mirror of
https://github.com/e107inc/e107.git
synced 2025-03-14 01:19:44 +01:00
login-related logging etc
This commit is contained in:
e107steved
parent
8f9f596b02
commit
fd22dbfb81
@ -11,8 +11,8 @@
|
||||
| GNU General Public License (http://gnu.org).
|
||||
|
|
||||
| $Source: /cvs_backup/e107_0.8/e107_admin/admin_log.php,v $
|
||||
| $Revision: 1.8 $
|
||||
| $Date: 2007-12-29 22:32:58 $
|
||||
| $Revision: 1.9 $
|
||||
| $Date: 2008-01-01 21:26:16 $
|
||||
| $Author: e107steved $
|
||||
|
|
||||
| Preferences:
|
||||
@ -371,7 +371,8 @@ $audit_checkboxes = array(
|
||||
USER_AUDIT_NEW_PW => RL_LAN_076,
|
||||
USER_AUDIT_PW_RES => RL_LAN_078,
|
||||
USER_AUDIT_NEW_EML => RL_LAN_077,
|
||||
USER_AUDIT_NEW_SET => RL_LAN_079
|
||||
USER_AUDIT_NEW_SET => RL_LAN_079,
|
||||
USER_AUDIT_ADD_ADMIN => RL_LAN_080
|
||||
);
|
||||
|
||||
//Uncomment once inherited user classes
|
||||
@ -391,7 +392,7 @@ $audit_checkboxes = array(
|
||||
|
||||
// Uncomment once inherited userclasses
|
||||
$text .= "<select class='tbox' name='class_select'>\n";
|
||||
$text .= $e_userclass->vetted_tree('user_audit_class',array($e_userclass,'select'), varset($pref['user_audit_class'],''),'force');
|
||||
$text .= $e_userclass->vetted_tree('user_audit_class',array($e_userclass,'select'), varset($pref['user_audit_class'],''),'nobody,admin,member,classes');
|
||||
$text .= "</select>\n";
|
||||
// $text .= r_userclass('user_audit_class', varset($pref['user_audit_class'],''),'off','nobody,admin,user,classes');
|
||||
$text .= "</td>
|
||||
@ -703,8 +704,8 @@ $col_fields = array('adminlog' => array('cf_datestring','dblog_type','dblog_ip',
|
||||
// $val = $tp->toHTML($row['dblog_title'],FALSE,'RAWTEXT,defs');
|
||||
if (defined($val)) $val = constant($val);
|
||||
break;
|
||||
case 'dblog_username' :
|
||||
$val = $row['dblog_userid'] ? $row['dblog_username'] : 'Anonymous';
|
||||
case 'dblog_user_name' :
|
||||
$val = $row['dblog_user_id'] ? $row['dblog_user_name'] : LAN_ANONYMOUS;
|
||||
break;
|
||||
case 'dblog_caller' :
|
||||
$val = $row['dblog_caller'];
|
||||
|
||||
@ -12,8 +12,8 @@
|
||||
| GNU General Public License (http://gnu.org).
|
||||
|
|
||||
| $Source: /cvs_backup/e107_0.8/e107_handlers/admin_log_class.php,v $
|
||||
| $Revision: 1.7 $
|
||||
| $Date: 2007-12-29 22:07:42 $
|
||||
| $Revision: 1.8 $
|
||||
| $Date: 2008-01-01 21:26:16 $
|
||||
| $Author: e107steved $
|
||||
|
||||
To do:
|
||||
@ -78,6 +78,7 @@ class e_admin_log {
|
||||
define('USER_AUDIT_NEW_EML',17); // User changed email
|
||||
define('USER_AUDIT_PW_RES',18); // Password reset
|
||||
define('USER_AUDIT_NEW_SET',19); // User changed other settings
|
||||
define('USER_AUDIT_ADD_ADMIN',20); // User added by admin
|
||||
}
|
||||
|
||||
/**
|
||||
@ -232,7 +233,7 @@ Generic log entry point
|
||||
// $id and $u_name are left blank except for admin edits and user login, where they specify the id and login name of the 'target' user
|
||||
function user_audit($event_type, $event_data, $id = '', $u_name = '')
|
||||
{
|
||||
global $e107, $tp;
|
||||
global $e107, $tp, $pref;
|
||||
list($time_usec, $time_sec) = explode(" ", microtime()); // Log event time immediately to minimise uncertainty
|
||||
|
||||
// See whether we should log this
|
||||
|
||||
@ -12,8 +12,8 @@
|
||||
| GNU General Public License (http://gnu.org).
