ThaMunsta/itflow
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

More logAction function updates to client portal login amd cleaned up the client login portal for better presentation of vars

Browse Source
This commit is contained in:
johnnyq
2024-11-15 12:21:55 -05:00
parent 577d97b471
commit 412462a4c0
2 changed files with 122 additions and 101 deletions
Download Patch File Download Diff File Expand all files Collapse all files
guest_view_item.php
+3 -2
View File
@@ -139,7 +139,8 @@ if ($item_type == "Document") {
// Logging // Logging
$name = mysqli_real_escape_string($mysqli, $doc_title); $name = mysqli_real_escape_string($mysqli, $doc_title);
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Sharing', log_action = 'View', log_description = 'Viewed shared $item_type $doc_title_escaped via link', log_client_id = $client_id, log_ip = '$ip', log_user_agent = '$user_agent'"); logAction("Share", "View", "Viewed shared $item_type $doc_title_escaped via link", $client_id);
} elseif ($item_type == "File") { } elseif ($item_type == "File") {
$file_sql = mysqli_query($mysqli, "SELECT * FROM files WHERE file_id = $item_related_id AND file_client_id = $client_id LIMIT 1"); $file_sql = mysqli_query($mysqli, "SELECT * FROM files WHERE file_id = $item_related_id AND file_client_id = $client_id LIMIT 1");
@@ -254,7 +255,7 @@ if ($item_type == "Document") {
// Logging // Logging
$name = sanitizeInput($login_row['login_name']); $name = sanitizeInput($login_row['login_name']);
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Sharing', log_action = 'View', log_description = 'Viewed shared $item_type $name via link', log_client_id = $client_id, log_ip = '$ip', log_user_agent = '$user_agent'"); logAction("Share", "View", "Viewed shared $item_type $name via link", $client_id);
} }
portal/login.php
+48 -28
View File
@@ -31,8 +31,8 @@ if($config_client_portal_enable == 0) {
exit(); exit();
} }
$ip = sanitizeInput(getIP()); $session_ip = sanitizeInput(getIP());
$user_agent = sanitizeInput($_SERVER['HTTP_USER_AGENT']); $session_user_agent = sanitizeInput($_SERVER['HTTP_USER_AGENT']);
$sql_settings = mysqli_query($mysqli, "SELECT config_azure_client_id, config_login_message FROM settings WHERE company_id = 1"); $sql_settings = mysqli_query($mysqli, "SELECT config_azure_client_id, config_login_message FROM settings WHERE company_id = 1");
$settings = mysqli_fetch_array($sql_settings); $settings = mysqli_fetch_array($sql_settings);
@@ -50,34 +50,54 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['login'])) {
$password = $_POST['password']; $password = $_POST['password'];
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
header("HTTP/1.1 401 Unauthorized"); header("HTTP/1.1 401 Unauthorized");
$_SESSION['login_message'] = 'Invalid e-mail'; $_SESSION['login_message'] = 'Invalid e-mail';
} else { } else {
$sql = mysqli_query($mysqli, "SELECT * FROM users LEFT JOIN contacts ON user_id = contact_user_id WHERE user_email = '$email' AND user_archived_at IS NULL AND user_type = 2 AND user_status = 1 LIMIT 1"); $sql = mysqli_query($mysqli, "SELECT * FROM users LEFT JOIN contacts ON user_id = contact_user_id WHERE user_email = '$email' AND user_archived_at IS NULL AND user_type = 2 AND user_status = 1 LIMIT 1");
$row = mysqli_fetch_array($sql); $row = mysqli_fetch_array($sql);
if ($row['user_auth_method'] == 'local') { $client_id = intval($row['contact_client_id']);
$user_id = intval($row['user_id']);
$contact_id = intval($row['contact_id']);
$user_email = sanitizeInput($row['user_email']);
$user_auth_method = sanitizeInput($row['user_auth_method']);
if ($user_auth_method == 'local') {
if (password_verify($password, $row['user_password'])) { if (password_verify($password, $row['user_password'])) {
$_SESSION['client_logged_in'] = true; $_SESSION['client_logged_in'] = true;
$_SESSION['client_id'] = intval($row['contact_client_id']); $_SESSION['client_id'] = $client_id;
$_SESSION['user_id'] = intval($row['user_id']); $_SESSION['user_id'] = $user_id;
$_SESSION['contact_id'] = intval($row['contact_id']); $_SESSION['contact_id'] = $contact_id;
$_SESSION['login_method'] = "local"; $_SESSION['login_method'] = "local";
