More logAction function updates to client portal login amd cleaned up the client login portal for better presentation of vars
This commit is contained in:
johnnyq
+3
-2
@@ -139,7 +139,8 @@ if ($item_type == "Document") {
|
||||
|
||||
// Logging
|
||||
$name = mysqli_real_escape_string($mysqli, $doc_title);
|
||||
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Sharing', log_action = 'View', log_description = 'Viewed shared $item_type $doc_title_escaped via link', log_client_id = $client_id, log_ip = '$ip', log_user_agent = '$user_agent'");
|
||||
logAction("Share", "View", "Viewed shared $item_type $doc_title_escaped via link", $client_id);
|
||||
|
||||
|
||||
} elseif ($item_type == "File") {
|
||||
$file_sql = mysqli_query($mysqli, "SELECT * FROM files WHERE file_id = $item_related_id AND file_client_id = $client_id LIMIT 1");
|
||||
@@ -254,7 +255,7 @@ if ($item_type == "Document") {
|
||||
|
||||
// Logging
|
||||
$name = sanitizeInput($login_row['login_name']);
|
||||
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Sharing', log_action = 'View', log_description = 'Viewed shared $item_type $name via link', log_client_id = $client_id, log_ip = '$ip', log_user_agent = '$user_agent'");
|
||||
logAction("Share", "View", "Viewed shared $item_type $name via link", $client_id);
|
||||
|
||||
}
|
||||
|
||||
|
||||
+29
-9
@@ -31,8 +31,8 @@ if($config_client_portal_enable == 0) {
|
||||
exit();
|
||||
}
|
||||
|
||||
$ip = sanitizeInput(getIP());
|
||||
$user_agent = sanitizeInput($_SERVER['HTTP_USER_AGENT']);
|
||||
$session_ip = sanitizeInput(getIP());
|
||||
$session_user_agent = sanitizeInput($_SERVER['HTTP_USER_AGENT']);
|
||||
|
||||
$sql_settings = mysqli_query($mysqli, "SELECT config_azure_client_id, config_login_message FROM settings WHERE company_id = 1");
|
||||
$settings = mysqli_fetch_array($sql_settings);
|
||||
@@ -50,34 +50,54 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['login'])) {
|
||||
$password = $_POST['password'];
|
||||
|
||||
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
|
||||
|
||||
header("HTTP/1.1 401 Unauthorized");
|
||||
|
||||
$_SESSION['login_message'] = 'Invalid e-mail';
|
||||
|
||||
} else {
|
||||
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM users LEFT JOIN contacts ON user_id = contact_user_id WHERE user_email = '$email' AND user_archived_at IS NULL AND user_type = 2 AND user_status = 1 LIMIT 1");
|
||||
$row = mysqli_fetch_array($sql);
|
||||
if ($row['user_auth_method'] == 'local') {
|
||||
$client_id = intval($row['contact_client_id']);
|
||||
$user_id = intval($row['user_id']);
|
||||
$contact_id = intval($row['contact_id']);
|
||||
$user_email = sanitizeInput($row['user_email']);
|
||||
$user_auth_method = sanitizeInput($row['user_auth_method']);
|
||||
|
||||
if ($user_auth_method == 'local') {
|
||||
if (password_verify($password, $row['user_password'])) {
|
||||
|
||||
$_SESSION['client_logged_in'] = true;
|
||||
$_SESSION['client_id'] = intval($row['contact_client_id']);
|
||||
$_SESSION['user_id'] = intval($row['user_id']);
|
||||
$_SESSION['contact_id'] = intval($row['contact_id']);
|
||||
$_SESSION['client_id'] = $client_id;
|
||||
$_SESSION['user_id'] = $user_id;
|
||||
$_SESSION['contact_id'] = $contact_id;
|
||||
$_SESSION['login_method'] = "local";
|
||||
|
||||
header("Location: index.php");
|
||||
|
||||
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Client Login', log_action = 'Success', log_description = 'Client contact $row[contact_email] successfully logged in locally', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $row[contact_client_id], log_user_id = $row[user_id]");
|
||||
// Logging
|
||||
logAction("Client Login", "Success", "Client contact $user_email successfully logged in locally", $client_id, $user_id);
|
||||
|
||||
} else {
|
||||
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Client Login', log_action = 'Failed', log_description = 'Failed client portal login attempt using $email (incorrect password for contact ID $row[contact_id])', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $row[contact_client_id], log_user_id = $row[user_id]");
|
||||
|
||||
// Logging
|
||||
logAction("Client Login", "Failed", "Failed client portal login attempt using $email (incorrect password for contact ID $contact_id)", $client_id, $user_id);
|
||||
|
||||
header("HTTP/1.1 401 Unauthorized");
|
||||
$_SESSION['login_message'] = 'Incorrect username or password.';
|
||||
|
||||
}
|
||||
|
||||
} else {
|
||||
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Client Login', log_action = 'Failed', log_description = 'Failed client portal login attempt using $email (invalid email/not allowed local auth)', log_ip = '$ip', log_user_agent = '$user_agent'");
|
||||
|
||||
// Logging
|
||||
logAction("Client Login", "Failed", "Failed client portal login attempt using $email (invalid email/not allowed local auth)");
|
||||
|
||||
header("HTTP/1.1 401 Unauthorized");
|
||||
|
||||
$_SESSION['login_message'] = 'Incorrect username or password.';
|
||||
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user