From 9fbb2fcc14dce919eb4f73af4f2cb5a31baa461a Mon Sep 17 00:00:00 2001
From: David Goodwin <david@codepoets.co.uk>
Date: Tue, 15 Nov 2022 16:33:49 +0000
Subject: [PATCH] see https://github.com/postfixadmin/postfixadmin/issues/683 -
 add in error_log for e.g. fail2ban to pick up on someone trying to get into
 setup.php

---
 public/setup.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/public/setup.php b/public/setup.php
index db93590a..13bb7e0e 100644
--- a/public/setup.php
+++ b/public/setup.php
@@ -81,6 +81,7 @@ if (strlen($configSetupPassword) == 73 && strpos($configSetupPassword, ':') == 3
         if (password_verify(safepost('setup_password', 'invalid'), $configSetupPassword)) {
             $authenticated = true;
         } else {
+            error_log("PostfixAdmin setup login failed (ip_address: {$_SERVER['REMOTE_ADDR']})");
             $errors['setup_login_password'] = "Password verification failed.";
         }
     }