From c7bd80b3c92e6a2aba40d19556e45f7ad43b9313 Mon Sep 17 00:00:00 2001
From: Peter Rotich <peter@osticket.com>
Date: Tue, 4 Feb 2014 00:15:44 +0000
Subject: [PATCH] Increment warning log frequency on failed login attempts
Log every other third failed login attempt as a warning, instead of every
other request. This is necessary to avoid false warning since login page
attempts SSO via the backend.
---
include/class.auth.php | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/include/class.auth.php b/include/class.auth.php
index b88201b77..b5de88a11 100644
--- a/include/class.auth.php
+++ b/include/class.auth.php
@@ -550,8 +550,8 @@ class StaffAuthStrikeBackend extends AuthStrikeBackend {
$ost->logWarning('Excessive login attempts ('.$username.')', $alert,
$cfg->alertONLoginError());
return new AccessDenied('Forgot your login info? Contact Admin.');
- //Log every other failed login attempt as a warning.
- } elseif($authsession['strikes']%2==0) {
+ //Log every other third failed login attempt as a warning.
+ } elseif($authsession['strikes']%3==0) {
$alert='Username: '.$username."\n"
.'IP: '.$_SERVER['REMOTE_ADDR']."\n"
.'TIME: '.date('M j, Y, g:i a T')."\n\n"
@@ -595,7 +595,7 @@ class UserAuthStrikeBackend extends AuthStrikeBackend {
'Attempts #'.$authsession['strikes'];
$ost->logError('Excessive login attempts (user)', $alert, ($cfg->alertONLoginError()));
return new AccessDenied('Access Denied');
- } elseif($authsession['strikes']%2==0) { //Log every other failed login attempt as a warning.
+ } elseif($authsession['strikes']%3==0) { //Log every other third failed login attempt as a warning.
$alert='Login: '.$username.': '.$password."\n".'IP: '.$_SERVER['REMOTE_ADDR'].
"\n".'TIME: '.date('M j, Y, g:i a T')."\n\n".'Attempts #'.$authsession['strikes'];
$ost->logWarning('Failed login attempt (user)', $alert);
--
GitLab