|
@@ -94,23 +94,33 @@
|
94
|
94
|
}
|
95
|
95
|
}
|
96
|
96
|
|
|
97
|
+ /**
|
|
98
|
+ * Retrieves or creates the 'requests' session array, which tracks the number
|
|
99
|
+ * of authentication attempts the user has made recently.
|
|
100
|
+ *
|
|
101
|
+ * @return An array (by reference) containing details about recent requests
|
|
102
|
+ */
|
|
103
|
+ function &getRequests() {
|
|
104
|
+ if (!isset($_SESSION['openid']['requests'])) {
|
|
105
|
+ $_SESSION['openid']['requests'] = array('lasttime' => 0, 'count' => 0);
|
|
106
|
+ }
|
|
107
|
+
|
|
108
|
+ return $_SESSION['openid']['requests'];
|
|
109
|
+ }
|
|
110
|
+
|
97
|
111
|
/**
|
98
|
112
|
* Checks that the user isn't making requests too frequently, and redirects
|
99
|
113
|
* them with an appropriate error if they are.
|
100
|
114
|
*
|
101
|
115
|
* @return An array containing details about the requests that have been made
|
102
|
116
|
*/
|
103
|
|
- function checkRequests() {
|
104
|
|
- if (isset($_SESSION['openid']['requests'])) {
|
105
|
|
- $requests = $_SESSION['openid']['requests'];
|
106
|
|
- } else {
|
107
|
|
- $requests = array('lasttime' => 0, 'count' => 0);
|
108
|
|
- }
|
|
117
|
+ function &checkRequests() {
|
|
118
|
+ $requests = getRequests();
|
109
|
119
|
|
110
|
120
|
if ($requests['lasttime'] < time() - OPENID_THROTTLE_GAP) {
|
111
|
121
|
|
112
|
122
|
// Last request was a while ago, reset the timer
|
113
|
|
- $requests['count'] = 0;
|
|
123
|
+ resetRequests();
|
114
|
124
|
|
115
|
125
|
} else if ($requests['count'] > OPENID_THROTTLE_NUM) {
|
116
|
126
|
|
|
@@ -127,6 +137,25 @@
|
127
|
137
|
return $requests;
|
128
|
138
|
}
|
129
|
139
|
|
|
140
|
+ /**
|
|
141
|
+ * Resets the recent requests counter (for example, after the required time
|
|
142
|
+ * has ellapsed, or after the user has successfully logged in).
|
|
143
|
+ *
|
|
144
|
+ * @param $decrement If true, the count will be decremented instead of cleared
|
|
145
|
+ * @return A copy of the requests array
|
|
146
|
+ */
|
|
147
|
+ function &resetRequests($decrement = false) {
|
|
148
|
+ $requests = getRequests();
|
|
149
|
+
|
|
150
|
+ if ($decrement) {
|
|
151
|
+ $requests['count'] = max($requests['count'] - 1, 0);
|
|
152
|
+ } else {
|
|
153
|
+ $requests['count'] = 0;
|
|
154
|
+ }
|
|
155
|
+
|
|
156
|
+ return $requests;
|
|
157
|
+ }
|
|
158
|
+
|
130
|
159
|
/**
|
131
|
160
|
* Attempts to perform discovery on the specified URL, redirecting the user
|
132
|
161
|
* with an appropriate error if discovery fails.
|
|
@@ -254,6 +283,7 @@
|
254
|
283
|
if ($disc->hasServer($_SESSION['openid']['server'])) {
|
255
|
284
|
$_SESSION['openid']['identity'] = $_REQUEST['openid_identity'];
|
256
|
285
|
$_SESSION['openid']['delegate'] = $_REQUEST['openid_claimed_id'];
|
|
286
|
+ resetRequests(true);
|
257
|
287
|
} else {
|
258
|
288
|
error('diffid', 'The OP at ' . $_SESSION['openid']['server'] . ' is attmpting to claim ' . $_REQUEST['openid_claimed_id'] . ' but ' . ($disc->getServer() == null ? 'that isn\'t a valid identifier' : 'that identifier only authorises ' . $disc->getServer()));
|
259
|
289
|
}
|
|
@@ -288,7 +318,7 @@
|
288
|
318
|
}
|
289
|
319
|
|
290
|
320
|
parseSRegResponse();
|
291
|
|
- URLBuilder::redirect();
|
|
321
|
+ URLBuilder::redirect();
|
292
|
322
|
}
|
293
|
323
|
|
294
|
324
|
/**
|