diff options
| author | alecpl <alec@alec.pl> | 2010-12-09 09:26:54 +0000 |
|---|---|---|
| committer | alecpl <alec@alec.pl> | 2010-12-09 09:26:54 +0000 |
| commit | ad399a95dded2a0378eb410569dcac65c3c9c44a (patch) | |
| tree | 44f4c02c2bf4aef1650ea6a336608b79f80360b2 | |
| parent | 4064452816e7e94b7a6dbc7b02cfc56d725408b2 (diff) | |
- Add username and IP address to log message on unsuccessful login (#1487626)
| -rw-r--r-- | CHANGELOG | 1 | ||||
| -rw-r--r-- | program/include/main.inc | 40 | ||||
| -rw-r--r-- | program/include/rcube_imap.php | 8 | ||||
| -rw-r--r-- | program/include/rcube_imap_generic.php | 2 |
4 files changed, 34 insertions, 17 deletions
@@ -19,6 +19,7 @@ CHANGELOG Roundcube Webmail - Better support for READ-ONLY and NOPERM responses handling (#1487083) - Add confirmation message on purge/expunge command response - Fix handling of untagged responses for AUTHENTICATE command (#1487450) +- Add username and IP address to log message on unsuccessful login (#1487626) RELEASE 0.5-BETA ---------------- diff --git a/program/include/main.inc b/program/include/main.inc index 160c835c9..a9a96a025 100644 --- a/program/include/main.inc +++ b/program/include/main.inc @@ -1193,21 +1193,33 @@ function rcmail_log_login() if (!$RCMAIL->config->get('log_logins') || !$RCMAIL->user) return; - $address = $_SERVER['REMOTE_ADDR']; - // append the NGINX X-Real-IP header, if set - if (!empty($_SERVER['HTTP_X_REAL_IP'])) { - $remote_ip[] = 'X-Real-IP: ' . $_SERVER['HTTP_X_REAL_IP']; - } - // append the X-Forwarded-For header, if set - if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { - $remote_ip[] = 'X-Forwarded-For: ' . $_SERVER['HTTP_X_FORWARDED_FOR']; - } + write_log('userlogins', sprintf('Successful login for %s (ID: %d) from %s', + $RCMAIL->user->get_username(), $RCMAIL->user->ID, rcmail_remote_ip())); +} - if (!empty($remote_ip)) - $address .= '(' . implode(',', $remote_ip) . ')'; - write_log('userlogins', sprintf('Successful login for %s (ID: %d) from %s', - $RCMAIL->user->get_username(), $RCMAIL->user->ID, $address)); +/** + * Returns remote IP address and forwarded addresses if found + * + * @return string Remote IP address(es) + */ +function rcmail_remote_ip() +{ + $address = $_SERVER['REMOTE_ADDR']; + + // append the NGINX X-Real-IP header, if set + if (!empty($_SERVER['HTTP_X_REAL_IP'])) { + $remote_ip[] = 'X-Real-IP: ' . $_SERVER['HTTP_X_REAL_IP']; + } + // append the X-Forwarded-For header, if set + if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { + $remote_ip[] = 'X-Forwarded-For: ' . $_SERVER['HTTP_X_FORWARDED_FOR']; + } + + if (!empty($remote_ip)) + $address .= '(' . implode(',', $remote_ip) . ')'; + + return $address; } @@ -1219,7 +1231,7 @@ function rcube_timer() { return microtime(true); } - + /** * @access private diff --git a/program/include/rcube_imap.php b/program/include/rcube_imap.php index d1947c4a3..83c34bc3c 100644 --- a/program/include/rcube_imap.php +++ b/program/include/rcube_imap.php @@ -172,10 +172,14 @@ class rcube_imap } // write error log else if ($this->conn->error) { - if ($pass && $user) + if ($pass && $user) { + $message = sprintf("Login failed for %s from %s. %s", + $user, rcmail_remote_ip(), $this->conn->error); + raise_error(array('code' => 403, 'type' => 'imap', 'file' => __FILE__, 'line' => __LINE__, - 'message' => $this->conn->error), true, false); + 'message' => $message), true, false); + } } return false; diff --git a/program/include/rcube_imap_generic.php b/program/include/rcube_imap_generic.php index e72135328..be3cc7e46 100644 --- a/program/include/rcube_imap_generic.php +++ b/program/include/rcube_imap_generic.php @@ -533,7 +533,7 @@ class rcube_imap_generic return $this->fp; } else { - $this->setError($result, "Unable to authenticate user ($type): $line"); + $this->setError($result, "AUTHENTICATE $type: $line"); } return $result; |