Dingo extended user authentication library

Here's the current feature list:

• Enhancing the security of the user class by allowing login checks against only specific login tokens i.e. id, username, email or any combination of the three.
• Stopping brute force (flooding) login attemps. The login attemps fail silently when a flood is detected even if the user/pass combo is guessed correctly. All configurable.
• Daily logging of brute force attacks.
• All features contained in a new php file for the /system/library folder, so no updating of library sources

Check out the userxtnd.php controller for example usage.

by mungushume@monkeyr.com

Files to add

\application\controller\userxtnd.php
\system\library\userxtnd.php

Files to update

\application\config\development\user.php

Configuration

Configuration options can be added to the user.php file

// User Sin Bin
config::set('user_sin_log',true);	//log flooded login requests (defaults to false if not defined)
config::set('user_sin_max_count',3);	//count before flood is assumed (defaults to 3 if not defined)
config::set('user_sin_secs',10);	//delta for flood to subside (defaults to 10 if not defined)

Changed/Added methods

bool userxtnd::unique ( mixed $i, mixed $what )

This is a direct replacement for the Unique function
This allows you to specify what logintoken('s) you would like to validate against when testing uniqueness.

$loginTokens = array('username', 'email', 'id');

The second parameter can be a string or an array of strings e.g.

userxtnd::unique($username, 'username')
userxtnd::unique($usernameOrEmail, array('username','email))

bool userxtnd::login ( mixed $i, string $password, mixed $what )

This is a direct replacement for the Log In function
This allows you to specify what logintoken('s) you would like to validate against when testing a login request.

$loginTokens = array('username', 'email', 'id');

The third parameter can be a string or an array of strings e.g.

userxtnd::login($username, 'username')
userxtnd::login($usernameOrEmail, array('username','email))

bool userxtnd::loginFloodLess ( mixed $i, string $password, mixed $what )

This is a replacement login function that silently fails on brute force login attacks (flooding)

Flooding is determined as a set number of invalid login attempts from an ip address within a set amount of time

This is a direct replacement for the Log In function
This allows you to specify what logintoken('s) you would like to validate against when testing a login request.

$loginTokens = array('username', 'email', 'id');

The third parameter can be a string or an array of strings e.g.

userxtnd::login($username, 'username')
userxtnd::login($usernameOrEmail, array('username','email))

void userxtnd::buildTables ( )

Call this function once to build both the login flooding tables.
If the tables don't exist when they are first accessed the script will try to create them on the fly. Failing gracefully it it can't.