Merge pull request #87 from gaudryc/force_brute_force_attack

gizmocuz · gizmocuz · commit e8ac9f6011f7 · 2015-09-21T16:48:32.000+02:00
Log brute force attack
diff --git a/main/WebServer.cpp b/main/WebServer.cpp
@@ -810,10 +810,17 @@ namespace http {
 					usrname = base64_decode(usrname);
 					int iUser = -1;
 					iUser = FindUser(usrname.c_str());
-					if (iUser == -1)
+					if (iUser == -1) {
+						// log brute force attack
+						_log.Log(LOG_ERROR, "Failed login attempt for '%s' !", usrname.c_str());
 						return;
-					if (m_users[iUser].Password != usrpass)
+					}
+					if (m_users[iUser].Password != usrpass) {
+						// log brute force attack
+						_log.Log(LOG_ERROR, "Failed login attempt for '%s' !", m_users[iUser].Username.c_str());
 						return;
+					}
+					_log.Log(LOG_STATUS, "Login successfull : user '%s'", m_users[iUser].Username.c_str());
 					root["status"] = "OK";
 					root["title"] = "logincheck";
 					m_pWebEm->m_actualuser = m_users[iUser].Username;
