
$event = \core\event\user_login_failed::create(array('userid' => $user->id, 'other' => array('username' => $username, 'reason' => $failurereason)));
$event->trigger();
} else {
$failurereason = AUTH_LOGIN_NOUSER;
// Trigger login failed event.
$event = \core\event\user_login_failed::create(array('other' => array('username' => $username, 'reason' => $failurereason)));
$event->trigger();
}
return false;
}示例2: authenticate_user_login
//.........这里部分代码省略.........
add_to_log(SITEID, 'login', 'error', 'index.php', $username);
error_log('[client ' . getremoteaddr() . "] {$CFG->wwwroot} Disabled Login: {$username} " . $_SERVER['HTTP_USER_AGENT']);
// Legacy way to suspend user.
$failurereason = AUTH_LOGIN_SUSPENDED;
return false;
}
$auths = array($auth);
} else {
// Check if there's a deleted record (cheaply), this should not happen because we mangle usernames in delete_user().
if ($DB->get_field('user', 'id', array('username' => $username, 'mnethostid' => $CFG->mnet_localhost_id, 'deleted' => 1))) {
error_log('[client ' . getremoteaddr() . "] {$CFG->wwwroot} Deleted Login: {$username} " . $_SERVER['HTTP_USER_AGENT']);
$failurereason = AUTH_LOGIN_NOUSER;
return false;
}
// Do not try to authenticate non-existent accounts when user creation is not disabled.
if (!empty($CFG->authpreventaccountcreation)) {
add_to_log(SITEID, 'login', 'error', 'index.php', $username);
error_log('[client ' . getremoteaddr() . "] {$CFG->wwwroot} Unknown user, can not create new accounts: {$username} " . $_SERVER['HTTP_USER_AGENT']);
$failurereason = AUTH_LOGIN_NOUSER;
return false;
}
// User does not exist.
$auths = $authsenabled;
$user = new stdClass();
$user->id = 0;
}
if ($ignorelockout) {
// Some other mechanism protects against brute force password guessing, for example login form might include reCAPTCHA
// or this function is called from a SSO script.
} else {
if ($user->id) {
// Verify login lockout after other ways that may prevent user login.
if (login_is_lockedout($user)) {
add_to_log(SITEID, 'login', 'error', 'index.php', $username);
error_log('[client ' . getremoteaddr() . "] {$CFG->wwwroot} Login lockout: {$username} " . $_SERVER['HTTP_USER_AGENT']);
$failurereason = AUTH_LOGIN_LOCKOUT;
return false;
}
} else {
// We can not lockout non-existing accounts.
}
}
foreach ($auths as $auth) {
$authplugin = get_auth_plugin($auth);
// On auth fail fall through to the next plugin.
if (!$authplugin->user_login($username, $password)) {
continue;
}
// Successful authentication.
if ($user->id) {
// User already exists in database.
if (empty($user->auth)) {
// For some reason auth isn't set yet.
$DB->set_field('user', 'auth', $auth, array('username' => $username));
$user->auth = $auth;
}
// If the existing hash is using an out-of-date algorithm (or the legacy md5 algorithm), then we should update to
// the current hash algorithm while we have access to the user's password.
update_internal_user_password($user, $password);
if ($authplugin->is_synchronised_with_external()) {
// Update user record from external DB.
$user = update_user_record($username);
}
} else {
// Create account, we verified above that user creation is allowed.
$user = create_user_record($username, $password, $auth);
}
$authplugin->sync_roles($user);
foreach ($authsenabled as $hau) {
$hauth = get_auth_plugin($hau);
$hauth->user_authenticated_hook($user, $username, $password);
}
if (empty($user->id)) {
$failurereason = AUTH_LOGIN_NOUSER;
return false;
}
if (!empty($user->suspended)) {
// Just in case some auth plugin suspended account.
add_to_log(SITEID, 'login', 'error', 'index.php', $username);
error_log('[client ' . getremoteaddr() . "] {$CFG->wwwroot} Suspended Login: {$username} " . $_SERVER['HTTP_USER_AGENT']);
$failurereason = AUTH_LOGIN_SUSPENDED;
return false;
}
login_attempt_valid($user);
$failurereason = AUTH_LOGIN_OK;
return $user;
}
// Failed if all the plugins have failed.
