[BUGFIX] Log password attempt with empty password
authorMario Rimann <typo3-coding@rimann.org>
Thu, 24 Nov 2011 20:56:47 +0000 (21:56 +0100)
committerSteffen Ritter <info@rs-websystems.de>
Fri, 25 Nov 2011 15:36:21 +0000 (16:36 +0100)
Adds logging for login attempts where an empty password is
submitted.

Change-Id: I8733f388d3d919a7e7ff67fecd5704db20e78fe6
Resolves: #18176
Releases: 4.7, 4.6, 4.5
Reviewed-on: http://review.typo3.org/6904
Reviewed-by: Jigal van Hemert
Tested-by: Jigal van Hemert
Reviewed-by: Mario Rimann
Reviewed-by: Steffen Ritter
Tested-by: Steffen Ritter
typo3/sysext/sv/class.tx_sv_auth.php

index 67cfa73..92d4d4d 100644 (file)
@@ -50,22 +50,53 @@ class tx_sv_auth extends tx_sv_authbase     {
        function getUser()      {
                $user = FALSE;
 
-               if ($this->login['status']=='login' && $this->login['uident'])  {
+               if ($this->login['status'] == 'login') {
+                       if ($this->login['uident']) {
 
-                       $user = $this->fetchUserRecord($this->login['uname']);
+                               $user = $this->fetchUserRecord($this->login['uname']);
 
-                       if(!is_array($user)) {
-                                       // Failed login attempt (no username found)
-                               $this->writelog(255,3,3,2,
-                                       "Login-attempt from %s (%s), username '%s' not found!!",
-                                       Array($this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST'], $this->login['uname']));  // Logout written to log
+                               if(!is_array($user)) {
+                                               // Failed login attempt (no username found)
+                                       $this->writelog(255, 3, 3, 2,
+                                               'Login-attempt from %s (%s), username \'%s\' not found!!',
+                                               array($this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST'], $this->login['uname'])
+                                       );      // Logout written to log
+                                       t3lib_div::sysLog(
+                                               sprintf(
+                                                       'Login-attempt from %s (%s), username \'%s\' not found!',
+                                                       $this->authInfo['REMOTE_ADDR'],
+                                                       $this->authInfo['REMOTE_HOST'],
+                                                       $this->login['uname']
+                                               ),
+                                               'Core',
+                                               0
+                                       );
+                               } else {
+                                       if ($this->writeDevLog) {
+                                               t3lib_div::devLog(
+                                                       'User found: ' . t3lib_div::arrayToLogString(
+                                                               $user, array($this->db_user['userid_column'], $this->db_user['username_column'])
+                                                       ),
+                                                       'tx_sv_auth'
+                                               );
+                                       }
+                               }
+                       } else {
+                                       // Failed Login attempt (no password given)
+                               $this->writelog(255, 3, 3, 2,
+                                       'Login-attempt from %s (%s) for username \'%s\' with an empty password!',
+                                       array($this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST'], $this->login['uname'])
+                               );
                                t3lib_div::sysLog(
-                                       sprintf( "Login-attempt from %s (%s), username '%s' not found!", $this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST'], $this->login['uname'] ),
+                                       sprintf(
+                                               'Login-attempt from %s (%s), for username \'%s\' with an empty password!',
+                                               $this->authInfo['REMOTE_ADDR'],
+                                               $this->authInfo['REMOTE_HOST'],
+                                               $this->login['uname']
+                                       ),
                                        'Core',
                                        0
                                );
-                       } else {
-                               if ($this->writeDevLog)         t3lib_div::devLog('User found: '.t3lib_div::arrayToLogString($user, array($this->db_user['userid_column'],$this->db_user['username_column'])), 'tx_sv_auth');
                        }
                }
                return $user;