Failed Attempts Maxed Out

[Xtremer360]

I'm trying to figure out how to have it show a message saying "Your account is currently locked, we appologize for the inconvienence. You must wait 30 minutes before you can login again! An email was sent to the owner of this account!" like I have in my php on the ACTUAL 5th failed form submission instead of trying to do it on the submission after.

 

<?php 
if (!defined('BASEPATH')) exit('No direct script access allowed');

class Login extends CI_Controller 
{
    /**
     * Login::__construct()
     * 
     * @return
     */
    public function __construct()
    {
        parent::__construct();
        $this->load->model('users/users_model');
    }
    
    /**
     * Login::is_max_login_attempts_exceeded()
     * 
     * @param mixed $post_username
     * @return
     */
    private function is_max_login_attempts_exceeded($post_username)
    {
        $login_attempts = $this->users_model->get_login_attempts_number($post_username);
        return $login_attempts >= 5 ? TRUE : FALSE;
    }
    
    public function index()
    {
        $message_box_messages = array();
        $css_page_addons = '';
        $js_page_addons =  '<script src="'.base_url().$this->config->item('assets_path').'/'.$this->config->item('themes_path').'/'.$this->config->item('default_theme').'/js/validate/login.js"></script>';
        $meta_tag_addons = '';
        $site_title = 'KOW Manager Login';
        
        if (!$this->session->userdata('xtr') == 'yes')
        {
            $body_content = $this->config->item('themes_path').'/'.$this->config->item('default_theme').'/usermanagement/forms/login_form';
            $body_type = 'full';
        }
        else
        {
            redirect('cpanel');
        }
        
        if (count($message_box_messages) !== 0)
        {
            $message_boxes = $this->functions_model->build_message_boxes_output(array('display' => 'show', 'messages' => $message_box_messages));
        }
        else
        {
            $message_boxes = array('display' => 'none');
        }
        
        $meta_tags = $this->functions_model->meta_tags();
        
        if (isset($site_title) && (empty($site_title)))
        {
            $site_title = $this->functions_model->site_title();
        }
        
        $this->data = compact('message_boxes', 'css_page_addons', 'js_page_addons', 'site_title', 'body_content', 'body_type', 'meta_tags');
        $this->load->view($this->config->item('themes_path').'/'.$this->config->item('default_theme').'/usermanagement/index', $this->data );
}
    
    /**
     * Login::check_user_status_id()
     * 
     * @param mixed $user_status_id
     * @return
     */
    private function check_user_status_id($user_status_id)
    {
        switch ($user_status_id)
        {
            case 1:
                $message = 'Sorry you must verify your account before logging in!';
                break;
            case 3:
                $message = 'Your account has been suspended!';
                break;
            case 4:
                $message = 'Your account is currently banned!';  
                break;
            case 5:
                $message = 'Your account has been deleted!'; 
                break;
        }
        return $message;
    }
    
    /**
     * Login::login()
     * 
     * @param mixed $post_username
     * @param mixed $post_password
     * @param mixed $user_data
     * @return bool
     */
    public function login($post_username, $post_password, $user_data)
    {
        $regenerated_post_password = $this->functions_model->regenerate_password_hash($post_password, $user_data->password_hash);
        
        if ($regenerated_post_password == $user_data->password)
        {
            $profile_data = $this->users_model->get_profile_data($user_data->user_id);
            $this->ci->session->set_userdata(array('xtr' => 'yes', 'user_id'  => $user_data->user_id, 'username' => $user_data->username, 'role' => $user_data->user_roles_id, 'default_roster_id' => $profile_data->default_roster_id));
            $this->users_model->clear_login_attempts($this->ci->input->ip_addess, $post_username);
            $session_inserted = $this->users_model->insert_session($this->ci->session->userdata('session_id'), $this->ci->session->userdata('user_id'), $this->ci->input->ip_address(), $this->ci->session->userdata('user_agent'));
            return TRUE;
        }
        else
        {
            if (!$this->is_max_login_attempts_exceeded($post_username))
            {
                if ($this->users_model->increase_login_attempt($this->input->ip_address(), $post_username))
                {
                    return FALSE;
                }
            }
            else
            {
                return FALSE;
            }
        }
    }
    
    /**
     * Login::form_is_valid()
     * 
     * Checks to see if all form validation rules are met. If all rules are met it returns TRUE. If atleast one rule fails then it returns FALSE.
     * @return bool
     */
    private function form_is_valid()
    {
        $this->form_validation->set_rules('username', 'Username', 'trim|required|xss_clean|strtolower');
        $this->form_validation->set_rules('password', 'Password', 'trim|required|xss_clean');
        if ( $this->form_validation->run() )
        {
            return TRUE;
        }
        else
        {
            return FALSE;
        }
    }
    
    /**
     * Login::submit()
     * 
     * Runs various functions to attempt to log the user in. 
     * @return bool
     */
    public function submit()
    {
        if ( $this->form_is_valid() )
        {
            $post_username = $this->input->post('username');
            $post_password = $this->input->post('password');
            
