Building on our previous example we can use the JLog class to build up a history of
attacks. Here's an example of how we might implement the _actionLog() method
in our DefenceHandler class.
Error Handling and Security
[ 336 ]
/**
* Logs an Attack.
*
* @access private
* @return boolean true on success
*/
function _actionLog()
{
$user =& JFactory::getUser();
$uri =& JFactory::getURI();
$options = array('format'=>"{DATE}\t{TIME}\t{CIP}
\t{USER}\t{STRIKE}\t{REQUEST}");
$log =& JLog::getInstance($extension.'.Defences.log',
$options);
$entry = array(
'REQUEST' => $uri->toString(),
'USER' => $user->get('id'),
'STRIKE' => $this->strikeCount()
);
$log->addEntry($entry);
}
To use this we would need to modify the plugin XML file to include the option to
log attacks and we would need to update the onAttackDetected() method to deal
with logging.
Notify the Site Administrator
We may also want to notify the site administrator when a user exceeds the maximum
number of attacks. This time we need to add a _actionNotify() method to our
DefenceHandler class and a text field for an email address in our plugin's XML
file parameters.
Pages:
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467