Symphony.

You'll need to get your hands dirty. Take a look in the extension's driver at these two methods and it will give you a good idea on how to use the façade/singleton class.

/**
 *
 * Delegate fired when a login fails
 * @param array $context
 */
public function authorLoginFailure($context) {
    // do not do anything is ip is white listed
    if (!ABF::instance()->isWhiteListed()) {

        // register failure in DB
        ABF::instance()->registerFailure($context['username'], self::EXT_NAME);

        // if user is now banned
        if (ABF::instance()->isCurrentlyBanned()) {
            // register into grey list
            ABF::instance()->registerToGreyList(self::EXT_NAME);
            // move to black list if necessary
            ABF::instance()->moveGreyToBlack(self::EXT_NAME);
        }
    }
}

/**
 *
 * Delegate fired when a author is logged in correctly
 * N.B. Fired on each and every page in the admin *except* login
 * @param array $context
 */
public function authorLoginSuccess($context) {
    // Since user can still post data to the login page
    // we don't want them to be able to know they guessed it right.
    // So, if user is loggued in but still ban, we logout them
    if (ABF::instance()->isCurrentlyBanned()) {
        Administration::instance()->logout();
    } else {
        // unregister any result with current IP
        ABF::instance()->unregisterFailure();
    }
}

Ah, you're not kidding.

I can parse most of that, but I'm not sure where I'd start getting it to work with the members extension - the backend stuff is still a mystery to me when it comes to Symphony, also the area I'm least qualified to deal with unfortunately.

Don't suppose anyone else has done a relatively simple integration of this with the members extension? Else I might be sending a Tweet over @SymphonyGigs way.

I want to send a pull request to Members with integration at some point, but I would only be procrastinating if I took it on at the moment.

I think Members needs this and it can be integrated in such a way that if it's not installed then Members won't use it and work fine without it (i.e. no dependency).

Hi, I would require some assistance with this extension. So I installed the Anti Brute Force extension on my personal page because it sounded awesome and I wanted to see what it does. Then, later on I begun work on another symphony project. I made a new mysql database and assigned my user account to it. But, I decided I needed a new password for my account so I changed it.

Then, when I returned to my personal page, I saw it had a database error. I figured I had to change the old password in the manifest file into the new one. So I did, but when I refreshed it threw the error 'Symphony Fatal Error: Can not load settings. Can not continue.'. Soo.. I guess I got to see what this extension does.

So what do I do? Did I blacklist my own ip? Is there a way to uninstall the extension from outside the admin section? I got my ensemble backed up but I'm just curious to see how this works.

if you blacklist your own ip, jaust whitelist it with myphpadmin or console:

tables are symphonytableprefix(sym_ per default) and antibruteforcebl you can delete you blacklisted ip antibruteforcewl you can add you ip to whitelist.

Hi,

When I check those tables in PHPmyadmin it returns "MySQL returned an empty result set (i.e. zero rows). (Query took 0.0006 sec)" so that means I did not blacklist myself.

The full error I get is:

// only if already installed
if ($this->_isInstalled) {
// assure access to settings
// fail is not settings, since this is a security software
  if (count($this->_setings) < 1) {
    throw new Exception('Can not load settings. Can not continue.');
  }
 }
}

• I just deleted the brute force row from the extensions table and I got my site back up, so you could consider this as unimportant.

The error actually looks like no configuration data could be read from your config file. Check the permissions?

Are there any plans still alive to make this extension work with the Members extension?

@michael-e

We actually commissioned a companion extension for exactly this purpose, built by @iwyg - however it was paid for by the client, and so technically owned by them, so I wouldn't feel comfortable making the repo public. My suggestion would be to reach out to Thomas, he may be able to provide some 'advice' on how to integrate it.

I'm tempted to reach out to the client and ask if they'd mind open-sourcing it - the main thing that puts me off is that someone would need to maintain it (and that person is unlikely to be me).

@natahnhornby: I understand, because I also maintain some extensions that are not public for the same reasons.

Who is Thomas, btw?

Sorry, I interchanged names, iwyg = Thomas Appel

Thanks a lot!

For anyone else interested the anti brute force filter for the members extension can be found here: https://github.com/nathanhornby/abffilter

Currently to be treated as unmaintained - but hopefully it'll get picked up and updated in time!

Excellent. Thanks!

@Nathan: Again (as emailed today), thanks for releasing this, really appreciated!

No problem Michael - let the code be free!

Excellent stuff. Thanks!

@vladG: I have released a simplified (and maintained) version of this: https://github.com/michael-e/members_anti_brute_force

[EDIT]: Ah, you already noticed it.

Excellent news, thanks @michael-e - there is another adaptation lying around as well, I was emailed about it, but can't seem to find it now… besides it's good that people are picking this up.