mirror of https://github.com/itflow-org/itflow
Started Logs: Login attempts are now logged, created a logs list in the side nav
This commit is contained in:
johnny@pittpc.com
parent
e47853f9cd
commit
d259d1b3dc
10
client.php
10
client.php
|
|
@ -1,11 +1,17 @@
|
|||
<?php include("config.php"); ?>
|
||||
<?php include("check_login.php"); ?>
|
||||
|
||||
<?php
|
||||
|
||||
if(isset($_GET['client_id'])){
|
||||
$client_id = intval($_GET['client_id']);
|
||||
|
||||
$sql = mysqli_query($mysqli,"SELECT * FROM clients WHERE client_id = $client_id");
|
||||
$sql = mysqli_query($mysqli,"SELECT * FROM clients WHERE client_id = $client_id AND company_id = $session_company_id");
|
||||
|
||||
if(mysqli_num_rows($sql) == 0){
|
||||
include("header.php");
|
||||
echo "<center><h1 class='text-secondary mt-5'>Nothing to see here</h1></center>";
|
||||
}else{
|
||||
|
||||
$row = mysqli_fetch_array($sql);
|
||||
$client_name = $row['client_name'];
|
||||
|
|
@ -157,6 +163,8 @@ if(isset($_GET['client_id'])){
|
|||
|
||||
<?php
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
|
|
|
|||
|
|
@ -14,11 +14,11 @@ if(isset($_GET['year'])){
|
|||
}
|
||||
|
||||
//GET unique years from expenses, payments and revenues
|
||||
$sql_payment_years = mysqli_query($mysqli,"SELECT YEAR(expense_date) AS all_years FROM expenses UNION DISTINCT SELECT YEAR(payment_date) FROM payments UNION DISTINCT SELECT YEAR(revenue_date) FROM revenues ORDER BY all_years DESC");
|
||||
$sql_payment_years = mysqli_query($mysqli,"SELECT YEAR(expense_date) AS all_years FROM expenses WHERE company_id = $session_company_id UNION DISTINCT SELECT YEAR(payment_date) FROM payments WHERE company_id = $session_company_id UNION DISTINCT SELECT YEAR(revenue_date) FROM revenues WHERE company_id = $session_company_id ORDER BY all_years DESC");
|
||||
|
||||
|
||||
//GET unique years from expenses, payments and revenues
|
||||
$sql_payment_years = mysqli_query($mysqli,"SELECT YEAR(expense_date) AS all_years FROM expenses UNION DISTINCT SELECT YEAR(payment_date) FROM payments UNION DISTINCT SELECT YEAR(revenue_date) FROM revenues ORDER BY all_years DESC");
|
||||
$sql_payment_years = mysqli_query($mysqli,"SELECT YEAR(expense_date) AS all_years FROM expenses WHERE company_id = $session_company_id UNION DISTINCT SELECT YEAR(payment_date) FROM payments WHERE company_id = $session_company_id UNION DISTINCT SELECT YEAR(revenue_date) FROM revenues WHERE company_id = $session_company_id ORDER BY all_years DESC");
|
||||
//Define var so it doesnt throw errors in logs
|
||||
$largest_income_month = 0;
|
||||
|
||||
|
|
|
|||
20
login.php
20
login.php
|
|
@ -7,6 +7,16 @@ if(!file_exists('config.php')){
|
|||
?>
|
||||
|
||||
<?php include("config.php"); ?>
|
||||
<?php include("functions.php"); ?>
|
||||
|
||||
<?php
|
||||
|
||||
$ip = get_ip();
|
||||
$os = get_os();
|
||||
$browser = get_web_browser();
|
||||
$device = get_device();
|
||||
|
||||
?>
|
||||
|
||||
<?php
|
||||
|
||||
|
|
@ -25,9 +35,12 @@ if(isset($_POST['login'])){
|
|||
$token = $row['token'];
|
||||
$_SESSION['user_id'] = $row['user_id'];
|
||||
$_SESSION['name'] = $row['name'];
|
||||
|
||||
$name = $row['name'];
|
||||
$user_id = $row['user_id'];
|
||||
|
||||
if(empty($token)){
|
||||
$_SESSION['logged'] = TRUE;
|
||||
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Login Successful', log_description = '$name successfully logged in from $ip using $os | $browser on a $device', log_created_at = NOW(), user_id = $user_id");
|
||||
|
||||
header("Location: dashboard.php");
|
||||
}else{
|
||||
|
|
@ -35,9 +48,12 @@ if(isset($_POST['login'])){
|
|||
|
||||
if(TokenAuth6238::verify($token,$current_code)){
|
||||
$_SESSION['logged'] = TRUE;
|
||||
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Login Successful', log_description = '$name successfully logged in with 2FA from $ip using $os | $browser on a $device', log_created_at = NOW(), user_id = $user_id");
|
||||
//header("Location: $config_start_page");
|
||||
header("Location: dashboard.php");
|
||||
}else{
|
||||
mysqli_query($mysqli,"INSERT INTO logs SET log_type = '2FA Login Failed', log_description = '$name failed 2FA from $ip using $os | $browser on a $device', log_created_at = NOW(), user_id = $user_id");
|
||||
|
||||
$response = "
|
||||
<div class='alert alert-danger'>
|
||||
Invalid Code.
