diff options
Diffstat (limited to 'include/auth.php')
| -rw-r--r-- | include/auth.php | 22 |
1 files changed, 18 insertions, 4 deletions
diff --git a/include/auth.php b/include/auth.php index 94c64e58d..545fbe8c9 100644 --- a/include/auth.php +++ b/include/auth.php @@ -41,6 +41,9 @@ function nuke_session() { /** * @brief Verify login credentials. * + * If system <i>authlog</i> is set a log entry will be added for failed login + * attempts. + * * @param string $email * The email address to verify. * @param string $pass @@ -88,14 +91,25 @@ function account_verify_password($email, $pass) { if($record['account_flags'] & ACCOUNT_PENDING) logger('Account is pending. account_flags = ' . $record['account_flags']); - // Also log failed logins to a separate auth log to reduce overhead for server side intrusion prevention - $authlog = get_config('system', 'authlog'); - if ($authlog) - @file_put_contents($authlog, datetime_convert() . ':' . session_id() . ' ' . $error . "\n", FILE_APPEND); + log_failed_login($error); return null; } +/** + * @brief Log failed logins to a separate auth log. + * + * Can be used to reduce overhead for server side intrusion prevention, like + * parse the authlog file with something like fail2ban, OSSEC, etc. + * + * @param string $errormsg + * Error message to display for failed login. + */ +function log_failed_login($errormsg) { + $authlog = get_config('system', 'authlog'); + if ($authlog) + @file_put_contents($authlog, datetime_convert() . ':' . session_id() . ' ' . $errormsg . PHP_EOL, FILE_APPEND); +} /** * Inline - not a function |