forked from extern/egroupware
if we can not store failed login attempts in database, store it in cache
This commit is contained in:
parent
8ac7684f66
commit
f800ab008b
@ -670,6 +670,12 @@ class Session
|
|||||||
*/
|
*/
|
||||||
const ACCESS_LOG_TABLE = 'egw_access_log';
|
const ACCESS_LOG_TABLE = 'egw_access_log';
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Prefix used to log unsucessful login attempts in cache, if DB is unavailable
|
||||||
|
*/
|
||||||
|
const FALSE_IP_CACHE_PREFIX = 'false_ip-';
|
||||||
|
const FALSE_ID_CACHE_PREFIX = 'false_id-';
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Write or update (for logout) the access_log
|
* Write or update (for logout) the access_log
|
||||||
*
|
*
|
||||||
@ -697,6 +703,18 @@ class Session
|
|||||||
),false,__LINE__,__FILE__);
|
),false,__LINE__,__FILE__);
|
||||||
|
|
||||||
$ret = $GLOBALS['egw']->db->get_last_insert_id(self::ACCESS_LOG_TABLE,'sessionid');
|
$ret = $GLOBALS['egw']->db->get_last_insert_id(self::ACCESS_LOG_TABLE,'sessionid');
|
||||||
|
|
||||||
|
// if we can not store failed login attempts in database, store it in cache
|
||||||
|
if (!$ret && !$account_id)
|
||||||
|
{
|
||||||
|
Cache::setInstance(__CLASS__, self::FALSE_IP_CACHE_PREFIX.$user_ip,
|
||||||
|
1+Cache::getInstance(__CLASS__, self::FALSE_IP_CACHE_PREFIX.$user_ip),
|
||||||
|
$GLOBALS['egw_info']['server']['block_time'] * 60);
|
||||||
|
|
||||||
|
Cache::setInstance(__CLASS__, self::FALSE_ID_CACHE_PREFIX.$login,
|
||||||
|
1+Cache::getInstance(__CLASS__, self::FALSE_ID_CACHE_PREFIX.$login),
|
||||||
|
$GLOBALS['egw_info']['server']['block_time'] * 60);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
@ -768,6 +786,11 @@ class Session
|
|||||||
{
|
{
|
||||||
${$row['name']} += $row['num'];
|
${$row['name']} += $row['num'];
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// check cache too, in case DB is readonly
|
||||||
|
$false_ip += Cache::getInstance(__CLASS__, self::FALSE_IP_CACHE_PREFIX.$ip);
|
||||||
|
$false_id += Cache::getInstance(__CLASS__, self::FALSE_ID_CACHE_PREFIX.$login);
|
||||||
|
|
||||||
$blocked = $false_ip > $GLOBALS['egw_info']['server']['num_unsuccessful_ip'] ||
|
$blocked = $false_ip > $GLOBALS['egw_info']['server']['num_unsuccessful_ip'] ||
|
||||||
$false_id > $GLOBALS['egw_info']['server']['num_unsuccessful_id'];
|
$false_id > $GLOBALS['egw_info']['server']['num_unsuccessful_id'];
|
||||||
//error_log(__METHOD__."('$login', '$ip') false_ip=$false_ip, false_id=$false_id --> blocked=".array2string($blocked));
|
//error_log(__METHOD__."('$login', '$ip') false_ip=$false_ip, false_id=$false_id --> blocked=".array2string($blocked));
|
||||||
@ -787,7 +810,7 @@ class Session
|
|||||||
}
|
}
|
||||||
$mailer->send();
|
$mailer->send();
|
||||||
}
|
}
|
||||||
catch(Exception $e) {
|
catch(\Exception $e) {
|
||||||
// ignore exception, but log it, to block the account and give a correct error-message to user
|
// ignore exception, but log it, to block the account and give a correct error-message to user
|
||||||
error_log(__METHOD__."('$login', '$ip') ".$e->getMessage());
|
error_log(__METHOD__."('$login', '$ip') ".$e->getMessage());
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user