diff --git a/index.php b/index.php index 292e1d0d15..b42829f99e 100644 --- a/index.php +++ b/index.php @@ -65,11 +65,13 @@ $_setting['display_courses_to_anonymous_users'] = 'true'; /* LOGIN */ /** - * @todo This piece of code should probably move to local.inc.php where the actual login / logout procedure is handled. - * @todo Consider removing this piece of code because does nothing. + * Registers in the track_e_default table (view in important activities in admin + * interface) a possible attempted break in, sending auth data through get. + * @todo This piece of code should probably move to local.inc.php where the actual login / logout procedure is handled. The real use of this code block should be seriously considered as well. This form should just use a security token and get done with it. */ if (isset($_GET['submitAuth']) && $_GET['submitAuth'] == 1) { - // nice lie!!! + $i = api_get_anonymous_id(); + event_system(LOG_ATTEMPTED_FORCED_LOGIN, 'tried_hacking_get', $_SERVER['REMOTE_ADDR'].(empty($_POST['login'])?'':'/'.$_POST['login']),null,$i); echo 'Attempted breakin - sysadmins notified.'; session_destroy(); die(); @@ -175,4 +177,4 @@ if (api_is_platform_admin() || api_is_drh()) { $controller->tpl->assign('skills_block', $controller->return_skills_links()); } -$controller->tpl->display_two_col_template(); \ No newline at end of file +$controller->tpl->display_two_col_template(); diff --git a/main/inc/lib/events.lib.inc.php b/main/inc/lib/events.lib.inc.php index 9b3968dd4c..325ae17e69 100644 --- a/main/inc/lib/events.lib.inc.php +++ b/main/inc/lib/events.lib.inc.php @@ -619,22 +619,12 @@ function event_system($event_type, $event_value_type, $event_value, $datetime = $user_id = intval($user_id); - $sql = "INSERT INTO $TABLETRACK_DEFAULT - (default_user_id, - default_cours_code, - c_id, - default_date, - default_event_type, - default_value_type, - default_value - ) - VALUES('$user_id.', - '$course_code', - '$course_id', - '$datetime', - '$event_type', - '$event_value_type', - '$event_value')"; + $sql = "INSERT INTO $TABLETRACK_DEFAULT ". + " (default_user_id, default_cours_code, c_id, ". + " default_date, default_event_type, default_value_type, default_value ". + " ) VALUES( ". + " '$user_id', '$course_code', '$course_id', ". + " '$datetime', '$event_type', '$event_value_type', '$event_value')"; Database::query($sql); return true; } @@ -644,6 +634,7 @@ function event_system($event_type, $event_value_type, $event_value, $datetime = * * @param int $etId * @return type + * @assert () !== false */ function get_all_event_types() { global $event_config; diff --git a/main/inc/lib/main_api.lib.php b/main/inc/lib/main_api.lib.php index c71374dbed..727c0c543c 100644 --- a/main/inc/lib/main_api.lib.php +++ b/main/inc/lib/main_api.lib.php @@ -161,7 +161,7 @@ define('LOG_CONFIGURATION_SETTINGS_CHANGE', 'settings_changed'); define('LOG_PLATFORM_LANGUAGE_CHANGE', 'platform_language_changed'); define('LOG_SUBSCRIBE_USER_TO_COURSE', 'user_subscribed'); define('LOG_UNSUBSCRIBE_USER_FROM_COURSE', 'user_unsubscribed'); - +define('LOG_ATTEMPTED_FORCED_LOGIN', 'attempted_forced_login'); define('LOG_HOMEPAGE_CHANGED', 'homepage_changed'); @@ -6430,4 +6430,4 @@ function api_get_bytes_memory_limit($mem){ break; } return $mem; -} \ No newline at end of file +}