[Web-erp-svn] SF.net SVN: web-erp:[5894] trunk

[<te...@us...>]

Revision: 5894
          http://sourceforge.net/p/web-erp/reponame/5894
Author:   tehonu
Date:     2013-05-08 02:04:32 +0000 (Wed, 08 May 2013)
Log Message:
-----------
Ricard: add $SysAdminEmail in config.sys and send email if too many login attempts

Modified Paths:
--------------
    trunk/api/api_login.php
    trunk/config.distrib.php
    trunk/includes/UserLogin.php
    trunk/includes/session.inc

Modified: trunk/api/api_login.php
===================================================================
--- trunk/api/api_login.php	2013-05-05 00:27:37 UTC (rev 5893)
+++ trunk/api/api_login.php	2013-05-08 02:04:32 UTC (rev 5894)
@@ -25,7 +25,7 @@
 		}
 		$_SESSION['db'] = $db;		// Set in above include
 	}
-	$rc = userLogin($user, $password, $_SESSION['db']);
+	$rc = userLogin($user, $password, $SysAdminEmail, $_SESSION['db']);
 	switch ($rc) {
 	case  UL_OK:
 		$RetCode[0] = 0;		// All is well

Modified: trunk/config.distrib.php
===================================================================
--- trunk/config.distrib.php	2013-05-05 00:27:37 UTC (rev 5893)
+++ trunk/config.distrib.php	2013-05-08 02:04:32 UTC (rev 5894)
@@ -11,6 +11,9 @@
 // Whether to display the demo login and password or not on the login screen
 $AllowDemoMode = True;
 
+// email address of the system administrator
+$SysAdminEmail = 'ad...@my...';
+
 // The timezone of the business - this allows the possibility of having
 // the web-server on a overseas machine but record local time
 // this is not necessary if you have your own server locally

Modified: trunk/includes/UserLogin.php
===================================================================
--- trunk/includes/UserLogin.php	2013-05-05 00:27:37 UTC (rev 5893)
+++ trunk/includes/UserLogin.php	2013-05-08 02:04:32 UTC (rev 5894)
@@ -17,7 +17,7 @@
  *	See define() statements above.
  */
 
-function userLogin($Name, $Password, $db) {
+function userLogin($Name, $Password, $SysAdminEmail = '', $db) {
 
 	global $debug;
 
@@ -109,6 +109,12 @@
 							SET blocked=1
 							WHERE www_users.userid='" . $Name . "'";
 				$Auth_Result = DB_query($sql, $db);
+
+				if ($SysAdminEmail != ''){	
+					$EmailSubject = _('User access blocked'). ' ' . $Name ;
+					$EmailText =  _('User ID') . ' ' . $Name . ' - ' . $Password . ' - ' . _('has been blocked access at') . ' ' . Date('Y-m-d H:i:s') . ' ' . _('due to too many failed attempts.');
+					mail($SysAdminEmail,$EmailSubject,$EmailText);
+				}
 				return  UL_BLOCKED;
 			}
 			return  UL_NOTVALID;

Modified: trunk/includes/session.inc
===================================================================
--- trunk/includes/session.inc	2013-05-05 00:27:37 UTC (rev 5893)
+++ trunk/includes/session.inc	2013-05-08 02:04:32 UTC (rev 5894)
@@ -25,6 +25,10 @@
 	session_save_path($SessionSavePath);
 }
 
+if (!isset($SysAdminEmail)) {
+	$SysAdminEmail='';
+}
+
 ini_set('session.gc_maxlifetime',$SessionLifeTime);
 
 if( !ini_get('safe_mode') ){
@@ -85,7 +89,7 @@
 	include $PathPrefix . 'includes/UserLogin.php';	/* Login checking and setup */
 
 	if (isset($_POST['UserNameEntryField']) AND isset($_POST['Password'])) {
-		$rc = userLogin($_POST['UserNameEntryField'], $_POST['Password'], $db);
+		$rc = userLogin($_POST['UserNameEntryField'], $_POST['Password'], $SysAdminEmail, $db);
 	} elseif (empty($_SESSION['DatabaseName'])) {
 		$rc = UL_SHOWLOGIN;
 	} else {