Beispiel #1
0
/**
 * Add a new entry in the datastore file where the failed logins are being kept,
 * this entry will contain the username, timestamp of the login attempt, remote
 * address of the computer sending the request, and the user-agent.
 *
 * @param  string  $user_login     Information from the current failed login event.
 * @param  string  $wrong_password Wrong password used during the supposed attack.
 * @return boolean                 Whether the information of the current failed login event was stored or not.
 */
function sucuriscan_log_failed_login($user_login = '', $wrong_password = '')
{
    $datastore_path = sucuriscan_failed_logins_datastore_path();
    // Do not collect wrong passwords if it is not necessary.
    if (sucuriscan_collect_wrong_passwords() !== true) {
        $wrong_password = '';
    }
    if ($datastore_path) {
        $login_data = json_encode(array('user_login' => $user_login, 'user_password' => $wrong_password, 'attempt_time' => time(), 'remote_addr' => SucuriScan::get_remote_addr(), 'user_agent' => SucuriScan::get_user_agent()));
        $logged = @file_put_contents($datastore_path, $login_data . "\n", FILE_APPEND);
        return $logged;
    }
    return false;
}