getLockStatus( $username ) ) { $this->unsuccessfulLogin( $username ); return false; } else if( ! $this->LDAP_authenticate( $username, $password, $domain) ) { $this->unsuccessfulLogin( $username ); return false; } else { $this->successfulLogin( $username ); return true; } } session_start(); return true; } // purpose: determine whether or not the user is locked out // returns true if account is locked, false if unlocked function getLockStatus( $username ) { if( ! $username || $username == '' ) return false; $current_time = mktime( date('h'), date('i'), date('s'), date('m'), date('d'), date('Y') ); $five_minutes = 300; // number of seconds in five minutes // query the database for lock status and time locked require('conf/mysql.conf.php'); $query = "SELECT is_timesheet_locked, lock_time FROM employee WHERE uid='$username';"; $result = mysql_query( $query ); $lock_hash = mysql_fetch_assoc( $result ); // if a manual account lock is enabled, account status is LOCKED if( $lock_hash['is_timesheet_locked'] == 1 ) { $this->manuallyLocked = true; return true; } else { $this->manuallyLocked = false; } // if an automatic time lock is set, deny access if( isset( $lock_hash['lock_time'] ) ) { // has 10 minutes elapsed since locking? if( $lock_hash['lock_time'] + $five_minutes > $current_time ) { $this->timeLocked = true; return true; } // account is LOCKED else { $this->timeLocked = false; return false; } // account is UNLOCKED } // if no time lock is enabled, account status is UNLOCKED else { $this->timeLocked = false; return false; } } // purpose: lock the account of an employee function lockAccount( $username ) { if( ! $username || $username == '' ) return false; $current_time = mktime( date('h'), date('i'), date('s'), date('m'), date('d'), date('Y') ); $query = "UPDATE employee SET lock_time = $current_time " . "WHERE uid = '$username' AND lock_time IS NULL;"; mysql_query( $query ); } // purpose: add unsuccessful login attempt to the tally for this user, lock the account if necessary function unsuccessfulLogin( $username ) { if( ! $username || $username == '' ) return false; $this->isSuccessfulLogin = false; require('conf/mysql.conf.php'); $query = "UPDATE employee SET unsuccessful_attempts = unsuccessful_attempts + 1 " . "WHERE uid = '$username';"; mysql_query( $query ); $query = "SELECT unsuccessful_attempts FROM employee WHERE uid = '$username';"; $result = mysql_query( $query ); $row = mysql_fetch_row( $result ); $num_attempts = $row[0]; if( $num_attempts >= 3 ) $this->lockAccount( $username ); } // purpose: reset the tally for unsuccessful login attempts for this user function successfulLogin( $username ) { if( ! $username || $username == '' ) return false; $this->isSuccessfulLogin = true; require('employee_data.php'); $employee_data = new employee_data($username); $employee_data->saveAll_toSession(); require('conf/mysql.conf.php'); $query = "UPDATE employee SET unsuccessful_attempts = 0, lock_time=NULL " . "WHERE uid='$username';"; mysql_query( $query ); } // purpose: get the current status message for this account, if any function getMessage( $username ) { if( ! $username || $username == '' ) return NULL; if( $this->manuallyLocked == true ) { return "This account is locked, contact administrator for assistance"; } else if( $this->timeLocked == true ) { return "Due to excessive login attempts, this account is temporarily locked. Try again in a few minutes."; } else if( $this->isSuccessfulLogin == false ) { return "Invalid username or password."; } } // purpose: remove all session data for this session function logout() { $_SESSION['logged_in'] = false; session_destroy(); } } ?>