From 789b9914c077f5ff3eaebaad4d312aed7a19c5b2 Mon Sep 17 00:00:00 2001
From: Mario Rimann <typo3-coding@rimann.org>
Date: Thu, 24 Nov 2011 21:56:47 +0100
Subject: [PATCH] [BUGFIX] Log password attempt with empty password

Adds logging for login attempts where an empty password is
submitted.

Change-Id: I8733f388d3d919a7e7ff67fecd5704db20e78fe6
Resolves: #18176
Releases: 4.7, 4.6, 4.5
Reviewed-on: http://review.typo3.org/6904
Reviewed-by: Jigal van Hemert
Tested-by: Jigal van Hemert
Reviewed-by: Mario Rimann
Reviewed-by: Steffen Ritter
Tested-by: Steffen Ritter
---
 typo3/sysext/sv/class.tx_sv_auth.php | 51 ++++++++++++++++++++++------
 1 file changed, 41 insertions(+), 10 deletions(-)

diff --git a/typo3/sysext/sv/class.tx_sv_auth.php b/typo3/sysext/sv/class.tx_sv_auth.php
index 67cfa73edf3e..92d4d4d08b56 100644
--- a/typo3/sysext/sv/class.tx_sv_auth.php
+++ b/typo3/sysext/sv/class.tx_sv_auth.php
@@ -50,22 +50,53 @@ class tx_sv_auth extends tx_sv_authbase 	{
 	function getUser()	{
 		$user = FALSE;
 
-		if ($this->login['status']=='login' && $this->login['uident'])	{
+		if ($this->login['status'] == 'login') {
+			if ($this->login['uident']) {
 
-			$user = $this->fetchUserRecord($this->login['uname']);
+				$user = $this->fetchUserRecord($this->login['uname']);
 
-			if(!is_array($user)) {
-					// Failed login attempt (no username found)
-				$this->writelog(255,3,3,2,
-					"Login-attempt from %s (%s), username '%s' not found!!",
-					Array($this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST'], $this->login['uname']));	// Logout written to log
+				if(!is_array($user)) {
+						// Failed login attempt (no username found)
+					$this->writelog(255, 3, 3, 2,
+						'Login-attempt from %s (%s), username \'%s\' not found!!',
+						array($this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST'], $this->login['uname'])
+					);	// Logout written to log
+					t3lib_div::sysLog(
+						sprintf(
+							'Login-attempt from %s (%s), username \'%s\' not found!',
+							$this->authInfo['REMOTE_ADDR'],
+							$this->authInfo['REMOTE_HOST'],
+							$this->login['uname']
+						),
+						'Core',
+						0
+					);
+				} else {
+					if ($this->writeDevLog) {
+						t3lib_div::devLog(
+							'User found: ' . t3lib_div::arrayToLogString(
+								$user, array($this->db_user['userid_column'], $this->db_user['username_column'])
+							),
+							'tx_sv_auth'
+						);
+					}
+				}
+			} else {
+					// Failed Login attempt (no password given)
+				$this->writelog(255, 3, 3, 2,
+					'Login-attempt from %s (%s) for username \'%s\' with an empty password!',
+					array($this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST'], $this->login['uname'])
+				);
 				t3lib_div::sysLog(
-					sprintf( "Login-attempt from %s (%s), username '%s' not found!", $this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST'], $this->login['uname'] ),
+					sprintf(
+						'Login-attempt from %s (%s), for username \'%s\' with an empty password!',
+						$this->authInfo['REMOTE_ADDR'],
+						$this->authInfo['REMOTE_HOST'],
+						$this->login['uname']
+					),
 					'Core',
 					0
 				);
-			} else {
-				if ($this->writeDevLog) 	t3lib_div::devLog('User found: '.t3lib_div::arrayToLogString($user, array($this->db_user['userid_column'],$this->db_user['username_column'])), 'tx_sv_auth');
 			}
 		}
 		return $user;
-- 
GitLab