Changed default behaviour to not log IP address in case of an auth failure. Can be configured in OC conf now.

Log level changed to warning .
This commit is contained in:
Axel Roenn 2013-09-10 11:07:26 +02:00
parent 0cd6473909
commit 7810e27dad
1 changed files with 8 additions and 2 deletions

View File

@ -730,8 +730,14 @@ class OC {
// Someone wants to log in : // Someone wants to log in :
} elseif (OC::tryFormLogin()) { } elseif (OC::tryFormLogin()) {
$error[] = 'invalidpassword'; $error[] = 'invalidpassword';
if ( OC_Config::getValue('log_authfailip', '') ) {
OC_Log::write('core', 'Login failed: user \''.$_POST["user"].'\' , wrong password, IP:'.$_SERVER['REMOTE_ADDR'], OC_Log::write('core', 'Login failed: user \''.$_POST["user"].'\' , wrong password, IP:'.$_SERVER['REMOTE_ADDR'],
OC_Log::ERROR); OC_Log::WARN);
}
else {
OC_Log::write('core', 'Login failed: user \''.$_POST["user"].'\' , wrong password, IP:set log_authfailip=true in conf',
OC_Log::WARN);
}
} }
OC_Util::displayLoginPage(array_unique($error)); OC_Util::displayLoginPage(array_unique($error));