Changed default behaviour to not log IP address in case of an auth failure. Can be...

Log level changed to warning .

diff --git a/lib/base.php b/lib/base.php
index 052444271c30b84b92d6ef0d3f0e96fee6d8495c..e8a4d3f87ad303b725cccbc64427d18c2d8be6bf 100644 (file)
--- a/lib/base.php
+++ b/lib/base.php
@@ -730,8 +730,14 @@ class OC {
                        // Someone wants to log in :
                } elseif (OC::tryFormLogin()) {
                        $error[] = 'invalidpassword';
-                       OC_Log::write('core', 'Login failed: user \''.$_POST["user"].'\' , wrong password, IP:'.$_SERVER['REMOTE_ADDR'],
-                       OC_Log::ERROR);
+                       if ( OC_Config::getValue('log_authfailip', '') ) {
+                               OC_Log::write('core', 'Login failed: user \''.$_POST["user"].'\' , wrong password, IP:'.$_SERVER['REMOTE_ADDR'],
+                               OC_Log::WARN);
+                       }
+                       else { 
+                               OC_Log::write('core', 'Login failed: user \''.$_POST["user"].'\' , wrong password, IP:set log_authfailip=true in conf',
+                                OC_Log::WARN);
+                       }
                }
 
                OC_Util::displayLoginPage(array_unique($error));