From 98a6a7a9b86b61ab8955cf2990dbd46b23e99b94 Mon Sep 17 00:00:00 2001
From: Ralf Becker <RalfBecker@outdoor-training.de>
Date: Sat, 4 Jul 2020 08:18:10 +0200
Subject: [PATCH] * Login page: use HTTP status code 401 for a failed login, so
 tools like fail2ban can recognice that

---
 login.php | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/login.php b/login.php
index 5e1143da0a..3cd25a6dca 100755
--- a/login.php
+++ b/login.php
@@ -175,6 +175,11 @@ else
 		}
 	}
 
+	// use HTTP status code 401 for a failed login, so tools like fail2ban can recognice that for login page too
+	if ($_GET['cd'] == Api\Session::CD_BAD_LOGIN_OR_PASSWORD)
+	{
+		http_response_code(401);
+	}
 
 	if (isset($passwd_type) || $submit)
 	{