function _user_resource_flood_control_postcheck in Services 7.3
+ * Emulate native Drupal flood control, phase 2. + * + * This function records a failed login attempt, and triggers an error if a + * flood condition was previously detected. + * + *
Parameters
array $flood_state: + * An array of flood information as returned by + * _user_resource_flood_control_precheck(). + * + * @throws ServicesException + * If a flood condition was previously detected. + * + * @see _user_resource_flood_control_precheck(). + * @see user_login_final_validate(). +
1 call to _user_resource_flood_control_postcheck()
- _user_resource_login in resources/
user_resource.inc - Login a user using the specified credentials.
File
- resources/
user_resource.inc, line 1048
Code
function _user_resource_flood_control_postcheck($flood_state) {
if (empty($flood_state['uid'])) {
// Always register an IP-based failed login event.
flood_register_event('failed_login_attempt_ip', variable_get('user_failed_login_ip_window', 3600));
// Register a per-user failed login event.
if (isset($flood_state['flood_control_user_identifier'])) {
flood_register_event('failed_login_attempt_user', variable_get('user_failed_login_user_window', 21600), $flood_state['flood_control_user_identifier']);
}
if (isset($flood_state['flood_control_triggered'])) {
if ($flood_state['flood_control_triggered'] == 'user') {
services_error(t('Account is temporarily blocked.'), 406);
}
else {
// We did not find a uid, so the limit is IP-based.
services_error(t('This IP address is temporarily blocked.'), 406);
}
}
}
elseif (isset($flood_state['flood_control_user_identifier'])) {
// Clear past failures for this user so as not to block a user who might
// log in and out more than once in an hour.
flood_clear_event('failed_login_attempt_user', $flood_state['flood_control_user_identifier']);
}
}