RdbAdmin Module

BruteForceLoginPrevention extends BaseController
in package

Brute-force attack on login prevention.

Tags
link

OWASP device cookie document.

Table of Contents

Properties

$Cache  : CacheInterface
$cacheBasedPath  : string
$cacheKeyFailCount  : string
$cacheKeyFailTime  : string
$configDb  : array<string|int, mixed>
$deviceCookieError  : string
$deviceCookieExpire  : int
$deviceCookieName  : string
$deviceCookieSignature  : string|null
$deviceCookieValue  : array<string|int, mixed>
$Input  : Input
$jwtAlgo  : string
$Languages  : Languages
$runnedCronResult  : array<string|int, mixed>

Methods

__construct()  : mixed
{@inheritDoc}
__get()  : mixed
Magic __get
checkBruteForceStatus()  : array<string|int, mixed>
Check for brute-force status.
deleteBruteForceIpStatus()  : mixed
Delete brute-force locked based on IP.
issueNewDeviceCookie()  : mixed
Issue new device cookie to user’s client
registerFailedAuth()  : mixed
Register failed authentication.
getDeviceCookie()  : array<string|int, mixed>
Get device cookie and decode it.
getPageHtmlClasses()  : string
Get page HTML classes.
getPageHtmlTitle()  : string
Get page HTML title including site name if it was set.
maybeRunCron()  : mixed
Maybe run cron job if config is set to not use server cron.
removeDeviceCookie()  : mixed
Remove a device cookie.
responseJson()  : string
{@inheritDoc}
responseXml()  : string
{@inheritDoc}
setBasicConfig()  : mixed
Setup basic PHP configurations such as default timezone.
setHeaderAllowOrigin()  : mixed
Set header allow origin for CORS.
validateDeviceCookie()  : bool
Validate device cookie.
isModuleExcute()  : bool
Check if current call is `Modules->execute()`

Properties

$cacheBasedPath

protected string $cacheBasedPath = STORAGE_PATH . '/cache/Modules/RdbAdmin/Controllers/_SubControllers/BruteForceLoginPrevention'

The cache based folder.

$cacheKeyFailCount

protected string $cacheKeyFailCount

The cache key of total login failed count. This cache key will be set and delete only in this controller.

$cacheKeyFailTime

protected string $cacheKeyFailTime

The cache key of latest login failed timestamp. This cache key will be set and delete only in this controller.

$deviceCookieError

protected string $deviceCookieError

The error message after called to getDeviceCookie() method.

$deviceCookieExpire

protected int $deviceCookieExpire = 730

The number of days that this cookie will be expired.

$deviceCookieName

protected string $deviceCookieName = 'rdbadmin_cookie_devicecookie'

The name of device cookie.

$deviceCookieSignature

protected string|null $deviceCookieSignature

The device cookie signature string. This will be set after called to issueNewDeviceCookie() method.

$deviceCookieValue

protected array<string|int, mixed> $deviceCookieValue = []

The decoded device cookie value after called to getDeviceCookie(), validateDeviceCookie() methods.

$runnedCronResult

protected array<string|int, mixed> $runnedCronResult = []

Runned cron jobs result. This is for use in case that set cron job, cron tab to run by URL. The CronController will be call to this BaseController. So, it is no need to using Libraries\Cron class to run jobs again. Just get the run result from this property. This property will be set by maybeRunCron() method.

Methods

__construct()

{@inheritDoc}

public __construct(Container $Container[, array<string|int, mixed> $configDb = [] ]) : mixed
Parameters
$Container : Container
$configDb : array<string|int, mixed> = []

The configuration values in DB.

checkBruteForceStatus()

Check for brute-force status.

public checkBruteForceStatus([string $user_login_email = null ]) : array<string|int, mixed>

Call this method before check login credentials. Check the return array key that status must be authenticate only. Otherwise show the error message to user.

Parameters
$user_login_email : string = null

The input login identity (username or email depend on how system use it).

