Portal login logs

wrongecho · wrongecho · commit 377c5952d7be · 2024-10-06T16:38:48.000+01:00
- Mention contact ID in audit log if password is incorrect
- Mention in audit logs if invalid email/auth method
diff --git a/portal/login.php b/portal/login.php
@@ -68,13 +68,13 @@
                 mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Client Login', log_action = 'Success', log_description = 'Client contact $row[contact_email] successfully logged in locally', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $row[contact_client_id]");
 
             } else {
-                mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Client Login', log_action = 'Failed', log_description = 'Failed client portal login attempt using $email', log_ip = '$ip', log_user_agent = '$user_agent'");
+                mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Client Login', log_action = 'Failed', log_description = 'Failed client portal login attempt using $email (incorrect password for contact ID $row[contact_id])', log_ip = '$ip', log_user_agent = '$user_agent'");
                 header("HTTP/1.1 401 Unauthorized");
                 $_SESSION['login_message'] = 'Incorrect username or password.';
             }
 
         } else {
-            mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Client Login', log_action = 'Failed', log_description = 'Failed client portal login attempt using $email', log_ip = '$ip', log_user_agent = '$user_agent'");
+            mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Client Login', log_action = 'Failed', log_description = 'Failed client portal login attempt using $email (invalid email/not allowed local auth)', log_ip = '$ip', log_user_agent = '$user_agent'");
             header("HTTP/1.1 401 Unauthorized");
             $_SESSION['login_message'] = 'Incorrect username or password.';
         }

Original file line number	Diff line number	Diff line change
`@@ -68,13 +68,13 @@`
`68`	`68`	`mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Client Login', log_action = 'Success', log_description = 'Client contact $row[contact_email] successfully logged in locally', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $row[contact_client_id]");`
`69`	`69`
`70`	`70`	`} else {`
`71`		`- mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Client Login', log_action = 'Failed', log_description = 'Failed client portal login attempt using $email', log_ip = '$ip', log_user_agent = '$user_agent'");`
	`71`	`+ mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Client Login', log_action = 'Failed', log_description = 'Failed client portal login attempt using $email (incorrect password for contact ID $row[contact_id])', log_ip = '$ip', log_user_agent = '$user_agent'");`
`72`	`72`	`header("HTTP/1.1 401 Unauthorized");`
`73`	`73`	`$_SESSION['login_message'] = 'Incorrect username or password.';`
`74`	`74`	`}`
`75`	`75`
`76`	`76`	`} else {`
`77`		`- mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Client Login', log_action = 'Failed', log_description = 'Failed client portal login attempt using $email', log_ip = '$ip', log_user_agent = '$user_agent'");`
	`77`	`+ mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Client Login', log_action = 'Failed', log_description = 'Failed client portal login attempt using $email (invalid email/not allowed local auth)', log_ip = '$ip', log_user_agent = '$user_agent'");`
`78`	`78`	`header("HTTP/1.1 401 Unauthorized");`
`79`	`79`	`$_SESSION['login_message'] = 'Incorrect username or password.';`
`80`	`80`	`}`