[BUGFIX][saltedpasswords] Failed backend logins not not logged
authorTorben Hansen <t.hansen@skyfillers.com>
Fri, 29 Apr 2011 12:03:18 +0000 (14:03 +0200)
committerSteffen Ritter <info@rs-websystems.de>
Fri, 29 Apr 2011 15:05:31 +0000 (17:05 +0200)
commitdf05f2ca27ccaa5c210e4fa750e6a8c452588fae
tree1e29e4973d2cb4ea04204eb6b6a044db6d1a6b14
parent3a45abf03fa0a09488437c57cb883bba857e2f4a
[BUGFIX][saltedpasswords] Failed backend logins not not logged

The logging functions in saltedpasswords are not able to log failed
backend userlogins to TYPO3s syslog, because the inherited
writelog-function gets overridden by a local function. As a result, no
notification e-mail is sent to [warning_email_addr] when a backend user
has multiple failed login attempts. A remote 'attacker' could try to
login to a TYPO3 installations backend numerous of times without being
noticed (no log entry and no warning-email if configured).

Rename the local writelog-function to writeLogMessage and add the
original writelog-functionality, so that failed backend logins are
written to TYPO3s syslog again and all logging/notifications work as
expected.

Change-Id: Ic05b05873e3fd20df675db908ba76b7dd0e5548f
Resolves: #23917
Releases: 4.6, 4.5, 4.4, 4.3
Reviewed-on: http://review.typo3.org/1795
Reviewed-by: Torben Hansen
Tested-by: Torben Hansen
Reviewed-by: Steffen Ritter
Tested-by: Steffen Ritter
typo3/sysext/saltedpasswords/sv1/class.tx_saltedpasswords_sv1.php