1
0
mirror of https://github.com/phpbb/phpbb.git synced 2025-10-26 13:16:14 +01:00

[ticket/16655] Add support for custom error message when exceeding attempts

PHPBB3-16655
This commit is contained in:
Marc Alexander
2021-03-07 12:03:49 +01:00
parent b978fd9dc6
commit bf5f0bb8f7
4 changed files with 45 additions and 10 deletions

View File

@@ -48,6 +48,7 @@ $lang = array_merge($lang, [
'RECAPTCHA_NOSCRIPT' => 'Please enable JavaScript in your browser to load the challenge.',
'RECAPTCHA_NOT_AVAILABLE' => 'In order to use reCaptcha, you must create an account on <a href="https://www.google.com/recaptcha">www.google.com/recaptcha</a>.',
'RECAPTCHA_INVISIBLE' => 'This CAPTCHA is actually invisible. To verify that it works, a small icon should appear in right bottom corner of this page.',
'RECAPTCHA_V3_LOGIN_ERROR_ATTEMPTS' => 'You have exceeded the maximum number of login attempts allowed.<br>In addition to your username and password the invisible reCAPTCHA v3 will be used to authenticate your session.',
'RECAPTCHA_PUBLIC' => 'Site key',
'RECAPTCHA_PUBLIC_EXPLAIN' => 'Your site reCAPTCHA key. Keys can be obtained on <a href="https://www.google.com/recaptcha">www.google.com/recaptcha</a>. Please, use reCAPTCHA v2 &gt; Invisible reCAPTCHA badge type.',

View File

@@ -14,6 +14,7 @@
namespace phpbb\auth\provider;
use phpbb\captcha\factory;
use phpbb\captcha\plugins\captcha_abstract;
use phpbb\config\config;
use phpbb\db\driver\driver_interface;
use phpbb\passwords\manager;
@@ -151,13 +152,27 @@ class db extends base
$attempts = 0;
}
$login_error_attempts = 'LOGIN_ERROR_ATTEMPTS';
$show_captcha = ($this->config['max_login_attempts'] && $row['user_login_attempts'] >= $this->config['max_login_attempts']) ||
($this->config['ip_login_limit_max'] && $attempts >= $this->config['ip_login_limit_max']);
if ($show_captcha)
{
$captcha = $this->captcha_factory->get_instance($this->config['captcha_plugin']);
// Get custom message for login error when exceeding maximum number of attempts
if ($captcha instanceof captcha_abstract)
{
$login_error_attempts = $captcha->get_login_error_attempts();
}
}
if (!$row)
{
if ($this->config['ip_login_limit_max'] && $attempts >= $this->config['ip_login_limit_max'])
{
return array(
'status' => LOGIN_ERROR_ATTEMPTS,
'error_msg' => 'LOGIN_ERROR_ATTEMPTS',
'error_msg' => $login_error_attempts,
'user_row' => array('user_id' => ANONYMOUS),
);
}
@@ -169,21 +184,17 @@ class db extends base
);
}
$show_captcha = ($this->config['max_login_attempts'] && $row['user_login_attempts'] >= $this->config['max_login_attempts']) ||
($this->config['ip_login_limit_max'] && $attempts >= $this->config['ip_login_limit_max']);
// If there are too many login attempts, we need to check for a confirm image
// Every auth module is able to define what to do by itself...
if ($show_captcha)
{
$captcha = $this->captcha_factory->get_instance($this->config['captcha_plugin']);
$captcha->init(CONFIRM_LOGIN);
$vc_response = $captcha->validate($row);
if ($vc_response)
{
return array(
'status' => LOGIN_ERROR_ATTEMPTS,
'error_msg' => 'LOGIN_ERROR_ATTEMPTS',
'error_msg' => $login_error_attempts,
'user_row' => $row,
);
}

View File

@@ -387,4 +387,15 @@ abstract class captcha_abstract
* @return string the name of the class used to generate the captcha
*/
abstract function get_generator_class();
/**
* Get language variable for error message when CAPTCHA is being shown due
* to exceeding the maximum number of login attempts
*
* @return string
*/
public function get_login_error_attempts(): string
{
return 'LOGIN_ERROR_ATTEMPTS';
}
}

View File

@@ -352,4 +352,16 @@ class recaptcha_v3 extends captcha_abstract
return $language->lang('RECAPTCHA_INCORRECT');
}
/**
* {@inheritDoc}
*/
public function get_login_error_attempts(): string
{
global $language;
$language->add_lang('captcha_recaptcha');
return 'RECAPTCHA_V3_LOGIN_ERROR_ATTEMPTS';
}
}