This hook can be used for tracking failing login attempts. This can be used for things like logging or implementing login failure penalties (like temporary denying access after X login attempts).
Call time:
In login.php, when a user login fails.
Hook input:
An array containing three fields (read-only):
forum or
admin.
Hook output:
None
Example code:
function phorum_mod_foo_failed_login($data)
{
global $PHORUM;
// Get the current timestamp
$curr_time = time();
// Check for a previous login failure from the current
// IP address
if (!empty($PHORUM["mod_foo"]["login_failures"][$_SERVER["REMOTE_ADDR"]])) {
// If the failures occur within the set time window,
// increment the login failure count
if ($curr_time <= ($PHORUM["mod_foo"]["login_failures"][$_SERVER["REMOTE_ADDR"]]["timestamp"] + (int)$PHORUM["mod_foo"]["login_failures_time_window"])) {
$PHORUM["mod_foo"]["login_failures"][$_SERVER["REMOTE_ADDR"]]["login_failure_count"] ++;
$PHORUM["mod_foo"]["login_failures"][$_SERVER["REMOTE_ADDR"]]["timestamp"] = $curr_time;
// Otherwise, reset the count.
} else {
$PHORUM["mod_foo"]["login_failures"][$_SERVER["REMOTE_ADDR"]]["login_failure_count"] = 1;
$PHORUM["mod_foo"]["login_failures"][$_SERVER["REMOTE_ADDR"]]["timestamp"] = $curr_time;
} else {
// Log the timestamp and IP address of a login failure
$PHORUM["mod_foo"]["login_failures"][$_SERVER["REMOTE_ADDR"]]["login_failure_count"] = 1;
$PHORUM["mod_foo"]["login_failures"][$_SERVER["REMOTE_ADDR"]]["timestamp"] = $curr_time;
}
phorum_db_update_settings(array("mod_foo" => $PHORUM["mod_foo"]));
}