/** * Add a new entry in the datastore file where the failed logins are being kept, * this entry will contain the username, timestamp of the login attempt, remote * address of the computer sending the request, and the user-agent. * * @param string $user_login Information from the current failed login event. * @param string $wrong_password Wrong password used during the supposed attack. * @return boolean Whether the information of the current failed login event was stored or not. */ function sucuriscan_log_failed_login($user_login = '', $wrong_password = '') { $datastore_path = sucuriscan_failed_logins_datastore_path(); // Do not collect wrong passwords if it is not necessary. if (sucuriscan_collect_wrong_passwords() !== true) { $wrong_password = ''; } if ($datastore_path) { $login_data = json_encode(array('user_login' => $user_login, 'user_password' => $wrong_password, 'attempt_time' => time(), 'remote_addr' => SucuriScan::get_remote_addr(), 'user_agent' => SucuriScan::get_user_agent())); $logged = @file_put_contents($datastore_path, $login_data . "\n", FILE_APPEND); return $logged; } return false; }