Main Page | Directories | Namespace List | Class Hierarchy | Alphabetical List | Class List | File List | Class Members | File Members | Related Pages | Examples
t3lib

class.t3lib_userauthgroup.php File Reference

Go to the source code of this file.

Namespaces

namespace  TYPO3

Classes

class  t3lib_userAuthGroup

Functions

 writelog ($type, $action, $error, $details_nr, $details, $data, $tablename='', $recuid='', $recpid='', $event_pid=-1, $NEWid='')
 Writes an entry in the logfile ...
 checkLogFailures ($email, $secondsBack=3600, $max=3)
 Sends a warning to $email if there has been a certain amount of failed logins during a period.

Function Documentation

checkLogFailures email,
secondsBack = 3600,
max = 3
 

Sends a warning to $email if there has been a certain amount of failed logins during a period.

If a login fails, this function is called. It will look up the sys_log to see if there has been more than $max failed logins the last $secondsBack seconds (default 3600). If so, an email with a warning is sent to $email.

Parameters:
string Email address
integer Number of sections back in time to check. This is a kind of limit for how many failures an hour for instance.
integer Max allowed failures before a warning mail is sent
Returns:
void private

Definition at line 1029 of file class.t3lib_userauthgroup.php.

References error().

01029                                                                   {
01030       if ($email) {
01031 
01032             // get last flag set in the log for sending
01033          $theTimeBack = time()-$secondsBack;
01034          $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery(
01035                      'tstamp',
01036                      'sys_log',
01037                      'type=255 AND action=4 AND tstamp>'.intval($theTimeBack),
01038                      '',
01039                      'tstamp DESC',
01040                      '1'
01041                   );
01042          if ($testRow = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res)) {
01043             $theTimeBack = $testRow['tstamp'];
01044          }
01045 
01046             // Check for more than $max number of error failures with the last period.
01047          $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery(
01048                      '*',
01049                      'sys_log',
01050                      'type=255 AND action=3 AND error!=0 AND tstamp>'.intval($theTimeBack),
01051                      '',
01052                      'tstamp'
01053                   );
01054          if ($GLOBALS['TYPO3_DB']->sql_num_rows($res) > $max)  {
01055                // OK, so there were more than the max allowed number of login failures - so we will send an email then.
01056             $subject = 'TYPO3 Login Failure Warning (at '.$GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'].')';
01057             $email_body = '
01058 There has been numerous attempts ('.$GLOBALS['TYPO3_DB']->sql_num_rows($res).') to login at the TYPO3
01059 site "'.$GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'].'" ('.t3lib_div::getIndpEnv('HTTP_HOST').').
01060 
01061 This is a dump of the failures:
01062 
01063 ';
01064             while($testRows = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res)) {
01065                $theData = unserialize($testRows['log_data']);
01066                $email_body.=date($GLOBALS['TYPO3_CONF_VARS']['SYS']['ddmmyy'].' H:i',$testRows['tstamp']).':  '.@sprintf($testRows['details'],''.$theData[0],''.$theData[1],''.$theData[2]);
01067                $email_body.=chr(10);
01068             }
01069             mail( $email,
01070                   $subject,
01071                   $email_body,
01072                   'From: TYPO3 Login WARNING<>'
01073             );
01074             $this->writelog(255,4,0,3,'Failure warning (%s failures within %s seconds) sent by email to %s',Array($GLOBALS['TYPO3_DB']->sql_num_rows($res),$secondsBack,$email));   // Logout written to log
01075          }
01076       }
01077    }

writelog type,
action,
error,
details_nr,
details,
data,
tablename = '',
recuid = '',
recpid = '',
event_pid = -1,
NEWid = ''
 

Writes an entry in the logfile ...

Still missing documentation for syntax etc...

Parameters:
integer $type: denotes which module that has submitted the entry. This is the current list: 1=tce_db; 2=tce_file; 3=system (eg. sys_history save); 4=modules; 254=Personal settings changed; 255=login / out action: 1=login, 2=logout, 3=failed login (+ errorcode 3), 4=failure_warning_email sent
integer 
action
denotes which specific operation that wrote the entry (eg. 'delete', 'upload', 'update' and so on...). Specific for each
type. Also used to trigger update of the interface. (see the log-module for the meaning of each number !!)
integer $error: flag. 0 = message, 1 = error (user problem), 2 = System Error (which should not happen), 3 = security notice (admin)
integer 
details_nr
The message number. Specific for each
type and $action. in the future this will make it possible to translate errormessages to other languages
string $details: Default text that follows the message
array $data: Data that follows the log. Might be used to carry special information. If an array the first 5 entries (0-4) will be sprintf'ed the details-text...
string 
tablename
Special field used by tce_main.php. These (
tablename, $recuid, $recpid) holds the reference to the record which the log-entry is about. (Was used in attic status.php to update the interface.)
integer 
recuid
Special field used by tce_main.php. These (
tablename, $recuid, $recpid) holds the reference to the record which the log-entry is about. (Was used in attic status.php to update the interface.)
integer 
recpid
Special field used by tce_main.php. These (
tablename, $recuid, $recpid) holds the reference to the record which the log-entry is about. (Was used in attic status.php to update the interface.)
integer $event_pid: The page_uid (pid) where the event occurred. Used to select log-content for specific pages.
string $NEWid: NEWid string
Returns:
void

Definition at line 996 of file class.t3lib_userauthgroup.php.

References error().

Referenced by t3lib_extFileFunctions::func_copy(), t3lib_extFileFunctions::func_delete(), t3lib_extFileFunctions::func_edit(), t3lib_extFileFunctions::func_move(), t3lib_extFileFunctions::func_newfile(), t3lib_extFileFunctions::func_newfolder(), t3lib_extFileFunctions::func_rename(), t3lib_extFileFunctions::func_unzip(), and t3lib_extFileFunctions::func_upload().

00996                                                                                                                                   {
00997 
00998       $fields_values = Array (
00999          'userid' => intval($this->user['uid']),
01000          'type' => intval($type),
01001          'action' => intval($action),
01002          'error' => intval($error),
01003          'details_nr' => intval($details_nr),
01004          'details' => $details,
01005          'log_data' => serialize($data),
01006          'tablename' => $tablename,
01007          'recuid' => intval($recuid),
01008          'recpid' => intval($recpid),
01009          'IP' => t3lib_div::getIndpEnv('REMOTE_ADDR'),
01010          'tstamp' => $GLOBALS['EXEC_TIME'],
01011          'event_pid' => intval($event_pid),
01012          'NEWid' => $NEWid
01013       );
01014 
01015       $GLOBALS['TYPO3_DB']->exec_INSERTquery('sys_log', $fields_values);
01016       return $GLOBALS['TYPO3_DB']->sql_insert_id();
01017    }

Generated on Sun Oct 3 01:06:11 2004 for TYPO3core 3.7.0 dev by  doxygen 1.3.8-20040913