|
||||
|
|
||||
| $Source: /cvs_backup/e107_0.8/e107_handlers/login.php,v $
|
||||
| $Revision: 1.12 $
|
||||
| $Date: 2007-12-31 17:20:55 $
|
||||
| $Revision: 1.13 $
|
||||
| $Date: 2008-01-01 21:26:16 $
|
||||
| $Author: e107steved $
|
||||
+----------------------------------------------------------------------------+
|
||||
*/
|
||||
@ -22,8 +22,10 @@ if (!defined('e107_INIT')) { exit; }
|
||||
|
||||
include_lan(e_LANGUAGEDIR.e_LANGUAGE."/lan_login.php");
|
||||
|
||||
class userlogin {
|
||||
function userlogin($username, $userpass, $autologin) {
|
||||
class userlogin
|
||||
{
|
||||
function userlogin($username, $userpass, $autologin)
|
||||
{
|
||||
/* Constructor
|
||||
# Class called when user attempts to log in
|
||||
#
|
||||
@ -38,40 +40,49 @@ class userlogin {
|
||||
$username = trim($username);
|
||||
$userpass = trim($userpass);
|
||||
if($username == "" || $userpass == "")
|
||||
{
|
||||
define("LOGINMESSAGE", LAN_27."<br /><br />");
|
||||
return FALSE;
|
||||
{ // Required fields blank
|
||||
define("LOGINMESSAGE", LAN_LOGIN_20."<br /><br />");
|
||||
$admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"LOGIN",'LAN_ROLL_LOG_01',$username,FALSE,LOG_TO_ROLLING);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
if(!is_object($sql)){
|
||||
$sql = new db;
|
||||
}
|
||||
if(!is_object($sql)) { $sql = new db; }
|
||||
|
||||
$fip = $e107->getip();
|
||||
// $admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","User login",'IP: '.$fip,FALSE,LOG_TO_ROLLING);
|
||||
$e107->check_ban("banlist_ip='{$fip}' ",FALSE);
|
||||
$e107->check_ban("banlist_ip='{$fip}' ",FALSE); // This will exit if a ban is in force
|
||||
// if($sql -> db_Select("banlist", "*", "banlist_ip='{$fip}' ")) { exit;}
|
||||
|
||||
$autologin = intval($autologin);
|
||||
|
||||
if ($pref['auth_method'] && $pref['auth_method'] != "e107") {
|
||||
$auth_file = e_PLUGIN."alt_auth/".$pref['auth_method']."_auth.php";
|
||||
if (file_exists($auth_file)) {
|
||||
require_once(e_PLUGIN."alt_auth/alt_auth_login_class.php");
|
||||
$result = new alt_login($pref['auth_method'], $username, $userpass);
|
||||
}
|
||||
if ($pref['auth_method'] && $pref['auth_method'] != "e107")
|
||||
{
|
||||
$auth_file = e_PLUGIN."alt_auth/".$pref['auth_method']."_auth.php";
|
||||
if (file_exists($auth_file))
|
||||
{
|
||||
require_once(e_PLUGIN."alt_auth/alt_auth_login_class.php");
|
||||
$result = new alt_login($pref['auth_method'], $username, $userpass);
|
||||
}
|
||||
}
|
||||
|
||||
if ($pref['logcode'] && extension_loaded("gd")) {
|
||||
require_once(e_HANDLER."secure_img_handler.php");
|
||||
$sec_img = new secure_image;
|
||||
if (!$sec_img->verify_code($_POST['rand_num'], $_POST['code_verify'])) {
|
||||
define("LOGINMESSAGE", LAN_303."<br /><br />");
|
||||
return FALSE;
|
||||
}
|
||||
if ($pref['logcode'] && extension_loaded("gd"))
|
||||
{
|
||||
require_once(e_HANDLER."secure_img_handler.php");
|
||||
$sec_img = new secure_image;
|
||||
if (!$sec_img->verify_code($_POST['rand_num'], $_POST['code_verify']))
|
||||
{ // Invalid code
|
||||
define("LOGINMESSAGE", LAN_LOGIN_23."<br /><br />");
|
||||
$admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"LOGIN",'LAN_ROLL_LOG_02','',FALSE,LOG_TO_ROLLING);
|
||||
return FALSE;
|
||||
}
|
||||
}
|
||||
$username = preg_replace("/\sOR\s|\=|\#/", "", $username);
|
||||
$username = substr($username, 0, 30);
|
||||
if (strlen($username) > varset($pref['loginname_maxlength'],30))
|
||||
{ // Error - invalid username
|
||||
define("LOGINMESSAGE", LAN_LOGIN_21."<br /><br />");
|
||||
$admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"LOGIN",'LAN_ROLL_LOG_08',$username,FALSE,LOG_TO_ROLLING);
|
||||
return FALSE;
|
||||
}
|
||||
$ouserpass = $userpass;
|
||||
$userpass = md5($ouserpass);
|
||||
|
||||
@ -81,23 +92,24 @@ class userlogin {
|
||||
$userpass = md5(utf8_decode($ouserpass));
|
||||
}
|
||||
|
||||
// $admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","User login",'Doing final checks',FALSE,LOG_TO_ROLLING);
|
||||
if (!$sql->db_Select("user", "*", "user_loginname = '".$tp -> toDB($username)."'"))
