+function check_faillog()
+{
+ global $SysPrefs, $login_faillog;
+
+ $user = $_SESSION["wa_current_user"]->user;
+
+ $_SESSION["wa_current_user"]->login_attempt++;
+ if (@$SysPrefs->login_delay && (@$login_faillog[$user][$_SERVER['REMOTE_ADDR']] >= @$SysPrefs->login_max_attempts) && (time() < $login_faillog[$user]['last'] + $SysPrefs->login_delay))
+ return true;
+
+ return false;
+}
+
+/*
+ Ensure file is re-read on next request if php caching is active
+*/
+function cache_invalidate($filename)
+{
+ if (function_exists('opcache_invalidate')) // OpCode extension
+ opcache_invalidate($filename);
+}
+
+/*
+ Simple brute force attack detection is performed before connection to company database is open. Therefore access counters have to be stored in file.
+ Login attempts counter is created for every new user IP, which partialy prevent DOS attacks.
+*/
+function write_login_filelog($login, $result)
+{
+ global $login_faillog, $SysPrefs, $path_to_root;
+
+ $user = $_SESSION["wa_current_user"]->user;
+
+ $ip = $_SERVER['REMOTE_ADDR'];
+
+ if (!isset($login_faillog[$user][$ip]) || $result) // init or reset on successfull login
+ $login_faillog[$user] = array($ip => 0, 'last' => '');
+
+ if (!$result)
+ {
+ if ($login_faillog[$user][$ip] < @$SysPrefs->login_max_attempts) {
+
+ $login_faillog[$user][$ip]++;
+ } else {
+ $login_faillog[$user][$ip] = 0; // comment out to restart counter only after successfull login.
+ error_log(sprintf(_("Brute force attack on account '%s' detected. Access for non-logged users temporarily blocked." ), $login));
+ }
+ $login_faillog[$user]['last'] = time();
+ }
+
+ $msg = "<?php\n";
+ $msg .= "/*\n";
+ $msg .= "Login attempts info.\n";
+ $msg .= "*/\n";
+ $msg .= "\$login_faillog = " .var_export($login_faillog, true). ";\n";
+
+ $filename = VARLIB_PATH."/faillog.php";
+
+ if ((!file_exists($filename) && is_writable(VARLIB_PATH)) || is_writable($filename))
+ {
+ file_put_contents($filename, $msg);
+ cache_invalidate($filename);
+ }
+}
+