oqapi/webgui
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Several security updates.

Browse source
This commit is contained in:
JT Smith 2002-09-13 00:42:14 +00:00
parent 1dd74c1dc3
commit 7e63f741c5
3 changed files with 67 additions and 46 deletions
Download patch file Download diff file Expand all files Collapse all files

11
lib/WebGUI/ErrorHandler.pm
View file

@ -95,6 +95,17 @@ sub fatalError {
exit;
}
#-------------------------------------------------------------------
sub security {
my ($log, $data);
$log = FileHandle->new(">>".$session{config}{logfile}) or fatalError("Can't open log file for audit.");
$data = localtime(time)." ".$0." SECURITY: ".$session{user}{username}." (".$session{user}{userId}
.") connecting from ".$session{env}{REMOTE_ADDR}." attempted to ".$_[0]."\n";
print $log $data;
$session{debug}{security} .= $data."<p>";
$log->close;
}
#-------------------------------------------------------------------
sub warn {
my ($log);

4
lib/WebGUI/Operation/Account.pm
View file

@ -440,7 +440,7 @@ sub www_login {
$auth = $ldap->bind(dn=>$u->connectDN, password=>$session{form}{identifier});
if ($auth->code == 48 || $auth->code == 49) {
$error = WebGUI::International::get(68);
WebGUI::ErrorHandler::warn("Invalid login for user account: ".$session{form}{username});
WebGUI::ErrorHandler::security("login to account ".$session{form}{username}." with invalid information.");
_logLogin($uid,"invalid username/password");
} elsif ($auth->code > 0) {
$error .= 'LDAP error "'.$ldapStatusCode{$auth->code}.'" occured.';
@ -456,7 +456,7 @@ sub www_login {
$success = 1;
} else {
$error = WebGUI::International::get(68);
WebGUI::ErrorHandler::warn("Invalid login for user account: ".$session{form}{username});
WebGUI::ErrorHandler::security("login to account ".$session{form}{username}." with invalid information.");
_logLogin($uid,"invalid username/password");
}
}