diff --git a/login.php b/login.php
index 10a4626f..c24cfdf2 100644
--- a/login.php
+++ b/login.php
@@ -10,12 +10,12 @@ require_once("functions.php");
require_once("rfc6238.php");
// IP & User Agent for logging
-$ip = strip_tags(mysqli_real_escape_string($mysqli,get_ip()));
-$user_agent = strip_tags(mysqli_real_escape_string($mysqli,$_SERVER['HTTP_USER_AGENT']));
+$ip = strip_tags(mysqli_real_escape_string($mysqli, get_ip()));
+$user_agent = strip_tags(mysqli_real_escape_string($mysqli, $_SERVER['HTTP_USER_AGENT']));
// Block brute force password attacks - check recent failed login attempts for this IP
// Block access if more than 15 failed login attempts have happened in the last 10 minutes
-$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT(log_id) AS failed_login_count FROM logs WHERE log_ip = '$ip' AND log_type = 'Login' AND log_action = 'Failed' AND log_created_at > (NOW() - INTERVAL 10 MINUTE)"));
+$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT(log_id) AS failed_login_count FROM logs WHERE log_ip = '$ip' AND log_type = 'Login' AND log_action = 'Failed' AND log_created_at > (NOW() - INTERVAL 10 MINUTE)"));
$failed_login_count = $row['failed_login_count'];
if ($failed_login_count >= 15) {
@@ -28,7 +28,7 @@ if ($failed_login_count >= 15) {
}
// Query Settings for "default" company (as companies are being removed shortly)
-$sql_settings = mysqli_query($mysqli,"SELECT * FROM settings WHERE company_id = 1");
+$sql_settings = mysqli_query($mysqli, "SELECT * FROM settings WHERE company_id = 1");
$row = mysqli_fetch_array($sql_settings);
// Mail
@@ -200,7 +200,7 @@ if (isset($_POST['login'])) {
?>
-
+
diff --git a/portal/login.php b/portal/login.php
index ebd664e5..17eb9c80 100644
--- a/portal/login.php
+++ b/portal/login.php
@@ -11,15 +11,15 @@ require_once ('../get_settings.php');
if (!isset($_SESSION)) {
// HTTP Only cookies
- ini_set("session.cookie_httponly", True);
+ ini_set("session.cookie_httponly", true);
if ($config_https_only) {
// Tell client to only send cookie(s) over HTTPS
- ini_set("session.cookie_secure", True);
+ ini_set("session.cookie_secure", true);
}
session_start();
}
-$ip = strip_tags(mysqli_real_escape_string($mysqli,get_ip()));
+$ip = strip_tags(mysqli_real_escape_string($mysqli, get_ip()));
$user_agent = strip_tags(mysqli_real_escape_string($mysqli, $_SERVER['HTTP_USER_AGENT']));
$sql_settings = mysqli_query($mysqli, "SELECT config_azure_client_id FROM settings WHERE company_id = '1'");
@@ -37,8 +37,7 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['login'])) {
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$_SESSION['login_message'] = 'Invalid e-mail';
- }
- else {
+ } else {
$sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_email = '$email' LIMIT 1");
$row = mysqli_fetch_array($sql);
if ($row['contact_auth_method'] == 'local') {
@@ -54,14 +53,12 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['login'])) {
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Client Login', log_action = 'Success', log_description = 'Client contact $row[contact_email] successfully logged in locally', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), log_client_id = $row[contact_client_id]");
- }
- else {
+ } else {
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Client Login', log_action = 'Failed', log_description = 'Failed client portal login attempt using $email', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW()");
$_SESSION['login_message'] = 'Incorrect username or password.';
}
- }
- else {
+ } else {
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Client Login', log_action = 'Failed', log_description = 'Failed client portal login attempt using $email', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW()");
$_SESSION['login_message'] = 'Incorrect username or password.';
}
@@ -70,7 +67,7 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['login'])) {
?>
-
+
@@ -164,4 +161,4 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['login'])) {
-
\ No newline at end of file
+