|
||||
|
|
@ -48,6 +64,8 @@ if(isset($_POST['login'])){
|
|||
}
|
||||
|
||||
}else{
|
||||
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Login Failed', log_description = '$email failed to login from $ip using $os | $browser on a $device', log_created_at = NOW()");
|
||||
|
||||
$response = "
|
||||
<div class='alert alert-danger'>
|
||||
Incorrect email or password.
|
||||
|
|
|
|||
|
|
@ -0,0 +1,105 @@
|
|||
<?php include("header.php");
|
||||
|
||||
//Rebuild URL
|
||||
|
||||
$url_query_strings_sb = http_build_query(array_merge($_GET,array('sb' => $sb, 'o' => $o)));
|
||||
|
||||
if(isset($_GET['p'])){
|
||||
$p = intval($_GET['p']);
|
||||
$record_from = (($p)-1)*10;
|
||||
$record_to = 10;
|
||||
}else{
|
||||
$record_from = 0;
|
||||
$record_to = 10;
|
||||
$p = 1;
|
||||
}
|
||||
|
||||
if(isset($_GET['q'])){
|
||||
$q = mysqli_real_escape_string($mysqli,$_GET['q']);
|
||||
}else{
|
||||
$q = "";
|
||||
}
|
||||
|
||||
if(!empty($_GET['sb'])){
|
||||
$sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
|
||||
}else{
|
||||
$sb = "log_id";
|
||||
}
|
||||
|
||||
if(isset($_GET['o'])){
|
||||
if($_GET['o'] == 'ASC'){
|
||||
$o = "ASC";
|
||||
$disp = "DESC";
|
||||
}else{
|
||||
$o = "DESC";
|
||||
$disp = "ASC";
|
||||
}
|
||||
}else{
|
||||
$o = "DESC";
|
||||
$disp = "ASC";
|
||||
}
|
||||
|
||||
$sql = mysqli_query($mysqli,"SELECT SQL_CALC_FOUND_ROWS * FROM logs
|
||||
WHERE log_type LIKE '%$q%' OR log_description = '%$q%'
|
||||
ORDER BY $sb $o LIMIT $record_from, $record_to");
|
||||
|
||||
$num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
|
||||
$total_found_rows = $num_rows[0];
|
||||
$total_pages = ceil($total_found_rows / 10);
|
||||
|
||||
?>
|
||||
|
||||
<div class="card mb-3">
|
||||
<div class="card-header bg-dark text-white">
|
||||
<h6 class="float-left mt-1"><i class="fa fa-fw fa-book mr-2"></i>Logs</h6>
|
||||
</div>
|
||||
<div class="card-body">
|
||||
<form autocomplete="off">
|
||||
<div class="input-group">
|
||||
<input type="search" class="form-control col-md-4" name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search Logs">
|
||||
<div class="input-group-append">
|
||||
<button class="btn btn-primary"><i class="fa fa-search"></i></button>
|
||||
</div>
|
||||
</div>
|
||||
</form>
|
||||
<hr>
|
||||
<div class="table-responsive">
|
||||
<table class="table table-striped table-borderless table-hover">
|
||||
<thead class="text-dark <?php if($num_rows[0] == 0){ echo "d-none"; } ?>">
|
||||
<tr>
|
||||
<th><a class="text-dark" href="?<?php echo $url_query_strings_sb; ?>&sb=log_type&o=<?php echo $disp; ?>">Type</a></th>
|
||||
<th><a class="text-dark" href="?<?php echo $url_query_strings_sb; ?>&sb=log_description&o=<?php echo $disp; ?>">Description</a></th>
|
||||
