diff options
| author | friendica <info@friendica.com> | 2014-01-15 15:42:07 -0800 |
|---|---|---|
| committer | friendica <info@friendica.com> | 2014-01-15 15:42:07 -0800 |
| commit | f27d59a094cf755bd78123c703161f32d4b163db (patch) | |
| tree | c4b261f1cbbf85d4153ecee64fe285cc5aa38ec9 | |
| parent | 762a5432494711bf481943a0dee72cf65f7a04bb (diff) | |
| parent | 9f66e5aef325666a0fa6e3f035eaa2c3b35b5b00 (diff) | |
| download | volse-hubzilla-f27d59a094cf755bd78123c703161f32d4b163db.tar.gz volse-hubzilla-f27d59a094cf755bd78123c703161f32d4b163db.tar.bz2 volse-hubzilla-f27d59a094cf755bd78123c703161f32d4b163db.zip | |
Merge pull request #272 from beardy-unixer/master
Probably shouldn't list REGISTER_CLOSED sites on a list of open hubs.
| -rw-r--r-- | include/auth.php | 17 | ||||
| -rw-r--r-- | mod/dirsearch.php | 4 |
2 files changed, 17 insertions, 4 deletions
diff --git a/include/auth.php b/include/auth.php index c0002e6c1..a92f998bf 100644 --- a/include/auth.php +++ b/include/auth.php @@ -34,6 +34,7 @@ function nuke_session() { */ function account_verify_password($email,$pass) { + $r = q("select * from account where account_email = '%s'", dbesc($email) ); @@ -46,7 +47,13 @@ function account_verify_password($email,$pass) { return $record; } } - logger('password failed for ' . $email); + $error = 'password failed for ' . $email; + logger($error); + // Also log failed logins to a separate auth log to reduce overhead for server side intrusion prevention + $authlog = get_config('system', 'authlog'); + if ($authlog) + @file_put_contents($authlog, datetime_convert() . ':' . session_id() . ' ' . $error . "\n", FILE_APPEND); + return null; } @@ -186,7 +193,13 @@ else { } if((! $record) || (! count($record))) { - logger('authenticate: failed login attempt: ' . notags(trim($_POST['username'])) . ' from IP ' . $_SERVER['REMOTE_ADDR']); + $error = 'authenticate: failed login attempt: ' . notags(trim($_POST['username'])) . ' from IP ' . $_SERVER['REMOTE_ADDR']; + logger($error); + // Also log failed logins to a separate auth log to reduce overhead for server side intrusion prevention + $authlog = get_config('system', 'authlog'); + if ($authlog) + @file_put_contents($authlog, datetime_convert() . ':' . session_id() . ' ' . $error . "\n", FILE_APPEND); + notice( t('Login failed.') . EOL ); goaway(z_root()); } diff --git a/mod/dirsearch.php b/mod/dirsearch.php index 7d41ca1b7..59a1d448d 100644 --- a/mod/dirsearch.php +++ b/mod/dirsearch.php @@ -233,7 +233,7 @@ function dirsearch_content(&$a) { function list_public_sites() { - $r = q("select * from site where site_access != 0 order by rand()"); + $r = q("select * from site where site_access != 0 and site_register !=0 order by rand()"); $ret = array('success' => false); if($r) { @@ -269,4 +269,4 @@ function list_public_sites() { } } return $ret; -}
\ No newline at end of file +} |