mirror of https://github.com/MISP/MISP
fix: [user login profile] skip checks for ancient php versions
parent
8f3b9288d4
commit
ac8f507d55
|
@ -1351,22 +1351,24 @@ class UsersController extends AppController
|
|||
$this->Flash->info(__('Welcome! Last login was on %s', $readableDatetime));
|
||||
}
|
||||
|
||||
// there are reasons to believe there is evil happening, suspicious. Inform user and (org)admins.
|
||||
$suspiciousness_reason = $this->User->UserLoginProfile->_isSuspicious();
|
||||
if ($suspiciousness_reason) {
|
||||
// raise an alert (the SIEM component should ensure (org)admins are informed)
|
||||
$this->loadModel('Log');
|
||||
$this->Log->createLogEntry($this->Auth->user(), 'auth_alert', 'User', $this->Auth->user('id'), 'Suspicious login.', $suspiciousness_reason);
|
||||
// Line below commented out to NOT inform user/org admin of the suspicious login.
|
||||
// The reason is that we want to prevent other user actions cause trouble.
|
||||
// However this also means we're sitting on data that could be used to detect new evil logins.
|
||||
// As we're generating alerts, the sysadmin should be keeping an eye on these
|
||||
// $this->User->UserLoginProfile->email_suspicious($user, $suspiciousness_reason);
|
||||
}
|
||||
// verify UserLoginProfile trust status and perform informative actions
|
||||
if(!$this->User->UserLoginProfile->_isTrusted()) {
|
||||
// send email to inform the user
|
||||
$this->User->UserLoginProfile->email_newlogin($user);
|
||||
if (version_compare(PHP_VERSION, '7.4.0') >= 0) {
|
||||
// there are reasons to believe there is evil happening, suspicious. Inform user and (org)admins.
|
||||
$suspiciousness_reason = $this->User->UserLoginProfile->_isSuspicious();
|
||||
if ($suspiciousness_reason) {
|
||||
// raise an alert (the SIEM component should ensure (org)admins are informed)
|
||||
$this->loadModel('Log');
|
||||
$this->Log->createLogEntry($this->Auth->user(), 'auth_alert', 'User', $this->Auth->user('id'), 'Suspicious login.', $suspiciousness_reason);
|
||||
// Line below commented out to NOT inform user/org admin of the suspicious login.
|
||||
// The reason is that we want to prevent other user actions cause trouble.
|
||||
// However this also means we're sitting on data that could be used to detect new evil logins.
|
||||
// As we're generating alerts, the sysadmin should be keeping an eye on these
|
||||
// $this->User->UserLoginProfile->email_suspicious($user, $suspiciousness_reason);
|
||||
}
|
||||
// verify UserLoginProfile trust status and perform informative actions
|
||||
if(!$this->User->UserLoginProfile->_isTrusted()) {
|
||||
// send email to inform the user
|
||||
$this->User->UserLoginProfile->email_newlogin($user);
|
||||
}
|
||||
}
|
||||
|
||||
// no state changes are ever done via GET requests, so it is safe to return to the original page:
|
||||
|
|
Loading…
Reference in New Issue