- Add username and IP address to log message on unsuccessful login (#1487626)

CHANGELOG

@@ -19,6 +19,7 @@ CHANGELOG Roundcube Webmail
 - Better support for READ-ONLY and NOPERM responses handling (#1487083)
 - Add confirmation message on purge/expunge command response
 - Fix handling of untagged responses for AUTHENTICATE command (#1487450)
+- Add username and IP address to log message on unsuccessful login (#1487626)
 
 RELEASE 0.5-BETA
 ----------------

program/include/main.inc

@@ -1193,21 +1193,33 @@ function rcmail_log_login()
   if (!$RCMAIL->config->get('log_logins') || !$RCMAIL->user)
     return;
 
-  $address = $_SERVER['REMOTE_ADDR'];
-  // append the NGINX X-Real-IP header, if set
-  if (!empty($_SERVER['HTTP_X_REAL_IP'])) {
-    $remote_ip[] = 'X-Real-IP: ' . $_SERVER['HTTP_X_REAL_IP'];
-  }
-  // append the X-Forwarded-For header, if set
-  if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
-    $remote_ip[] = 'X-Forwarded-For: ' . $_SERVER['HTTP_X_FORWARDED_FOR'];
-  }
+  write_log('userlogins', sprintf('Successful login for %s (ID: %d) from %s',
+    $RCMAIL->user->get_username(), $RCMAIL->user->ID, rcmail_remote_ip()));
+}
 
-  if (!empty($remote_ip))
-    $address .= '(' . implode(',', $remote_ip) . ')';
 
-  write_log('userlogins', sprintf('Successful login for %s (ID: %d) from %s',
-    $RCMAIL->user->get_username(), $RCMAIL->user->ID, $address));
+/**
+ * Returns remote IP address and forwarded addresses if found
+ *
+ * @return string Remote IP address(es)
+ */
+function rcmail_remote_ip()
+{
+    $address = $_SERVER['REMOTE_ADDR'];
+
+    // append the NGINX X-Real-IP header, if set
+    if (!empty($_SERVER['HTTP_X_REAL_IP'])) {
+        $remote_ip[] = 'X-Real-IP: ' . $_SERVER['HTTP_X_REAL_IP'];
+    }
+    // append the X-Forwarded-For header, if set
+    if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
+        $remote_ip[] = 'X-Forwarded-For: ' . $_SERVER['HTTP_X_FORWARDED_FOR'];
+    }
+
+    if (!empty($remote_ip))
+        $address .= '(' . implode(',', $remote_ip) . ')';
+
+    return $address;
 }
 
 
@@ -1219,7 +1231,7 @@ function rcube_timer()
 {
   return microtime(true);
 }
-  
+
 
 /**
  * @access private

program/include/rcube_imap.php

@@ -172,10 +172,14 @@ class rcube_imap
         }
         // write error log
         else if ($this->conn->error) {
-            if ($pass && $user)
+            if ($pass && $user) {
+                $message = sprintf("Login failed for %s from %s. %s",
+                    $user, rcmail_remote_ip(), $this->conn->error);
+
                 raise_error(array('code' => 403, 'type' => 'imap',
                     'file' => __FILE__, 'line' => __LINE__,
-                    'message' => $this->conn->error), true, false);
+                    'message' => $message), true, false);
+            }
         }
 
         return false;

program/include/rcube_imap_generic.php

@@ -533,7 +533,7 @@ class rcube_imap_generic
             return $this->fp;
         }
         else {
-            $this->setError($result, "Unable to authenticate user ($type): $line");
+            $this->setError($result, "AUTHENTICATE $type: $line");
         }
 
         return $result;