AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Started adding IP and User agent to audit logs, log when a user logs out, Merged logout into post.php

This commit is contained in:
johnnyq 2021-12-09 16:12:57 -05:00
parent a5a8fbc319
commit f02e94d585
8 changed files with 38 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
check_login.php
View File

@ -9,7 +9,7 @@
}
if(!$_SESSION['logged']){
header("Location: logout.php");
header("Location: login.php");
die;
}

6
functions.php
View File

@ -282,4 +282,10 @@ function formatPhoneNumber($phoneNumber) {
return $phoneNumber;
}
//SESSION FINGERPRINT
$session_ip = get_ip();
$session_os = get_os();
$session_browser = get_web_browser();
$session_device = get_device();
?>

9
login.php
View File

@ -43,7 +43,7 @@ if(isset($_POST['login'])){
if(empty($token)){
$_SESSION['logged'] = TRUE;
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Login', log_action = 'Success', log_description = '$ip - $os - $browser - $device', log_created_at = NOW(), log_user_id = $user_id");
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Login', log_action = 'Success', log_description = '$user_name successfully logged in', log_ip = '$ip', log_user_agent = '$os - $browser - $device', log_created_at = NOW(), log_user_id = $user_id");
header("Location: dashboard.php");
}else{
@ -60,12 +60,11 @@ if(isset($_POST['login'])){
if(TokenAuth6238::verify($token,$current_code)){
$_SESSION['logged'] = TRUE;
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Login 2FA', log_action = 'Success', log_description = '$ip - $os - $browser - $device', log_created_at = NOW(), log_user_id = $user_id");
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Login 2FA', log_action = 'Success', log_description = '$user_name successfully logged in using 2FA', log_ip = '$ip', log_user_agent = '$os - $browser - $device', log_created_at = NOW(), log_user_id = $user_id");
//header("Location: $config_start_page");
echo "<script>alert(Fail); </script>";
header("Location: dashboard.php");
}else{
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Login', log_action = '2FA Failed', log_description = '$ip - $os - $browser - $device', log_created_at = NOW(), log_user_id = $user_id");
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Login', log_action = '2FA Failed', log_description = '$user_name failed 2FA', log_ip = '$ip', log_user_agent = '$os - $browser - $device', log_created_at = NOW(), log_user_id = $user_id");
$response = "
<div class='alert alert-primary'>
@ -77,7 +76,7 @@ if(isset($_POST['login'])){
}
}else{
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Login', log_action = 'Failed', log_description = '$username - $ip - $os - $browser - $device', log_created_at = NOW()");
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Login', log_action = 'Failed', log_description = '$user_name failed to log in', log_ip = '$ip', log_user_agent = '$os - $browser - $device', log_created_at = NOW()");
$response = "
<div class='alert alert-danger'>

7
logout.php
View File

@ -1,7 +0,0 @@
<?php
session_start();
session_destroy();
header('Location: login.php');
?>

