From 0123dc5d89e4860470d8a96f8b88b8eb5d962be9 Mon Sep 17 00:00:00 2001 From: Ralf Becker Date: Sat, 22 Nov 2008 08:14:59 +0000 Subject: [PATCH] "dont log failed login attempts for the anon user, as it is a simple dos to sitemgr" --- phpgwapi/inc/class.egw_session.inc.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/phpgwapi/inc/class.egw_session.inc.php b/phpgwapi/inc/class.egw_session.inc.php index 0b7ab9e443..ad0593d4da 100644 --- a/phpgwapi/inc/class.egw_session.inc.php +++ b/phpgwapi/inc/class.egw_session.inc.php @@ -484,7 +484,11 @@ class egw_session $this->reason = $blocked ? 'blocked, too many attempts' : 'bad login or password'; $this->cd_reason = $blocked ? 99 : 5; - $this->log_access($this->reason,$login,$user_ip,0); // log unsuccessfull login + // we dont log anon users as it would block the website + if (!$GLOBALS['egw']->acl->get_specific_rights_for_account($this->account_id,'anonymous','phpgwapi')) + { + $this->log_access($this->reason,$login,$user_ip,0); // log unsuccessfull login + } return false; }