Merge pull request #4780 from AxelRb/master

On an auth failure the uid and the IP address should be logged to the st...

2 files changed, 10 insertions, 0 deletions

diff --git a/config/config.sample.php b/config/config.sample.php
index a9b868ca9cf..9a24c9364e0 100644
--- a/config/config.sample.php
+++ b/config/config.sample.php
@@ -148,6 +148,9 @@ $CONFIG = array(
  (watch out, this option can increase the size of your log file)*/
 "log_query" => false,
 
+/* Enable or disable the logging of IP addresses in case of webform auth failures */
+"log_authfailip" => false,
+
 /*
  * Configure the size in bytes log rotation should happen, 0 or false disables the rotation.
  * This rotates the current owncloud logfile to a new name, this way the total log usage
diff --git a/lib/base.php b/lib/base.php
index b0b2dca502f..ff4ca588213 100644
--- a/lib/base.php
+++ b/lib/base.php
@@ -760,6 +760,13 @@ class OC {
 		// logon via web form
 		elseif (OC::tryFormLogin()) {
 			$error[] = 'invalidpassword';
+			if ( OC_Config::getValue('log_authfailip', false) ) {
+				OC_Log::write('core', 'Login failed: user \''.$_POST["user"].'\' , wrong password, IP:'.$_SERVER['REMOTE_ADDR'],
+				OC_Log::WARN);
+			} else { 
+				OC_Log::write('core', 'Login failed: user \''.$_POST["user"].'\' , wrong password, IP:set log_authfailip=true in conf',
+                                OC_Log::WARN);
+			}
 		}
 
 		OC_Util::displayLoginPage(array_unique($error));