forked from extern/egroupware
if we can not store failed login attempts in database, store it in cache
This commit is contained in:
parent
8ac7684f66
commit
f800ab008b
@ -670,6 +670,12 @@ class Session
|
||||
*/
|
||||
const ACCESS_LOG_TABLE = 'egw_access_log';
|
||||
|
||||
/**
|
||||
* Prefix used to log unsucessful login attempts in cache, if DB is unavailable
|
||||
*/
|
||||
const FALSE_IP_CACHE_PREFIX = 'false_ip-';
|
||||
const FALSE_ID_CACHE_PREFIX = 'false_id-';
|
||||
|
||||
/**
|
||||
* Write or update (for logout) the access_log
|
||||
*
|
||||
@ -697,6 +703,18 @@ class Session
|
||||
),false,__LINE__,__FILE__);
|
||||
|
||||
$ret = $GLOBALS['egw']->db->get_last_insert_id(self::ACCESS_LOG_TABLE,'sessionid');
|
||||
|
||||
// if we can not store failed login attempts in database, store it in cache
|
||||
if (!$ret && !$account_id)
|
||||
{
|
||||
Cache::setInstance(__CLASS__, self::FALSE_IP_CACHE_PREFIX.$user_ip,
|
||||
1+Cache::getInstance(__CLASS__, self::FALSE_IP_CACHE_PREFIX.$user_ip),
|
||||
$GLOBALS['egw_info']['server']['block_time'] * 60);
|
||||
|
||||
Cache::setInstance(__CLASS__, self::FALSE_ID_CACHE_PREFIX.$login,
|
||||
1+Cache::getInstance(__CLASS__, self::FALSE_ID_CACHE_PREFIX.$login),
|
||||
$GLOBALS['egw_info']['server']['block_time'] * 60);
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
@ -768,6 +786,11 @@ class Session
|
||||
{
|
||||
${$row['name']} += $row['num'];
|
||||
}
|
||||
|
||||
// check cache too, in case DB is readonly
|
||||
$false_ip += Cache::getInstance(__CLASS__, self::FALSE_IP_CACHE_PREFIX.$ip);
|
||||
$false_id += Cache::getInstance(__CLASS__, self::FALSE_ID_CACHE_PREFIX.$login);
|
||||
|
||||
$blocked = $false_ip > $GLOBALS['egw_info']['server']['num_unsuccessful_ip'] ||
|
||||
$false_id > $GLOBALS['egw_info']['server']['num_unsuccessful_id'];
|
||||
//error_log(__METHOD__."('$login', '$ip') false_ip=$false_ip, false_id=$false_id --> blocked=".array2string($blocked));
|
||||
@ -787,7 +810,7 @@ class Session
|
||||
}
|
||||
$mailer->send();
|
||||
}
|
||||
catch(Exception $e) {
|
||||
catch(\Exception $e) {
|
||||
// ignore exception, but log it, to block the account and give a correct error-message to user
|
||||
error_log(__METHOD__."('$login', '$ip') ".$e->getMessage());
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user