            $user_data = $this->users_model->get_user_data($post_username);
            
            if ( !is_null($user_data))
            {
                if ($user_data->user_status_id == '2')
                {
                    if (!$this->is_max_login_attempts_exceeded($post_username))
                    {
                        if ($this->login($post_username, $post_password, $user_data)) 
                        {
                            $output_array = array('error' => FALSE, 'message' => 'Successful login! Going to the dashboard!');
                        }
                        else
                        {
                            $output_array = array('error' => TRUE, 'message' => 'Incorrect username and password combination!');
                        }
                    }
                    else
                    {
                        $output_array = array('error' => TRUE, 'message' => 'Your account is currently locked, we appologize for the inconvienence. You must wait 30 minutes before you can login again! An email was sent to the owner of this account!');
                    }
                }
                else
                {
                    $output_array = array('error' => TRUE, 'message' => $this->check_user_status_id($user_data->user_status_id));        
                }
            }
            else
            {
                $output_array = array('error' => TRUE, 'message' => 'User was not found in the database!'); 
            }
        }
        else
        {
            $output_array = array('error' => TRUE, 'message' => validation_errors());
        }   
        echo json_encode($output_array); 
    }
}

/* End of file login.php */
/* Location: ./application/controllers/login.php */

 

$(document).ready(function()
{
$.validator.addMethod('regexp', function(value, element, param)
{
	return this.optional(element) || value.match(param);
}, 'This is not have an accepted value!');
var validator = $('#login_form').data('validator');
validator.settings.submitHandler = function()
{
	var dataString = $('form').serialize();
	$.ajax(
	{
		type: 'POST',
		url: 'login/submit',
		data: dataString,
		dataType: 'json',
		success: function(data)
		{
			if (data.error)
			{
				$('.box .content').removeAlertBoxes();
				$('.box .content').alertBox(data.message, {
					type: 'warning',
					icon: true,
					noMargin: false
				});
				$('.box .content .alert').css(
				{
					width: '',
					margin: '0',
					borderLeft: 'none',
					borderRight: 'none',
					borderRadius: 0
				});
			}
			else
			{
                    window.location.replace('cpanel');
			}
		}
	});
}
$('#login_form input[name="username"]').rules('add', {
	required: true,
	minlength: 6,
	maxlength: 12,
	regexp: /^\w+$/
});
$('#login_form input[name="password"]').rules('add', {
	required: true,
	minlength: 6,
	maxlength: 12,
        regexp: /^\w+$/
});
});

[trq]

Sorry, what is the problem?

[Xtremer360]

I'm trying to figure out how to have it show a message saying "Your account is currently locked, we appologize for the inconvienence. You must wait 30 minutes before you can login again! An email was sent to the owner of this account!" like I have in my php on the ACTUAL 5th failed form submission instead of trying to do it on the submission after.

 

[Xtremer360]

I modified my code above to the following however I need to be able to find out if the account is locked and if so if 30 minutes have passed since their last attempt and if so then clear the attempts and let them attempt to login again.

 

if ($this->login($post_username, $post_password, $user_data))
                    {
                        $output_array = array('error' => FALSE, 'message' => 'Successful login! Going to the dashboard!');
                    } 
                    elseif ($this->is_max_login_attempts_exceeded($post_username))
                    {
                        $this->email->from('noreply@kansasoutlawwrestling.com', 'KOW Management Team');
                        $this->email->to($user_data->email_address);
                        $this->email->subject('KOW Manager Max Login Attempts');
                        $this->email->message('Hello '.$user_data->first_name.' '.$user_data->last_name.',<br /><br />We would like to inform you that you or someone else is trying to access your account. They have failed at 5 attempts with your username and password that we have on file. If this is you, you may wait the 30 minutes needed to try again or you may fill out either the forgot username or forgot password forms. Those links are in this email. If this was not you please send an email to the KOW Management Team.<br /><br /><a href="forgotusername">Forgot Username</a><br /><a href="forgotpassword">Forgot Password</a>');
                        $this->email->send();
                        $output_array = array('error' => TRUE, 'message' => 'Your account is currently locked, we appologize for the inconvienence. You must wait 30 minutes before you can login again! An email was sent to the owner of this account! Forgotten your username or password? <a href="forgotusername">Forgot Username</a> or <a href="forgotpassword">Forgot Password</a>');
                    }
                    else
                    {
                        $output_array = array('error' => TRUE, 'message' => 'Incorrect username and password combination!'); 
                    }

[Xtremer360]

Well so far it is inserting a new row on every failed login which is what i wanted. However something is still not working with the max limit because for a few reasons because I did some tests and it would still show the two error messages with the account being locked out and incorrect username/password error message. This was all within 2 minutes so not quite sure if my logic is quite right yet. Also its sending a locked out username and password after every failed attempt now so I'm not sure when I need to have it sent.

 

http://pastebin.com/M1iMaQmq