From: Axel Roenn <axel@mpim-bonn.mpg.de>
Date: Tue, 10 Sep 2013 09:07:26 +0000 (+0200)
Subject: Changed default behaviour to not log IP address in case of an auth failure. Can be... 
X-Git-Tag: v6.0.0alpha2~39^2~2
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=7810e27dad3c67f310657d1b19db71e0e4f94631;p=nextcloud-server.git

Changed default behaviour to not log IP address in case of an auth failure. Can be configured in OC conf now.
Log level changed to warning .
---

diff --git a/lib/base.php b/lib/base.php
index 052444271c3..e8a4d3f87ad 100644
--- a/lib/base.php
+++ b/lib/base.php
@@ -730,8 +730,14 @@ class OC {
 			// Someone wants to log in :
 		} elseif (OC::tryFormLogin()) {
 			$error[] = 'invalidpassword';
-			OC_Log::write('core', 'Login failed: user \''.$_POST["user"].'\' , wrong password, IP:'.$_SERVER['REMOTE_ADDR'],
-			OC_Log::ERROR);
+			if ( OC_Config::getValue('log_authfailip', '') ) {
+				OC_Log::write('core', 'Login failed: user \''.$_POST["user"].'\' , wrong password, IP:'.$_SERVER['REMOTE_ADDR'],
+				OC_Log::WARN);
+			}
+			else { 
+				OC_Log::write('core', 'Login failed: user \''.$_POST["user"].'\' , wrong password, IP:set log_authfailip=true in conf',
+                                OC_Log::WARN);
+			}
 		}
 
 		OC_Util::displayLoginPage(array_unique($error));