From db88a00d48d1dce48b8700e460c06ff7fb344f0a Mon Sep 17 00:00:00 2001
From: Frederic Guillot <fred@kanboard.net>
Date: Sat, 1 Aug 2015 12:14:22 -0400
Subject: Add bruteforce protection

---
 app/Controller/Auth.php | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

(limited to 'app/Controller')

diff --git a/app/Controller/Auth.php b/app/Controller/Auth.php
index e8889b7f..bb1154e4 100644
--- a/app/Controller/Auth.php
+++ b/app/Controller/Auth.php
@@ -2,6 +2,8 @@
 
 namespace Controller;
 
+use Gregwar\Captcha\CaptchaBuilder;
+
 /**
  * Authentication controller
  *
@@ -22,6 +24,7 @@ class Auth extends Base
         }
 
         $this->response->html($this->template->layout('auth/index', array(
+            'captcha' => isset($values['username']) && $this->authentication->hasCaptcha($values['username']),
             'errors' => $errors,
             'values' => $values,
             'no_layout' => true,
@@ -64,4 +67,19 @@ class Auth extends Base
         $this->session->close();
         $this->response->redirect($this->helper->url->to('auth', 'login'));
     }
+
+    /**
+     * Display captcha image
+     *
+     * @access public
+     */
+    public function captcha()
+    {
+        $this->response->contentType('image/jpeg');
+
+        $builder = new CaptchaBuilder;
+        $builder->build();
+        $this->session['captcha'] = $builder->getPhrase();
+        $builder->output();
+    }
 }
-- 
cgit v1.2.3