aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorfriendica <info@friendica.com>2014-01-15 15:42:07 -0800
committerfriendica <info@friendica.com>2014-01-15 15:42:07 -0800
commitf27d59a094cf755bd78123c703161f32d4b163db (patch)
treec4b261f1cbbf85d4153ecee64fe285cc5aa38ec9
parent762a5432494711bf481943a0dee72cf65f7a04bb (diff)
parent9f66e5aef325666a0fa6e3f035eaa2c3b35b5b00 (diff)
downloadvolse-hubzilla-f27d59a094cf755bd78123c703161f32d4b163db.tar.gz
volse-hubzilla-f27d59a094cf755bd78123c703161f32d4b163db.tar.bz2
volse-hubzilla-f27d59a094cf755bd78123c703161f32d4b163db.zip
Merge pull request #272 from beardy-unixer/master
Probably shouldn't list REGISTER_CLOSED sites on a list of open hubs.
-rw-r--r--include/auth.php17
-rw-r--r--mod/dirsearch.php4
2 files changed, 17 insertions, 4 deletions
diff --git a/include/auth.php b/include/auth.php
index c0002e6c1..a92f998bf 100644
--- a/include/auth.php
+++ b/include/auth.php
@@ -34,6 +34,7 @@ function nuke_session() {
*/
function account_verify_password($email,$pass) {
+
$r = q("select * from account where account_email = '%s'",
dbesc($email)
);
@@ -46,7 +47,13 @@ function account_verify_password($email,$pass) {
return $record;
}
}
- logger('password failed for ' . $email);
+ $error = 'password failed for ' . $email;
+ logger($error);
+ // Also log failed logins to a separate auth log to reduce overhead for server side intrusion prevention
+ $authlog = get_config('system', 'authlog');
+ if ($authlog)
+ @file_put_contents($authlog, datetime_convert() . ':' . session_id() . ' ' . $error . "\n", FILE_APPEND);
+
return null;
}
@@ -186,7 +193,13 @@ else {
}
if((! $record) || (! count($record))) {
- logger('authenticate: failed login attempt: ' . notags(trim($_POST['username'])) . ' from IP ' . $_SERVER['REMOTE_ADDR']);
+ $error = 'authenticate: failed login attempt: ' . notags(trim($_POST['username'])) . ' from IP ' . $_SERVER['REMOTE_ADDR'];
+ logger($error);
+ // Also log failed logins to a separate auth log to reduce overhead for server side intrusion prevention
+ $authlog = get_config('system', 'authlog');
+ if ($authlog)
+ @file_put_contents($authlog, datetime_convert() . ':' . session_id() . ' ' . $error . "\n", FILE_APPEND);
+
notice( t('Login failed.') . EOL );
goaway(z_root());
}
diff --git a/mod/dirsearch.php b/mod/dirsearch.php
index 7d41ca1b7..59a1d448d 100644
--- a/mod/dirsearch.php
+++ b/mod/dirsearch.php
@@ -233,7 +233,7 @@ function dirsearch_content(&$a) {
function list_public_sites() {
- $r = q("select * from site where site_access != 0 order by rand()");
+ $r = q("select * from site where site_access != 0 and site_register !=0 order by rand()");
$ret = array('success' => false);
if($r) {
@@ -269,4 +269,4 @@ function list_public_sites() {
}
}
return $ret;
-} \ No newline at end of file
+}