From 377c5952d7be9916b2b5d2737006db3010e5d1d2 Mon Sep 17 00:00:00 2001 From: Marcus Hill Date: Sun, 6 Oct 2024 16:38:48 +0100 Subject: [PATCH] Portal login logs - Mention contact ID in audit log if password is incorrect - Mention in audit logs if invalid email/auth method --- portal/login.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/portal/login.php b/portal/login.php index c436ecae..b798f713 100644 --- a/portal/login.php +++ b/portal/login.php @@ -68,13 +68,13 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['login'])) { mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Client Login', log_action = 'Success', log_description = 'Client contact $row[contact_email] successfully logged in locally', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $row[contact_client_id]"); } else { - mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Client Login', log_action = 'Failed', log_description = 'Failed client portal login attempt using $email', log_ip = '$ip', log_user_agent = '$user_agent'"); + mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Client Login', log_action = 'Failed', log_description = 'Failed client portal login attempt using $email (incorrect password for contact ID $row[contact_id])', log_ip = '$ip', log_user_agent = '$user_agent'"); header("HTTP/1.1 401 Unauthorized"); $_SESSION['login_message'] = 'Incorrect username or password.'; } } else { - mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Client Login', log_action = 'Failed', log_description = 'Failed client portal login attempt using $email', log_ip = '$ip', log_user_agent = '$user_agent'"); + mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Client Login', log_action = 'Failed', log_description = 'Failed client portal login attempt using $email (invalid email/not allowed local auth)', log_ip = '$ip', log_user_agent = '$user_agent'"); header("HTTP/1.1 401 Unauthorized"); $_SESSION['login_message'] = 'Incorrect username or password.'; }