Browse code

disable brute force check when logging is disabled

Bernd Wurst authored on 11/04/2019 17:16:39
Showing 1 changed files
... ...
@@ -191,6 +191,10 @@ function logger($severity, $scriptname, $scope, $message)
191 191
 
192 192
 function count_failed_logins()
193 193
 {
194
+    if (config('logging') < LOG_WARNING) {
195
+        DEBUG("logging is disabled, no brute force check possible");
196
+        return;
197
+    }
194 198
     $result = db_query("SELECT count(*) AS num FROM misc.scriptlog WHERE user IS NULL AND scriptname='session/start' AND scope='login' AND message LIKE 'wrong user data%' AND remote=:remote AND `timestamp` > NOW() - INTERVAL 10 MINUTE", array(":remote" => $_SERVER['REMOTE_ADDR']));
195 199
     $data = $result->fetch();
196 200
     DEBUG('seen '.$data['num'].' failed logins from this address within 10 minutes');