From 36b6b6b85756c561e43029f9e2b2abb2658b7e57 Mon Sep 17 00:00:00 2001
From: "Roman Schmerold (BNoiZe)" <bnoize@froxlor.org>
Date: Sat, 14 Dec 2013 10:28:33 +0100
Subject: [PATCH] Added logging of faulty login attempts, fixes #1321

Signed-off-by: Roman Schmerold (BNoiZe) <bnoize@froxlor.org>
---
 admin_logger.php                         | 13 ++++++++-----
 index.php                                |  9 +++++++++
 lib/functions/logger/constant.logger.php |  2 ++
 lng/english.lng.php                      |  8 ++++++++
 lng/german.lng.php                       |  8 ++++++++
 5 files changed, 35 insertions(+), 5 deletions(-)

diff --git a/admin_logger.php b/admin_logger.php
index 256e444f..5387abc8 100644
--- a/admin_logger.php
+++ b/admin_logger.php
@@ -78,19 +78,22 @@ if ($page == 'log'
 								$_action = $lng['admin']['customer'];
 								break;
 							case RES_ACTION:
-								$_action = 'Reseller';
+								$_action = $lng['logger']['reseller'];
 								break;
 							case ADM_ACTION:
-								$_action = 'Administrator';
+								$_action = $lng['logger']['admin'];
 								break;
 							case CRON_ACTION:
-								$_action = 'Cronjob';
+								$_action = $lng['logger']['cron'];
+								break;
+							case LOGIN_ACTION:
+								$_action = $lng['logger']['login'];
 								break;
 							case LOG_ERROR:
-								$_action = 'Internal';
+								$_action = $lng['logger']['intern'];
 								break;
 							default:
-								$_action = 'Unknown';
+								$_action = $lng['logger']['unknown'];
 								break;
 						}
 
diff --git a/index.php b/index.php
index 22ea81fe..7ec4a8fa 100644
--- a/index.php
+++ b/index.php
@@ -100,6 +100,10 @@ if ($action == 'login') {
 				$uid = 'adminid';
 				$adminsession = '1';
 			} else {
+				// Log failed login
+				$rstlog = FroxlorLogger::getInstanceOf(array('loginname' => $_SERVER['REMOTE_ADDR']), $settings);
+				$rstlog->logAction(LOGIN_ACTION, LOG_WARNING, "Unknown user '" . $loginname . "' tried to login.");
+
 				redirectTo('index.php', Array('showmessage' => '2'), true);
 				exit;
 			}
@@ -131,6 +135,11 @@ if ($action == 'login') {
 				WHERE `$uid`= :uid"
 			);
 			Database::pexecute($stmt, array("lastlogin_fail" => time(), "uid" => $userinfo[$uid]));
+
+			// Log failed login
+			$rstlog = FroxlorLogger::getInstanceOf(array('loginname' => $_SERVER['REMOTE_ADDR']), $settings);
+			$rstlog->logAction(LOGIN_ACTION, LOG_WARNING, "User '" . $loginname . "' tried to login with wrong password.");
+
 			unset($userinfo);
 			redirectTo('index.php', Array('showmessage' => '2'), true);
 			exit;
diff --git a/lib/functions/logger/constant.logger.php b/lib/functions/logger/constant.logger.php
index 8fba46ed..db7c2aa2 100644
--- a/lib/functions/logger/constant.logger.php
+++ b/lib/functions/logger/constant.logger.php
@@ -25,5 +25,7 @@ if(!defined('ADM_ACTION'))
 	define('ADM_ACTION', '30');
 if(!defined('CRON_ACTION'))
 	define('CRON_ACTION', '40');
+if(!defined('LOGIN_ACTION'))
+	define('LOGIN_ACTION', '50');
 if(!defined('LOG_ERROR'))
 	define('LOG_ERROR', '99');
diff --git a/lng/english.lng.php b/lng/english.lng.php
index b4e64b2b..c9ddfffc 100644
--- a/lng/english.lng.php
+++ b/lng/english.lng.php
@@ -1779,3 +1779,11 @@ $lng['admin']['templates']['SERVER_IP'] = 'Replaces the default server ip-addres
 $lng['admin']['templates']['SERVER_PORT'] = 'Replaces the default server port';
 $lng['admin']['templates']['DOMAINNAME'] = 'Replaces the customers standard-subdomain (can be empty if none is generated)';
 $lng['admin']['show_news_feed'] = 'Show news-feed on admin-dashboard';
+
+// Added in Froxlor 0.9.32
+$lng['logger']['reseller'] = "Reseller";
+$lng['logger']['admin'] = "Administrator";
+$lng['logger']['cron'] = "Cronjob";
+$lng['logger']['login'] = "Login";
+$lng['logger']['intern'] = "Internal";
+$lng['logger']['unknown'] = "Unknown";
diff --git a/lng/german.lng.php b/lng/german.lng.php
index a5de0a93..70562462 100644
--- a/lng/german.lng.php
+++ b/lng/german.lng.php
@@ -1505,3 +1505,11 @@ $lng['admin']['templates']['SERVER_IP'] = 'Wird mit der standard System IP-Adres
 $lng['admin']['templates']['SERVER_PORT'] = 'Wird mit dem standard Port ersetzt';
 $lng['admin']['templates']['DOMAINNAME'] = 'Wird mit der Standardsubdomain des Kunden ersetzt (kann leer sein, wenn keine erstellt werden soll)';
 $lng['admin']['show_news_feed'] = 'Zeige News-Feed im Admin-Dashboard';
+
+// Added in Froxlor 0.9.32
+$lng['logger']['reseller'] = "Reseller";
+$lng['logger']['admin'] = "Administrator";
+$lng['logger']['cron'] = "Cronjob";
+$lng['logger']['login'] = "Login";
+$lng['logger']['intern'] = "Intern";
+$lng['logger']['unknown'] = "Unbekannt";