From 7810e27dad3c67f310657d1b19db71e0e4f94631 Mon Sep 17 00:00:00 2001
From: Axel Roenn <axel@mpim-bonn.mpg.de>
Date: Tue, 10 Sep 2013 11:07:26 +0200
Subject: [PATCH] Changed default behaviour to not log IP address in case of an
 auth failure. Can be configured in OC conf now. Log level changed to warning
 .

---
 lib/base.php | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/lib/base.php b/lib/base.php
index 052444271c3..e8a4d3f87ad 100644
--- a/lib/base.php
+++ b/lib/base.php
@@ -730,8 +730,14 @@ class OC {
 			// Someone wants to log in :
 		} elseif (OC::tryFormLogin()) {
 			$error[] = 'invalidpassword';
-			OC_Log::write('core', 'Login failed: user \''.$_POST["user"].'\' , wrong password, IP:'.$_SERVER['REMOTE_ADDR'],
-			OC_Log::ERROR);
+			if ( OC_Config::getValue('log_authfailip', '') ) {
+				OC_Log::write('core', 'Login failed: user \''.$_POST["user"].'\' , wrong password, IP:'.$_SERVER['REMOTE_ADDR'],
+				OC_Log::WARN);
+			}
+			else { 
+				OC_Log::write('core', 'Login failed: user \''.$_POST["user"].'\' , wrong password, IP:set log_authfailip=true in conf',
+                                OC_Log::WARN);
+			}
 		}
 
 		OC_Util::displayLoginPage(array_unique($error));