header("Location: index.php"); header("Location: index.php");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Client Login', log_action = 'Success', log_description = 'Client contact $row[contact_email] successfully logged in locally', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $row[contact_client_id], log_user_id = $row[user_id]"); // Logging
logAction("Client Login", "Success", "Client contact $user_email successfully logged in locally", $client_id, $user_id);
} else { } else {
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Client Login', log_action = 'Failed', log_description = 'Failed client portal login attempt using $email (incorrect password for contact ID $row[contact_id])', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $row[contact_client_id], log_user_id = $row[user_id]");
// Logging
logAction("Client Login", "Failed", "Failed client portal login attempt using $email (incorrect password for contact ID $contact_id)", $client_id, $user_id);
header("HTTP/1.1 401 Unauthorized"); header("HTTP/1.1 401 Unauthorized");
$_SESSION['login_message'] = 'Incorrect username or password.'; $_SESSION['login_message'] = 'Incorrect username or password.';
} }
} else { } else {
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Client Login', log_action = 'Failed', log_description = 'Failed client portal login attempt using $email (invalid email/not allowed local auth)', log_ip = '$ip', log_user_agent = '$user_agent'");
// Logging
logAction("Client Login", "Failed", "Failed client portal login attempt using $email (invalid email/not allowed local auth)");
header("HTTP/1.1 401 Unauthorized"); header("HTTP/1.1 401 Unauthorized");
$_SESSION['login_message'] = 'Incorrect username or password.'; $_SESSION['login_message'] = 'Incorrect username or password.';
} }
} }
} }
@@ -85,7 +105,7 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['login'])) {
?> ?>
<!DOCTYPE html> <!DOCTYPE html>
<html lang="en"> <html lang="en">
<head> <head>
<meta charset="utf-8"> <meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta http-equiv="X-UA-Compatible" content="IE=edge">
<title><?php echo $company_name; ?> | Client Portal Login</title> <title><?php echo $company_name; ?> | Client Portal Login</title>
@@ -107,10 +127,10 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['login'])) {
<!-- Google Font: Source Sans Pro --> <!-- Google Font: Source Sans Pro -->
<link href="https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,400i,700" rel="stylesheet"> <link href="https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,400i,700" rel="stylesheet">
</head> </head>
<body class="hold-transition login-page"> <body class="hold-transition login-page">
<div class="login-box"> <div class="login-box">
<div class="login-logo"> <div class="login-logo">
<?php if (!empty($company_logo)) { ?> <?php if (!empty($company_logo)) { ?>
<img alt="<?=$company_name?> logo" height="110" width="380" class="img-fluid" src="<?php echo "../uploads/settings/$company_logo"; ?>"> <img alt="<?=$company_name?> logo" height="110" width="380" class="img-fluid" src="<?php echo "../uploads/settings/$company_logo"; ?>">
@@ -179,26 +199,26 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['login'])) {
</div> </div>
<!-- /.div.card --> <!-- /.div.card -->
</div> </div>
<!-- /.login-box --> <!-- /.login-box -->
<?php <?php
if (!$config_whitelabel_enabled) { if (!$config_whitelabel_enabled) {
echo '<small class="text-muted">Powered by ITFlow</small>'; echo '<small class="text-muted">Powered by ITFlow</small>';
} }
?> ?>
<!-- jQuery --> <!-- jQuery -->
<script src="../plugins/jquery/jquery.min.js"></script> <script src="../plugins/jquery/jquery.min.js"></script>
<!-- Bootstrap 4 --> <!-- Bootstrap 4 -->
<script src="../plugins/bootstrap/js/bootstrap.bundle.min.js"></script> <script src="../plugins/bootstrap/js/bootstrap.bundle.min.js"></script>
<!-- AdminLTE App --> <!-- AdminLTE App -->
<script src="../dist/js/adminlte.min.js"></script> <script src="../dist/js/adminlte.min.js"></script>
<!-- Prevents resubmit on refresh or back --> <!-- Prevents resubmit on refresh or back -->
<script src="../js/login_prevent_resubmit.js"></script> <script src="../js/login_prevent_resubmit.js"></script>
</body> </body>
</html> </html>