AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Updated profile post to use new logAction function, tidy and added more details to logging

This commit is contained in:
johnnyq 2024-11-12 18:26:04 -05:00
parent 115640fc89
commit c5aa22a832
1 changed files with 13 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
post/user/profile.php
View File

@ -77,7 +77,7 @@ if (isset($_POST['edit_your_user_details'])) {
mysqli_query($mysqli,"UPDATE users SET user_name = '$name', user_email = '$email' WHERE user_id = $session_user_id");
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'User Details', log_action = 'Modify', log_description = '$session_name modified their details $extended_log_description', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
logAction("User Account", "Edit", "$session_name edited their account $extended_log_description");
$_SESSION['alert_message'] = "User details updated";
@ -94,6 +94,8 @@ if (isset($_GET['clear_your_user_avatar'])) {
mysqli_query($mysqli,"UPDATE users SET user_avatar = NULL WHERE user_id = $session_user_id");
logAction("User Account", "Edit", "$session_name cleared their avatar");
$_SESSION['alert_message'] = "Avatar cleared";
header("Location: " . $_SERVER["HTTP_REFERER"]);
}
@ -144,8 +146,8 @@ if (isset($_POST['edit_your_user_password'])) {
$user_specific_encryption_ciphertext = encryptUserSpecificKey($_POST['new_password']);
mysqli_query($mysqli,"UPDATE users SET user_password = '$new_password', user_specific_encryption_ciphertext = '$user_specific_encryption_ciphertext' WHERE user_id = $session_user_id");
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'User Preferences', log_action = 'Modify', log_description = '$session_name changed their password', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
// Logging
logAction("User Account", "Edit", "$session_name changed their password");
$_SESSION['alert_message'] = "Your password was updated";
@ -181,8 +183,8 @@ if (isset($_POST['edit_your_user_preferences'])) {
$extended_log_description .= "disabled browser extension access";
}
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'User Preferences', log_action = 'Modify', log_description = '$session_name $extended_log_description', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
// Logging
logAction("User Account", "Edit", "$session_name $extended_log_description");
$_SESSION['alert_message'] = "User preferences updated";
@ -230,8 +232,8 @@ if (isset($_POST['enable_2fa']) || isset($_GET['enable_2fa_force'])) {
// Delete any existing 2FA tokens - these browsers should be re-validated
mysqli_query($mysqli, "DELETE FROM remember_tokens WHERE remember_token_user_id = $session_user_id");
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'User Settings', log_action = 'Modify', log_description = '$session_name enabled 2FA on their account $extended_log_description', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
// Logging
logAction("User Account", "Edit", "$session_name enabled MFA on their account $extended_log_description");
$_SESSION['alert_message'] = "Two-factor authentication enabled $extended_log_description";
@ -246,9 +248,6 @@ if (isset($_POST['disable_2fa'])){
mysqli_query($mysqli,"UPDATE users SET user_token = '' WHERE user_id = $session_user_id");
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'User Settings', log_action = 'Modify', log_description = '$session_name disabled 2FA on their account', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
// Sanitize Config Vars from get_settings.php and Session Vars from check_login.php
$config_mail_from_name = sanitizeInput($config_mail_from_name);
$config_mail_from_email = sanitizeInput($config_mail_from_email);
@ -272,6 +271,9 @@ if (isset($_POST['disable_2fa'])){
$mail = addToMailQueue($mysqli, $data);
}
// Logging
logAction("User Account", "Edit", "$session_name disabled MFA on their account");
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Two-factor authentication disabled";
@ -288,7 +290,7 @@ if (isset($_POST['revoke_your_2fa_remember_tokens'])) {
mysqli_query($mysqli, "DELETE FROM remember_tokens WHERE remember_token_user_id = $session_user_id");
//Logging
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'User Settings', log_action = 'Modify', log_description = '$session_name revoked all their remember-me tokens', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, log_entity_id = $session_user_id");
logAction("User Account", "Edit", "$session_name revoked all their remember-me tokens");
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Remember me tokens revoked";