<th><a class="text-dark" href="?<?php echo $url_query_strings_sb; ?>&sb=log_created_at&o=<?php echo $disp; ?>">Timestamp</a></th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
<?php
|
||||
|
||||
while($row = mysqli_fetch_array($sql)){
|
||||
$log_id = $row['log_id'];
|
||||
$log_type = $row['log_type'];
|
||||
$log_description = $row['log_description'];
|
||||
$log_created_at = $row['log_created_at'];
|
||||
|
||||
?>
|
||||
|
||||
<tr>
|
||||
<td><?php echo $log_type; ?></td>
|
||||
<td><?php echo $log_description; ?></td>
|
||||
<td><?php echo $log_created_at; ?></td>
|
||||
</tr>
|
||||
|
||||
<?php
|
||||
}
|
||||
?>
|
||||
|
||||
</tbody>
|
||||
</table>
|
||||
|
||||
<?php include("pagination.php"); ?>
|
||||
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<?php include("footer.php");
|
||||
|
|
@ -7,7 +7,7 @@ if(isset($_GET['year'])){
|
|||
$year = date('Y');
|
||||
}
|
||||
|
||||
$sql_payment_years = mysqli_query($mysqli,"SELECT DISTINCT YEAR(payment_date) AS payment_year FROM payments UNION SELECT DISTINCT YEAR(revenue_date) AS payment_year FROM revenues ORDER BY payment_year DESC");
|
||||
$sql_payment_years = mysqli_query($mysqli,"SELECT DISTINCT YEAR(payment_date) AS payment_year FROM payments WHERE company_id = $session_company_id UNION SELECT DISTINCT YEAR(revenue_date) AS payment_year FROM revenues WHERE company_id = $session_company_id ORDER BY payment_year DESC");
|
||||
|
||||
$sql_categories = mysqli_query($mysqli,"SELECT * FROM categories WHERE category_type = 'Income' AND company_id = $session_company_id ORDER BY category_name ASC");
|
||||
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ if(isset($_GET['year'])){
|
|||
}
|
||||
|
||||
//GET unique years from expenses, payments and revenues
|
||||
$sql_all_years = mysqli_query($mysqli,"SELECT YEAR(expense_date) AS all_years FROM expenses UNION DISTINCT SELECT YEAR(payment_date) FROM payments UNION DISTINCT SELECT YEAR(revenue_date) FROM revenues ORDER BY all_years DESC");
|
||||
$sql_all_years = mysqli_query($mysqli,"SELECT YEAR(expense_date) AS all_years FROM expenses WHERE company_id = $session_company_id UNION DISTINCT SELECT YEAR(payment_date) FROM payments WHERE company_id = $session_company_id UNION DISTINCT SELECT YEAR(revenue_date) FROM revenues WHERE company_id = $session_company_id ORDER BY all_years DESC");
|
||||
|
||||
$sql_categories_income = mysqli_query($mysqli,"SELECT * FROM categories WHERE category_type = 'Income' AND company_id = $session_company_id ORDER BY category_name ASC");
|
||||
|
||||
|
|
|
|||
|
|
@ -111,6 +111,7 @@
|
|||
<a class="dropdown-item" href="categories.php">Categories</a>
|
||||
<a class="dropdown-item" href="users.php">Users</a>
|
||||
<a class="dropdown-item" href="companies.php">Companies</a>
|
||||
<a class="dropdown-item" href="logs.php">Logs</a>
|
||||
</div>
|
||||
</li>
|
||||
</ul>
|
||||
Loading…
Reference in New Issue