Bug fixes

admin/controllers/login.php

@@ -18,10 +18,8 @@
 
 if( $_SERVER['REQUEST_METHOD'] == 'POST' )
 {
-	$username = Sanitize::html($_POST['username']);
+	// Verify User sanitize the input
-	$password = Sanitize::html($_POST['password']);
+	if( $Login->verifyUser($_POST['username'], $_POST['password']) )
-
-	if( $Login->verifyUser($username, $password) )
 	{
 		Redirect::page('admin', 'dashboard');
 	}

index.php

@@ -24,8 +24,8 @@ define('BLUDIT', true);
 define('DS', DIRECTORY_SEPARATOR);
 
 // PHP paths
-define('PATH_ROOT',	__DIR__.DS);
+define('PATH_ROOT', __DIR__.DS);
-define('PATH_BOOT',	PATH_ROOT.'kernel'.DS.'boot'.DS);
+define('PATH_BOOT', PATH_ROOT.'kernel'.DS.'boot'.DS);
 
 // Init
 require(PATH_BOOT.'init.php');

kernel/boot/admin.php

@@ -52,6 +52,9 @@ else
 		$layout['template']	= 'login.php';
 	}
 
+	// Plugins before admin area loaded
+	Theme::plugins('beforeAdminLoad');
+
 	// Admin theme init.php
 	if( Sanitize::pathFile(PATH_ADMIN_THEMES, $Site->adminTheme().DS.'init.php') )
 		include(PATH_ADMIN_THEMES.$Site->adminTheme().DS.'init.php');
@@ -63,4 +66,7 @@ else
 	// Load view and theme
 	if( Sanitize::pathFile(PATH_ADMIN_THEMES, $Site->adminTheme().DS.$layout['template']) )
 		include(PATH_ADMIN_THEMES.$Site->adminTheme().DS.$layout['template']);
+
+	// Plugins after admin area loaded
+	Theme::plugins('afterAdminLoad');
 }

kernel/boot/rules/80.plugins.php

@@ -21,6 +21,8 @@ $plugins = array(
 	'adminBodyBegin'=>array(),
 	'adminBodyEnd'=>array(),
 	'adminSidebar'=>array(),
+	'beforeAdminLoad'=>array(),
+	'afterAdminLoad'=>array(),
 
 	'loginHead'=>array(),
 	'loginBodyBegin'=>array(),

kernel/login.class.php

@@ -23,8 +23,8 @@ class Login {
 	{
 		Session::set('username',	$username);
 		Session::set('role', 		$role);
-		Session::set('fingerPrint', $this->fingerPrint());
+		Session::set('fingerPrint',	$this->fingerPrint());
-		Session::set('sessionTime', time());
+		Session::set('sessionTime',	time());
 
 		Log::set(__METHOD__.LOG_SEP.'Set fingerPrint: '.$this->fingerPrint());
 	}
@@ -52,6 +52,9 @@ class Login {
 
 	public function verifyUser($username, $password)
 	{
+		$username = Sanitize::html($username);
+		$password = Sanitize::html($password);
+
 		$username = trim($username);
 		$password = trim($password);
 

kernel/security.class.php

@@ -0,0 +1,43 @@
+<?php defined('BLUDIT') or die('Bludit CMS.');
+
+class Security extends dbJSON
+{
+	private $dbFields = array(
+		'minutesBlocked'=>5,
+		'numberFailures'=>10
+	);
+
+	function __construct()
+	{
+		parent::__construct(PATH_DATABASES.'security.php');
+	}
+
+
+
+	public function addLoginFail()
+	{
+		$ip = $this->getUserIp();
+
+		// Save the database
+		$this->db[$ip] = (int)$this->db[$ip] + 1;
+		if( $this->save() === false ) {
+			Log::set(__METHOD__.LOG_SEP.'Error occurred when trying to save the database file.');
+			return false;
+		}
+
+		return true;
+	}
+
+	public function getUserIp()
+	{
+		// User IP
+		if(getenv('HTTP_X_FORWARDED_FOR'))
+			$ip = getenv('HTTP_X_FORWARDED_FOR');
+		elseif(getenv('HTTP_CLIENT_IP'))
+			$ip = getenv('HTTP_CLIENT_IP');
+		else
+			$ip = getenv('REMOTE_ADDR');
+
+		return $ip;
+	}
+}