add_to_log(SITEID, 'login', 'error', 'index.php', $username);
if (debugging('', DEBUG_ALL)) {
error_log('[client ' . getremoteaddr() . "] {$CFG->wwwroot} Failed Login: {$username} " . $_SERVER['HTTP_USER_AGENT']);
}
if ($user->id) {
login_attempt_failed($user);
$failurereason = AUTH_LOGIN_FAILED;
} else {
$failurereason = AUTH_LOGIN_NOUSER;
}
return false;
}示例3: test_user_count_login_failures
/**
* Test function user_count_login_failures().
*/
public function test_user_count_login_failures()
{
$this->resetAfterTest();
$user = $this->getDataGenerator()->create_user();
$this->assertEquals(0, get_user_preferences('login_failed_count_since_success', 0, $user));
for ($i = 0; $i < 10; $i++) {
login_attempt_failed($user);
}
$this->assertEquals(10, get_user_preferences('login_failed_count_since_success', 0, $user));
$count = user_count_login_failures($user);
// Reset count.
$this->assertEquals(10, $count);
$this->assertEquals(0, get_user_preferences('login_failed_count_since_success', 0, $user));
for ($i = 0; $i < 10; $i++) {
login_attempt_failed($user);
}
$this->assertEquals(10, get_user_preferences('login_failed_count_since_success', 0, $user));
$count = user_count_login_failures($user, false);
// Do not reset count.
$this->assertEquals(10, $count);
$this->assertEquals(10, get_user_preferences('login_failed_count_since_success', 0, $user));
}示例4: test_lockout
public function test_lockout()
{
global $CFG;
require_once "{$CFG->libdir}/authlib.php";
$this->resetAfterTest();
$oldlog = ini_get('error_log');
ini_set('error_log', "{$CFG->dataroot}/testlog.log");
// Prevent standard logging.
set_config('lockoutthreshold', 0);
set_config('lockoutwindow', 60 * 20);
set_config('lockoutduration', 60 * 30);
$user = $this->getDataGenerator()->create_user();
// Test lockout is disabled when threshold not set.
$this->assertFalse(login_is_lockedout($user));
login_attempt_failed($user);
login_attempt_failed($user);
login_attempt_failed($user);
login_attempt_failed($user);
$this->assertFalse(login_is_lockedout($user));
// Test lockout threshold works.
set_config('lockoutthreshold', 3);
login_attempt_failed($user);
login_attempt_failed($user);
$this->assertFalse(login_is_lockedout($user));
ob_start();
login_attempt_failed($user);
$output = ob_get_clean();
$this->assertContains('noemailever', $output);
$this->assertTrue(login_is_lockedout($user));
// Test unlock works.
login_unlock_account($user);
$this->assertFalse(login_is_lockedout($user));
// Test lockout window works.
login_attempt_failed($user);
login_attempt_failed($user);
$this->assertFalse(login_is_lockedout($user));
set_user_preference('login_failed_last', time() - 60 * 20 - 10, $user);
login_attempt_failed($user);
$this->assertFalse(login_is_lockedout($user));
// Test valid login resets window.
login_attempt_valid($user);
$this->assertFalse(login_is_lockedout($user));
login_attempt_failed($user);
login_attempt_failed($user);
$this->assertFalse(login_is_lockedout($user));
// Test lock duration works.
ob_start();
// Prevent nomailever notice.
login_attempt_failed($user);
$output = ob_get_clean();
$this->assertContains('noemailever', $output);
$this->assertTrue(login_is_lockedout($user));
set_user_preference('login_lockout', time() - 60 * 30 + 10, $user);
$this->assertTrue(login_is_lockedout($user));
set_user_preference('login_lockout', time() - 60 * 30 - 10, $user);
$this->assertFalse(login_is_lockedout($user));
// Test lockout ignored pref works.
set_user_preference('login_lockout_ignored', 1, $user);
login_attempt_failed($user);
login_attempt_failed($user);
login_attempt_failed($user);
login_attempt_failed($user);
$this->assertFalse(login_is_lockedout($user));
ini_set('error_log', $oldlog);
}