function _user_resource_flood_control_postcheck in Services 7.3

+ * Emulate native Drupal flood control, phase 2. + * + * This function records a failed login attempt, and triggers an error if a + * flood condition was previously detected. + * + *

Parameters

array $flood_state: + * An array of flood information as returned by + * _user_resource_flood_control_precheck(). + * + * @throws ServicesException + * If a flood condition was previously detected. + * + * @see _user_resource_flood_control_precheck(). + * @see user_login_final_validate(). +

1 call to _user_resource_flood_control_postcheck()

_user_resource_login in resources/user_resource.inc

Login a user using the specified credentials.

File

resources/user_resource.inc, line 1048

Code

function _user_resource_flood_control_postcheck($flood_state) {
  if (empty($flood_state['uid'])) {

    // Always register an IP-based failed login event.
    flood_register_event('failed_login_attempt_ip', variable_get('user_failed_login_ip_window', 3600));

    // Register a per-user failed login event.
    if (isset($flood_state['flood_control_user_identifier'])) {
      flood_register_event('failed_login_attempt_user', variable_get('user_failed_login_user_window', 21600), $flood_state['flood_control_user_identifier']);
    }
    if (isset($flood_state['flood_control_triggered'])) {
      if ($flood_state['flood_control_triggered'] == 'user') {
        services_error(t('Account is temporarily blocked.'), 406);
      }
      else {

        // We did not find a uid, so the limit is IP-based.
        services_error(t('This IP address is temporarily blocked.'), 406);
      }
    }
  }
  elseif (isset($flood_state['flood_control_user_identifier'])) {

    // Clear past failures for this user so as not to block a user who might
    // log in and out more than once in an hour.
    flood_clear_event('failed_login_attempt_user', $flood_state['flood_control_user_identifier']);
  }
}