search

Solutions-Nitriques / anti_brute_force

Secure your Symphony CMS login page against brute force attacks
http://symphonyextensions.com/extensions/anti_brute_force/
Other
10 stars 12 forks source link

User agent does not get tracked #24

Closed michael-e closed 10 years ago

michael-e commented 10 years ago

In my environment, the user agent is always empty. I looked at the code and wondered why you use $_ENV["HTTP_USER_AGENT"] here. Is the user agent supposed to be in $_ENV at all?

If I change it to $_SERVER["HTTP_USER_AGENT"], it works as expected.

nitriques commented 10 years ago

On my linux box, it does show up. I think I'll check with isset first.

I am so glad to have implemented the thing using a facade. Things are so easier to fix!

michael-e commented 10 years ago

Any reasons why you don't want to use $_SERVER["HTTP_USER_AGENT"] (which everybody uses is this case)?

nitriques commented 10 years ago

To not cause a regression bug... but I'll check $_SERVER first.

nitriques commented 10 years ago

@michael-e

So, as mention in https://github.com/symphonycms/symphony-2/pull/2136, maybe we should use getenvfor HTTP_USER_AGENT and REMOTE_ADDR ?

michael-e commented 10 years ago

Yes, maybe we should do this, just because Symphony uses this as well. Or, even simpler: Use the Symphony constants HTTP_USER_AGENT and REMOTE_ADDR. So if anything doesn't work, we can blame it on Symphony.

michael-e commented 10 years ago

I forgot: Please check since when these constants are available (and change the compatibility info accordingly).

michael-e commented 10 years ago

I did a Git blame which tells me that these constants have been around for a very long time now. So I say: Just use them and blame it on Symphony! :-)

nitriques commented 10 years ago

So if anything doesn't work, we can blame it on Symphony.

That's simply brillant.

I did a Git blame

You're awesome. Anyhow, current compatibility is at 2.4 and will stay like this!

nitriques commented 10 years ago

@michael-e, can you please confirm 82f4b45 solves the issue on your box?

michael-e commented 10 years ago

Yep, confirmed. (The box is Debian 7 with PHP 5.4.4, BTW.)

nitriques commented 10 years ago

That's interesting... I run CentOS... because, you know, CPanel.

michael-e commented 10 years ago

I really like Debian. Super-stable stuff, great package management. My "big project" machine is up for 314 days without any issues (apart from the issues I introduced in the app, of course).

michael-e commented 10 years ago

But michael-e is going down for reboot now (2:40 a.m.). This will take some time… See you tomorrow!

nitriques commented 10 years ago

Sleep thigh and thanks again, a thousand times.