Menu
▾
▴
[Web-erp-svn] SF.net SVN: web-erp:[5894] trunk
|
From: <te...@us...> - 2013-05-08 02:04:37
|
Revision: 5894
http://sourceforge.net/p/web-erp/reponame/5894
Author: tehonu
Date: 2013-05-08 02:04:32 +0000 (Wed, 08 May 2013)
Log Message:
-----------
Ricard: add $SysAdminEmail in config.sys and send email if too many login attempts
Modified Paths:
--------------
trunk/api/api_login.php
trunk/config.distrib.php
trunk/includes/UserLogin.php
trunk/includes/session.inc
Modified: trunk/api/api_login.php
===================================================================
--- trunk/api/api_login.php 2013-05-05 00:27:37 UTC (rev 5893)
+++ trunk/api/api_login.php 2013-05-08 02:04:32 UTC (rev 5894)
@@ -25,7 +25,7 @@
}
$_SESSION['db'] = $db; // Set in above include
}
- $rc = userLogin($user, $password, $_SESSION['db']);
+ $rc = userLogin($user, $password, $SysAdminEmail, $_SESSION['db']);
switch ($rc) {
case UL_OK:
$RetCode[0] = 0; // All is well
Modified: trunk/config.distrib.php
===================================================================
--- trunk/config.distrib.php 2013-05-05 00:27:37 UTC (rev 5893)
+++ trunk/config.distrib.php 2013-05-08 02:04:32 UTC (rev 5894)
@@ -11,6 +11,9 @@
// Whether to display the demo login and password or not on the login screen
$AllowDemoMode = True;
+// email address of the system administrator
+$SysAdminEmail = 'ad...@my...';
+
// The timezone of the business - this allows the possibility of having
// the web-server on a overseas machine but record local time
// this is not necessary if you have your own server locally
Modified: trunk/includes/UserLogin.php
===================================================================
--- trunk/includes/UserLogin.php 2013-05-05 00:27:37 UTC (rev 5893)
+++ trunk/includes/UserLogin.php 2013-05-08 02:04:32 UTC (rev 5894)
@@ -17,7 +17,7 @@
* See define() statements above.
*/
-function userLogin($Name, $Password, $db) {
+function userLogin($Name, $Password, $SysAdminEmail = '', $db) {
global $debug;
@@ -109,6 +109,12 @@
SET blocked=1
WHERE www_users.userid='" . $Name . "'";
$Auth_Result = DB_query($sql, $db);
+
+ if ($SysAdminEmail != ''){
+ $EmailSubject = _('User access blocked'). ' ' . $Name ;
+ $EmailText = _('User ID') . ' ' . $Name . ' - ' . $Password . ' - ' . _('has been blocked access at') . ' ' . Date('Y-m-d H:i:s') . ' ' . _('due to too many failed attempts.');
+ mail($SysAdminEmail,$EmailSubject,$EmailText);
+ }
return UL_BLOCKED;
}
return UL_NOTVALID;
Modified: trunk/includes/session.inc
===================================================================
--- trunk/includes/session.inc 2013-05-05 00:27:37 UTC (rev 5893)
+++ trunk/includes/session.inc 2013-05-08 02:04:32 UTC (rev 5894)
@@ -25,6 +25,10 @@
session_save_path($SessionSavePath);
}
+if (!isset($SysAdminEmail)) {
+ $SysAdminEmail='';
+}
+
ini_set('session.gc_maxlifetime',$SessionLifeTime);
if( !ini_get('safe_mode') ){
@@ -85,7 +89,7 @@
include $PathPrefix . 'includes/UserLogin.php'; /* Login checking and setup */
if (isset($_POST['UserNameEntryField']) AND isset($_POST['Password'])) {
- $rc = userLogin($_POST['UserNameEntryField'], $_POST['Password'], $db);
+ $rc = userLogin($_POST['UserNameEntryField'], $_POST['Password'], $SysAdminEmail, $db);
} elseif (empty($_SESSION['DatabaseName'])) {
$rc = UL_SHOWLOGIN;
} else {
|
