aboutsummaryrefslogtreecommitdiffstats
path: root/include/auth.php
diff options
context:
space:
mode:
Diffstat (limited to 'include/auth.php')
-rw-r--r--include/auth.php24
1 files changed, 19 insertions, 5 deletions
diff --git a/include/auth.php b/include/auth.php
index 94c64e58d..c4bbaf546 100644
--- a/include/auth.php
+++ b/include/auth.php
@@ -41,6 +41,9 @@ function nuke_session() {
/**
* @brief Verify login credentials.
*
+ * If system <i>authlog</i> is set a log entry will be added for failed login
+ * attempts.
+ *
* @param string $email
* The email address to verify.
* @param string $pass
@@ -88,14 +91,25 @@ function account_verify_password($email, $pass) {
if($record['account_flags'] & ACCOUNT_PENDING)
logger('Account is pending. account_flags = ' . $record['account_flags']);
- // Also log failed logins to a separate auth log to reduce overhead for server side intrusion prevention
- $authlog = get_config('system', 'authlog');
- if ($authlog)
- @file_put_contents($authlog, datetime_convert() . ':' . session_id() . ' ' . $error . "\n", FILE_APPEND);
+ log_failed_login($error);
return null;
}
+/**
+ * @brief Log failed logins to a separate auth log.
+ *
+ * Can be used to reduce overhead for server side intrusion prevention, like
+ * parse the authlog file with something like fail2ban, OSSEC, etc.
+ *
+ * @param string $errormsg
+ * Error message to display for failed login.
+ */
+function log_failed_login($errormsg) {
+ $authlog = get_config('system', 'authlog');
+ if ($authlog)
+ @file_put_contents($authlog, datetime_convert() . ':' . session_id() . ' ' . $errormsg . PHP_EOL, FILE_APPEND);
+}
/**
* Inline - not a function
@@ -269,7 +283,7 @@ else {
@file_put_contents($authlog, datetime_convert() . ':' . session_id() . ' ' . $error . "\n", FILE_APPEND);
notice( t('Login failed.') . EOL );
- goaway(z_root());
+ goaway(z_root() . '/login');
}
// If the user specified to remember the authentication, then change the cookie