1 files changed, 26 insertions, 3 deletions

diff --git a/include/auth.php b/include/auth.php
index c0002e6c1..a3b028c73 100644
--- a/include/auth.php
+++ b/include/auth.php
@@ -34,6 +34,7 @@ function nuke_session() {
  */
 
 function account_verify_password($email,$pass) {
+
 	$r = q("select * from account where account_email = '%s'",
 		dbesc($email)
 	);
@@ -46,7 +47,13 @@ function account_verify_password($email,$pass) {
 			return $record;
 		}
 	}
-	logger('password failed for ' . $email);
+	$error = 'password failed for ' . $email;
+	logger($error);
+	// Also log failed logins to a separate auth log to reduce overhead for server side intrusion prevention
+	$authlog = get_config('system', 'authlog');
+	if ($authlog)
+		@file_put_contents($authlog, datetime_convert() . ':' . session_id() . ' ' . $error . "\n", FILE_APPEND);
+
 	return null;
 }
 
@@ -86,7 +93,7 @@ if((isset($_SESSION)) && (x($_SESSION,'authenticated')) && ((! (x($_POST,'auth-p
 			}
 		}
 
-		$r = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash where hubloc_hash = '%s' limit 1",
+		$r = q("select * from xchan left join hubloc on xchan_hash = hubloc_hash where xchan_hash = '%s' limit 1",
 			dbesc($_SESSION['visitor_id'])
 		);
 		if($r) {
@@ -186,7 +193,13 @@ else {
 		}
 
 		if((! $record) || (! count($record))) {
-			logger('authenticate: failed login attempt: ' . notags(trim($_POST['username'])) . ' from IP ' . $_SERVER['REMOTE_ADDR']); 
+			$error = 'authenticate: failed login attempt: ' . notags(trim($_POST['username'])) . ' from IP ' . $_SERVER['REMOTE_ADDR'];
+			logger($error); 
+			// Also log failed logins to a separate auth log to reduce overhead for server side intrusion prevention
+		        $authlog = get_config('system', 'authlog');
+		        if ($authlog)
+		        @file_put_contents($authlog, datetime_convert() . ':' . session_id() . ' ' . $error . "\n", FILE_APPEND);
+
 			notice( t('Login failed.') . EOL );
 			goaway(z_root());
   		}
@@ -217,3 +230,13 @@ else {
 		authenticate_success($record, true, true);
 	}
 }
+
+
+function match_openid($authid) {
+	$r = q("select * from pconfig where cat = 'system' and k = 'openid' and v = '%s' limit 1",
+		dbesc($authid)
+	);
+	if($r)
+		return $r[0]['uid'];
+	return false;
+}