Return values
array<string|int, mixed>

Return associative array with these keys.
status will be authenticate on success or no problem, reject if there is a problem, rejectvalid if there is valid device cookie but enter incorrect credentials.
In case of rejectvalid I recommend to send login link with special token to user's email.
totalFailed (may exists or not) Total failed count.
failedTime (may exists or not) The latest failed timestamp.
waitUntil (for failed status such as reject, rejectvalid) The date/time format for wait until it gets unlocked.
errorMessage (for failed status such as reject, rejectvalid) The error message.
statusCode (may exists or not) The HTTP response status code. resultBy (only visible on development mode) Result by which protection. It can be 'ipBase', 'deviceCookie'.

deleteBruteForceIpStatus()

Delete brute-force locked based on IP.

public deleteBruteForceIpStatus() : mixed

Call this method once login success.

issueNewDeviceCookie()

Issue new device cookie to user’s client

public issueNewDeviceCookie(string $user_login_email) : mixed

Call this method once login success.
This method will send the set cookie header to client.

Parameters
$user_login_email : string

The input login identity (username or email depend on how system use it).

registerFailedAuth()

Register failed authentication.

public registerFailedAuth([array<string|int, mixed> $data = [] ]) : mixed

Call this method once login failed.

Parameters
$data : array<string|int, mixed> = []

The associative array with these data.
user_id If in case that found user_login or email.
user_login_email User login (username) or email. Depend on how login system use this identity. Use for validate device cookie only.
userlogin_result_text Login result text (for record login failed).
userlogin_result_text_data For replace placeholder in userlogin_result_text if present.

getDeviceCookie()

Get device cookie and decode it.

protected getDeviceCookie() : array<string|int, mixed>

Once get the cookie and decode successfully, you can access the data from return value or via deviceCookieValue property.

Return values
array<string|int, mixed>

Return array content of device cookie. If it is not exists or something wrong then it will return empty array.

getPageHtmlClasses()

Get page HTML classes.

protected getPageHtmlClasses([array<string|int, mixed> $classes = [] ]) : string
Parameters
$classes : array<string|int, mixed> = []

The classes to set for this html page.

Tags
todo

[rdb] Remove auto generate class name rdba-page-, use new one rdba-pagehtml- to prevent duplicate use in many cases. Remove this in v2.0

todo

[rdb] Remove auto generate class name rdba-class-, use new one rdba-calledclass- to prevent duplicate use in many cases. Remove this in v2.0

Return values
string

Return generated html classes names.

getPageHtmlTitle()

Get page HTML title including site name if it was set.

protected getPageHtmlTitle(string $title[, string|null|false $siteName = false ]) : string
Parameters
$title : string

The site title.

$siteName : string|null|false = false

Site name should be string.
Set to empty string or null will not include the site name.
Set to false to automatic get the site name from config DB.

Tags
throws
InvalidArgumentException
Return values
string

maybeRunCron()

Maybe run cron job if config is set to not use server cron.

protected maybeRunCron() : mixed

removeDeviceCookie()

Remove a device cookie.

protected removeDeviceCookie() : mixed

Send set cookie header to client that it is expired.

responseJson()

{@inheritDoc}

protected responseJson(mixed $output) : string
Parameters
$output : mixed
Return values
string

responseXml()

{@inheritDoc}

protected responseXml(mixed $output) : string
Parameters
$output : mixed
Return values
string

setBasicConfig()

Setup basic PHP configurations such as default timezone.

protected setBasicConfig() : mixed

setHeaderAllowOrigin()

Set header allow origin for CORS.

protected setHeaderAllowOrigin() : mixed

validateDeviceCookie()

Validate device cookie.

protected validateDeviceCookie(string $userLoginEmail) : bool

This method will call getDeviceCookie() method which is allow you to access device cookie value via deviceCookieValue property.

Parameters
$userLoginEmail : string
Tags
partam

string $userLoginEmail The input login identity (username or email depend on how system use it).

Return values
bool

Return true if device cookie is correct and the login contain in the cookie is matched the user who is trying to authenticate. Return false for otherwise.

isModuleExcute()

Check if current call is `Modules->execute()`

private isModuleExcute() : bool

This method was called from maybeRunCron(), __construct().

Tags
since
1.2.9
Return values
bool

Return true if it is, false if it is not.


        

        
    




    

    

                                

                

                                
    

        On this page

        
    


                

                            

            

    

        

            
Search results