Backport #5209 - Attempt to Login from Disabled Account

Add account disable log message for disabled users attempting to login
Cacti · Feb 5, 2023 · 56d80fe · 56d80fe
1 parent dbfe1b0
commit 56d80fe
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 6 deletions.
diff --git a/CHANGELOG b/CHANGELOG
@@ -44,6 +44,7 @@ Cacti CHANGELOG
 -issue#5205: Cacti CSS file for Diff.css does look correct in all Cacti Themes
 -issue#5207: Deprecated error message during installation routine
 -issue#5208: Package form objects use the wrong text domain in their i18n strings
+-issue#5209: Add account disable log message for disabled users attempting to login
 -issue#5211: Undefined variable $user_id when creating new graph
 -issue#5223: Drop callback function sometimes puts name in the form input instead of the id
 -issue#5224: When poller run is exceeded by only a short period of time, Cacti does not round the number in the error

diff --git a/lib/auth.php b/lib/auth.php
@@ -4106,22 +4106,29 @@ function secpass_login_process($username) {
 	}
 
 	if (db_column_exists('user_auth', 'lastfail')) {
-		$user = db_fetch_row_prepared("SELECT id, username, lastfail, failed_attempts, `locked`, password
+		$user = db_fetch_row_prepared("SELECT id, username, lastfail, failed_attempts, `locked`, enabled, password
 			FROM user_auth
 			WHERE username = ?
-			AND realm = 0
-			AND enabled = 'on'",
+			AND realm = 0",
 			array($username));
 	} else {
-		$user = db_fetch_row_prepared("SELECT id, username, password
+		$user = db_fetch_row_prepared("SELECT id, username, password, enabled
 			FROM user_auth
 			WHERE username = ?
-			AND realm = 0
-			AND enabled = 'on'",
+			AND realm = 0",
 			array($username));
 	}
 
 	if (cacti_sizeof($user)) {
+		if ($user['enabled'] != 'on') {
+			$error     = true;
+			$error_msg = __('Access Denied!  Login Failed.');
+
+			cacti_log(sprintf('LOGIN FAILED: User %s, account disabled.', $username), false, 'AUTH');
+
+			return array();
+		}
+
 		if (trim($password) == '') {
 			/* error */
 			$error     = true;