function login_security_validate in Login Security 6

Same name and namespace in other branches

1. 8 login_security.module \login_security_validate()
2. 5 login_security.module \login_security_validate()
3. 7 login_security.module \login_security_validate()
4. 2.x login_security.module \login_security_validate()

Implementation of form validate. This functions does more than just validating, but it's main Intention is to break the login form flow.

Parameters

$form_item: The status of the name field in the form field after being submitted by the user.

1 string reference to 'login_security_validate'

login_security_form_alter in ./login_security.module

Implementation of hook_form_alter().

File

./login_security.module, line 146

Login Security

Code

function login_security_validate($form, &$form_state) {

  // Sanitize user input
  $name = $form_state['values']['name'];

  // Null username should not be tracked
  if (!strlen($name)) {
    return;
  }

  // Expire old tracked entries
  _login_security_remove_events();

  // Populate variables to be used in any module message or login operation
  $variables = _login_security_get_variables_by_name($name);

  // First, check if administrator should be notified of unexpected login activity..
  // Only process if configured threshold > 1
  // see: http://drupal.org/node/583092
  if ($variables['%activity_threshold']) {

    //check if threshold has been reached
    if ($variables['%tracking_current_count'] > $variables['%activity_threshold']) {

      // Check if admin has been already alerted
      if (!variable_get('login_security_threshold_notified', LOGIN_SECURITY_THRESHOLD_NOTIFIED)) {

        //Mark alert status as notified and send the email
        watchdog('login_security', 'Ongoing attack detected: Suspicious activity detected in login form submissions. Too many invalid login attempts threshold reached: currently %tracking_current_count events are tracked, and threshold is configured for %activity_threshold attempts.', $variables, WATCHDOG_WARNING);
        variable_set('login_security_threshold_notified', TRUE);

        //Submit email only if required..
        $login_activity_email_user = variable_get('login_security_login_activity_email_user', LOGIN_SECURITY_LOGIN_ACTIVITY_EMAIL_USER);
        if ($login_activity_email_user !== '') {
          $from = variable_get('site_mail', ini_get('sendmail_from'));
          $admin_mail = db_result(db_query("SELECT mail FROM {users} WHERE name = '%s'", $login_activity_email_user));
          $subject = login_security_t(variable_get('login_security_login_activity_email_subject', LOGIN_SECURITY_LOGIN_ACTIVITY_EMAIL_SUBJECT), $variables);
          $body = login_security_t(variable_get('login_security_login_activity_email_body', LOGIN_SECURITY_LOGIN_ACTIVITY_EMAIL_BODY), $variables);
          $mail = drupal_mail('login_security', 'login_activity_notify', $admin_mail, language_default(), $variables, $from, TRUE);
        }
      }
    }
    elseif (variable_get('login_security_threshold_notified', TRUE) && $variables['%tracking_current_count'] < $variables['%activity_threshold'] / 3) {

      //Reset alert if currently tracked events is < threshold / 3
      watchdog('login_security', 'Suspicious activity in login form submissions is no longer detected: currently %tracking_current_count events are being tracked, and threshold is configured for %activity_threshold maximum allowed attempts).', $variables, WATCHDOG_NOTICE);
      variable_set('login_security_threshold_notified', FALSE);
    }
  }

  // Check for host login attempts: Hard
  if ($variables['%hard_block_attempts'] >= 1) {
    if ($variables['%ip_current_count'] >= $variables['%hard_block_attempts']) {

      // block the host ip_address()
      login_user_block_ip($variables);
    }
  }

  // Check for user login attempts
  if ($variables['%user_block_attempts'] >= 1) {
    if ($variables['%user_current_count'] >= $variables['%user_block_attempts']) {

      // Block the account $name
      login_user_block_user_name($variables);
    }
  }

  // at this point, they're either logged in or not by Drupal core's abuse of the validation hook to login users completely
  global $user;

  // login failed
  if ($user->uid == 0) {
    if (variable_get('login_security_disable_core_login_error', LOGIN_SECURITY_DISABLE_CORE_LOGIN_ERROR)) {

      // resets the form error status so no form fields are highlighted in red
      form_set_error(NULL, '', TRUE);

      // removes "Sorry, unrecognized username or password. Have you forgotten your password?"
      // and any other errors that might be helpful to an attacker
      // it should not reset the attempts message because it is a warning, not an error
      unset($_SESSION['messages']['error']);
    }

    // Should the user be advised about the remaining login attempts?
    $notice_user = variable_get('login_security_notice_attempts_available', LOGIN_SECURITY_NOTICE_ATTEMPTS_AVAILABLE);
    if ($notice_user == TRUE && $variables['%user_block_attempts'] > 0 && $variables['%user_block_attempts'] >= $variables['%user_current_count']) {

      // this loop is instead of doing t() because t() can only translate static strings, not variables.
      drupal_set_message(login_security_t(variable_get('login_security_notice_attempts_message', LOGIN_SECURITY_NOTICE_ATTEMPTS_MESSAGE), $variables), 'warning');
    }
  }
}