[BUGFIX] Log password attempt with empty password
authorMario Rimann <typo3-coding@rimann.org>
Fri, 25 Nov 2011 22:59:08 +0000 (23:59 +0100)
committerJigal van Hemert <jigal@xs4all.nl>
Sun, 18 Dec 2011 07:32:21 +0000 (08:32 +0100)
Adds logging for login attempts where an empty password is
submitted.

Change-Id: I473529845ab2a9e12d4d2f48a4553eb7dc02d681
Resolves: #18176
Releases: 4.7, 4.6, 4.5
Reviewed-on: http://review.typo3.org/6923
Reviewed-by: Markus Klein
Reviewed-by: Jigal van Hemert
Tested-by: Jigal van Hemert
typo3/sysext/sv/class.tx_sv_auth.php

index 9c14651..5a5b4b5 100644 (file)
@@ -64,22 +64,53 @@ class tx_sv_auth extends tx_sv_authbase     {
        function getUser()      {
                $user = false;
 
-               if ($this->login['status']=='login' && $this->login['uident'])  {
+               if ($this->login['status'] == 'login') {
+                       if ($this->login['uident']) {
 
-                       $user = $this->fetchUserRecord($this->login['uname']);
+                               $user = $this->fetchUserRecord($this->login['uname']);
 
-                       if(!is_array($user)) {
-                                       // Failed login attempt (no username found)
-                               $this->writelog(255,3,3,2,
-                                       "Login-attempt from %s (%s), username '%s' not found!!",
-                                       Array($this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST'], $this->login['uname']));  // Logout written to log
+                               if(!is_array($user)) {
+                                               // Failed login attempt (no username found)
+                                       $this->writelog(255, 3, 3, 2,
+                                               'Login-attempt from %s (%s), username \'%s\' not found!!',
+                                               array($this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST'], $this->login['uname'])
+                                       );      // Logout written to log
+                                       t3lib_div::sysLog(
+                                               sprintf(
+                                                       'Login-attempt from %s (%s), username \'%s\' not found!',
+                                                       $this->authInfo['REMOTE_ADDR'],
+                                                       $this->authInfo['REMOTE_HOST'],
+                                                       $this->login['uname']
+                                               ),
+                                               'Core',
+                                               0
+                                       );
+                               } else {
+                                       if ($this->writeDevLog) {
+                                               t3lib_div::devLog(
+                                                       'User found: ' . t3lib_div::arrayToLogString(
+                                                               $user, array($this->db_user['userid_column'], $this->db_user['username_column'])
+                                                       ),
+                                                       'tx_sv_auth'
+                                               );
+                                       }
+                               }
+                       } else {
+                                       // Failed Login attempt (no password given)
+                               $this->writelog(255, 3, 3, 2,
+                                       'Login-attempt from %s (%s) for username \'%s\' with an empty password!',
+                                       array($this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST'], $this->login['uname'])
+                               );
                                t3lib_div::sysLog(
-                                       sprintf( "Login-attempt from %s (%s), username '%s' not found!", $this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST'], $this->login['uname'] ),
+                                       sprintf(
+                                               'Login-attempt from %s (%s), for username \'%s\' with an empty password!',
+                                               $this->authInfo['REMOTE_ADDR'],
+                                               $this->authInfo['REMOTE_HOST'],
+                                               $this->login['uname']
+                                       ),
                                        'Core',
                                        0
                                );
-                       } else {
-                               if ($this->writeDevLog)         t3lib_div::devLog('User found: '.t3lib_div::arrayToLogString($user, array($this->db_user['userid_column'],$this->db_user['username_column'])), 'tx_sv_auth');
                        }
                }
                return $user;