12
logs.php
View File

@ -74,7 +74,7 @@ $url_query_strings_sb = http_build_query(array_merge($_GET,array('sb' => $sb, 'o
$sql = mysqli_query($mysqli,"SELECT SQL_CALC_FOUND_ROWS * FROM logs
LEFT JOIN users ON log_user_id = user_id
WHERE (log_type LIKE '%$q%' OR log_action LIKE '%$q%' OR log_description LIKE '%$q%' OR user_name LIKE '%$q%')
WHERE (log_type LIKE '%$q%' OR log_action LIKE '%$q%' OR log_description LIKE '%$q%' OR log_ip LIKE '%$q%' OR log_user_agent LIKE '%$q%' OR user_name LIKE '%$q%')
AND DATE(log_created_at) BETWEEN '$dtf' AND '$dtt'
ORDER BY $sb $o LIMIT $record_from, $record_to"
);
@ -85,14 +85,14 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
<div class="card card-dark">
<div class="card-header">
<h3 class="card-title"><i class="fa fa-fw fa-book"></i> Logs <?php echo $extended_query; ?></h3>
<h3 class="card-title"><i class="fa fa-fw fa-book"></i> Audit Logs <?php echo $extended_query; ?></h3>
</div>
<div class="card-body">
<form class="mb-4" autocomplete="off">
<div class="row">
<div class="col-sm-4">
<div class="input-group">
<input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search Logs">
<input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search audit logs">
<div class="input-group-append">
<button class="btn btn-secondary" type="button" data-toggle="collapse" data-target="#advancedFilter"><i class="fas fa-filter"></i></button>
<button class="btn btn-primary"><i class="fa fa-search"></i></button>
@ -143,6 +143,8 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
<th><a class="text-dark" href="?<?php echo $url_query_strings_sb; ?>&sb=log_type&o=<?php echo $disp; ?>">Type</a></th>
<th><a class="text-dark" href="?<?php echo $url_query_strings_sb; ?>&sb=log_action&o=<?php echo $disp; ?>">Action</a></th>
<th><a class="text-dark" href="?<?php echo $url_query_strings_sb; ?>&sb=log_description&o=<?php echo $disp; ?>">Description</a></th>
<th><a class="text-dark" href="?<?php echo $url_query_strings_sb; ?>&sb=log_ip&o=<?php echo $disp; ?>">IP Address</a></th>
<th><a class="text-dark" href="?<?php echo $url_query_strings_sb; ?>&sb=log_user_agent&o=<?php echo $disp; ?>">User Agent</a></th>
</tr>
</thead>
<tbody>
@ -153,6 +155,8 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
$log_type = $row['log_type'];
$log_action = $row['log_action'];
$log_description = $row['log_description'];
$log_ip = $row['log_ip'];
$log_user_agent = $row['log_user_agent'];
$log_created_at = $row['log_created_at'];
$user_id = $row['user_id'];
$user_name = $row['user_name'];
@ -170,6 +174,8 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
<td><?php echo $log_type; ?></td>
<td><?php echo $log_action; ?></td>
<td><?php echo $log_description; ?></td>
<td><?php echo $log_ip; ?></td>
<td><?php echo $log_user_agent; ?></td>
</tr>
<?php

16
post.php
View File

@ -856,6 +856,10 @@ if(isset($_GET['update'])){
//Alter SQL Structure
//Put ID Here
mysqli_query($mysqli,"ALTER TABLE logs ADD log_ip VARCHAR(200) NULL AFTER log_description");
mysqli_query($mysqli,"ALTER TABLE logs ADD log_user_agent VARCHAR(250) NULL AFTER log_ip");
//85cdc42d0f15e36de5cab00d7f3c799a056e85ef
mysqli_query($mysqli,"ALTER TABLE assets ADD asset_install_date DATE NULL AFTER asset_warranty_expire");
@ -6146,3 +6150,15 @@ if(isset($_GET['export_client_pdf'])){
}
?>
<?php
if(isset($_GET['logout'])){
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Logout', log_action = 'Success', log_description = '$session_name logged out', log_ip = '$session_ip', log_user_agent = '$session_os - $session_browser - $session_device', log_created_at = NOW(), log_user_id = $session_user_id");
session_start();
session_destroy();
header('Location: login.php');
}
?>

2
side_nav.php
View File

@ -260,7 +260,7 @@
<li class="nav-item">
<a href="logs.php" class="nav-link <?php if(basename($_SERVER["PHP_SELF"]) == "logs.php") { echo "active"; } ?>">
<i class="far fa-circle nav-icon"></i>
<p>Logs</p>
<p>Audit Logs</p>
</a>
</li>
</ul>

2
top_nav.php
View File

@ -58,7 +58,7 @@
<!-- Menu Footer-->
<li class="user-footer">
<a href="settings-user.php" class="btn btn-default btn-flat">Profile</a>
<a href="logout.php" class="btn btn-default btn-flat float-right">Sign out</a>
<a href="post.php?logout" class="btn btn-default btn-flat float-right">Sign out</a>
</li>
</ul>
</li>