diff --git a/security/class.atksecuritymanager.inc b/security/class.atksecuritymanager.inc index 414fdeaa7..a96b6a71a 100644 --- a/security/class.atksecuritymanager.inc +++ b/security/class.atksecuritymanager.inc @@ -133,9 +133,6 @@ class atkSecurityManager // required interface; atkimport("atk.security.auth_interface"); - //$this->addListener(atknew('atk.security.atksecuritylistener')); - //$this->addListener(atknew(atkconfig("security_listeners", "atk.security.atksecuritylistener"))); - $tmp_listeners = atkconfig("security_listeners", "atk.security.atksecuritylistener"); if (is_array($tmp_listeners) && (count($tmp_listeners) > 0)) { foreach ($tmp_listeners as $listener_name) { @@ -333,7 +330,8 @@ class atkSecurityManager } else { $response = AUTH_MISMATCH; - $this->notifyListeners("failedlogin", $auth_user); + //AGX: we'll notify later + //$this->notifyListeners("failedlogin", $auth_user); } } @@ -361,41 +359,6 @@ class atkSecurityManager $this->m_user['AUTH'] = $authname; // something to see wich auth scheme is used if (atkconfig("enable_ssl_encryption")) $this->m_user['PASS'] = $auth_pw; // used by aktsecurerelation to decrypt an linkpass - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - // for convenience, we also store the user as a global variable. (is_array($this->m_user['level'])) ? $dbg = implode(",", $this->m_user['level']) : $dbg = $this->m_user['level']; atkdebug("Logged in user: " . $this->m_user["name"] . " (level: " . $dbg . ")"); @@ -463,6 +426,23 @@ class atkSecurityManager } } + // NOTIFY SECURITY LISTENERS + // Output user agent data so we can use Fail2Ban to block brute force attack + $ip = filter_input(INPUT_SERVER, 'REMOTE_ADDR', FILTER_VALIDATE_IP); + $user = filter_var($auth_user, FILTER_SANITIZE_STRING); + $web = filter_input(INPUT_SERVER, 'HTTP_HOST', FILTER_SANITIZE_STRING); + $ua = filter_input(INPUT_SERVER, 'HTTP_USER_AGENT'); + if ($response == AUTH_SUCCESS) { + $this->log(1, 'successfull Login "' . $user . '" from "' . $ip . '" for "' . $web . '"'); + $this->notifyListeners("successfullLogin", $auth_user); + } else { + // Skip if Username is empty (when user press CTRL+R or reload in the browser) + if ($user != '') { + $this->log(1, 'failed Login "' . $user . '" from "' . $ip . '" for "' . $web . '" with "' . $ua . '"'); + $this->notifyListeners("failedLogin", $auth_user); + } + } + // if there was an error, drop out. if ($this->m_fatalError != "") { return false; diff --git a/ui/class.atkpage.inc b/ui/class.atkpage.inc index e43f5e4ff..e86589637 100644 --- a/ui/class.atkpage.inc +++ b/ui/class.atkpage.inc @@ -582,7 +582,8 @@ class atkPage function render($title = null, $flags = HTML_STRICT, $extrabodyprops = "", $extra_header = "") { if ($title == null) { - $title = $this->m_title; + // AGX: fix empty title for homepage/dashboard + $title = $this->m_title != "" ? $this->m_title : atkText('app_title'); } $ui = &atkinstance('atk.ui.atkui'); diff --git a/utils/class.atkselector.inc b/utils/class.atkselector.inc index 2fa8feedc..d10df22e9 100644 --- a/utils/class.atkselector.inc +++ b/utils/class.atkselector.inc @@ -349,8 +349,9 @@ class atkSelector implements ArrayAccess, Countable, IteratorAggregate */ protected function _applyPostedSearchMethodToQuery(atkQuery $query) { - if (isset($this->m_postvars['atksearchmethod'])) { - $query->setSearchMethod($this->m_postvars['atksearchmethod']); + // fix missing _getNode() since $this does noe have any m_postvars method itself + if (isset($this->_getNode()->m_postvars['atksearchmethod'])) { + $query->setSearchMethod($this->_getNode()->m_postvars['atksearchmethod']); } }