/**
* Add a new entry in the datastore file where the failed logins are being kept,
* this entry will contain the username, timestamp of the login attempt, remote
* address of the computer sending the request, and the user-agent.
*
* @param string $user_login Information from the current failed login event.
* @param string $wrong_password Wrong password used during the supposed attack.
* @return boolean Whether the information of the current failed login event was stored or not.
*/
function sucuriscan_log_failed_login($user_login = '', $wrong_password = '')
{
$datastore_path = sucuriscan_failed_logins_datastore_path();
// Do not collect wrong passwords if it is not necessary.
if (sucuriscan_collect_wrong_passwords() !== true) {
$wrong_password = '';
}
if ($datastore_path) {
$login_data = json_encode(array('user_login' => $user_login, 'user_password' => $wrong_password, 'attempt_time' => time(), 'remote_addr' => SucuriScan::get_remote_addr(), 'user_agent' => SucuriScan::get_user_agent()));
$logged = @file_put_contents($datastore_path, $login_data . "\n", FILE_APPEND);
return $logged;
}
return false;
}
