Login bruteforce attack protection

This commit is contained in:
Alex Solomaha
2016-10-21 15:44:09 +03:00
parent d10884fc6e
commit 9800b3aeb1
4 changed files with 34 additions and 6 deletions

View File

@@ -7,6 +7,8 @@ $params = [
'wsURL' => 'ws://192.168.1.111:8081',
'pushAllID' => '38678',
'pushAllKey' => '83a29d6a4bb068458d375daaa16039c4',
'maxLoginFailCount' => 5,
'loginFailTimeout' => 600,
];
return ArrayHelper::merge($params, require 'params-local.php');

View File

@@ -53,10 +53,27 @@ class LoginForm extends Model
public function validatePassword($attribute, $params)
{
if (!$this->hasErrors()) {
$session = Yii::$app->session;
// Set timeout for first time if counter exceed
if ($session->get('failedLoginCount') >= Yii::$app->params['maxLoginFailCount'] and !$session->has('loginAgainAt')) {
$session->set('loginAgainAt', time() + Yii::$app->params['loginFailTimeout']);
$session->set('failedLoginCount', 0);
}
if ($session->has('loginAgainAt') and $session->get('loginAgainAt') >= time()) {
return $this->addError($attribute, 'Слишком много неудачных попыток. Попробуйте позже');
}
if ($session->has('loginAgainAt') and $session->get('loginAgainAt') <= time()) {
$session->remove('loginAgainAt');
}
$user = $this->getUser();
if (!$user || !$user->validatePassword($this->password)) {
$this->addError($attribute, 'Неверный логин или пароль');
$session->set('failedLoginCount', $session->get('failedLoginCount', 0) + 1);
}
}
}
@@ -68,9 +85,12 @@ class LoginForm extends Model
public function login()
{
if ($this->validate()) {
// Reset login failure counter
Yii::$app->session->set('failedLoginCount', 0);
return Yii::$app->user->login($this->getUser(), $this->rememberMe ? 3600 * 24 * 30 : 0);
}
return false;
}

View File

@@ -22,7 +22,6 @@ $fieldOptions2 = [
?>
<div class="login-box">
<!-- /.login-logo -->
<div class="login-box-body">
<div class="login-logo product-font">
@@ -47,15 +46,12 @@ $fieldOptions2 = [
<div class="col-xs-8">
<?= $form->field($model, 'rememberMe')->checkbox() ?>
</div>
<!-- /.col -->
<div class="col-xs-4">
<?= Html::submitButton('Войти', ['class' => 'btn btn-primary btn-block btn-flat', 'name' => 'login-button']) ?>
</div>
<!-- /.col -->
</div>
<?php ActiveForm::end(); ?>
</div>
<!-- /.login-box-body -->
</div><!-- /.login-box -->
</div>

View File

@@ -22,11 +22,21 @@ if (isset($this->params['body-class'])) {
<html lang="<?= Yii::$app->language ?>">
<head>
<meta charset="<?= Yii::$app->charset ?>">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<?= Html::csrfMetaTags() ?>
<title><?= $this->title ?> - <?= Yii::$app->name ?></title>
<meta name="application-name" content="<?= Yii::$app->name ?>">
<meta name="theme-color" content="#605CA8">
<link rel="publisher" href="https://plus.google.com/+AlexSolomaha21">
<link rel="me" href="https://plus.google.com/+AlexSolomaha21" type="text/html">
<link rel="me" href="mailto:cyanofresh@gmail.com">
<link rel="me" href="sms:+380975300688">
<?php $this->head() ?>
</head>