|
||||
{ // Invalid user
|
||||
define("LOGINMESSAGE", LAN_300."<br /><br />");
|
||||
define("LOGINMESSAGE", LAN_LOGIN_21."<br /><br />");
|
||||
$sql -> db_Insert("generic", "0, 'failed_login', '".time()."', 0, '{$fip}', 0, '".LAN_LOGIN_14." ::: ".LAN_LOGIN_1.": ".$tp -> toDB($username)."'");
|
||||
$admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"LOGIN",'LAN_ROLL_LOG_04',$username,FALSE,LOG_TO_ROLLING);
|
||||
$this -> checkibr($fip);
|
||||
return FALSE;
|
||||
}
|
||||
else if(!$sql->db_Select("user", "*", "user_loginname = '".$tp -> toDB($username)."' AND user_password = '{$userpass}'"))
|
||||
{ // Invalid user/password combination
|
||||
define("LOGINMESSAGE", LAN_300."<br /><br />");
|
||||
define("LOGINMESSAGE", LAN_LOGIN_21."<br /><br />");
|
||||
$admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"LOGIN",'LAN_ROLL_LOG_03',$username,FALSE,LOG_TO_ROLLING);
|
||||
return FALSE;
|
||||
}
|
||||
else if(!$sql->db_Select("user", "*", "user_loginname = '".$tp -> toDB($username)."' AND user_password = '{$userpass}' AND user_ban!=2 "))
|
||||
{ // Banned user
|
||||
define("LOGINMESSAGE", LAN_302."<br /><br />");
|
||||
// $admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","User login",'User is banned: '.$tp -> toDB($username),FALSE,LOG_TO_ROLLING);
|
||||
{ // User not fully signed up - hasn't activated account
|
||||
define("LOGINMESSAGE", LAN_LOGIN_22."<br /><br />");
|
||||
$admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"LOGIN",'LAN_ROLL_LOG_05',$username,FALSE,LOG_TO_ROLLING);
|
||||
$sql -> db_Insert("generic", "0, 'failed_login', '".time()."', 0, '{$fip}', 0, '".LAN_LOGIN_15." ::: ".LAN_LOGIN_1.": ".$tp -> toDB($username)."'");
|
||||
$this -> checkibr($fip);
|
||||
return FALSE;
|
||||
@ -109,11 +121,13 @@ class userlogin {
|
||||
if ($ret!='')
|
||||
{
|
||||
define("LOGINMESSAGE", $ret."<br /><br />");
|
||||
$admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"LOGIN",'LAN_ROLL_LOG_06',$username,FALSE,LOG_TO_ROLLING);
|
||||
return FALSE;
|
||||
}
|
||||
else
|
||||
{ // Trigger events happy as well
|
||||
$lode = $sql -> db_Fetch(); // Get user info
|
||||
$lode['user_perms'] = trim($lode['user_perms']);
|
||||
$user_id = $lode['user_id'];
|
||||
$user_name = $lode['user_name'];
|
||||
$user_xup = $lode['user_xup'];
|
||||
@ -123,12 +137,13 @@ class userlogin {
|
||||
{
|
||||
if($sql -> db_Select("online", "online_ip", "online_user_id='".$user_id.".".$user_name."'"))
|
||||
{
|
||||
define("LOGINMESSAGE", LAN_304."<br /><br />");
|
||||
$sql -> db_Insert("generic", "0, 'failed_login', '".time()."', 0, '$fip', '$user_id', '".LAN_LOGIN_16." ::: ".LAN_LOGIN_1.": ".$tp -> toDB($username).", ".LAN_LOGIN_17.": ".md5($ouserpass)."' ");
|
||||
define("LOGINMESSAGE", LAN_LOGIN_24."<br /><br />");
|
||||
$admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"LOGIN",'LAN_ROLL_LOG_07',"U: {$username} IP: {$fip}",FALSE,LOG_TO_ROLLING);
|
||||
$sql -> db_Insert("generic", "0, 'failed_login', '".time()."', 0, '{$fip}', '{$user_id}', '".LAN_LOGIN_16." ::: ".LAN_LOGIN_1.": ".$tp -> toDB($username).", ".LAN_LOGIN_17.": ".md5($ouserpass)."' ");
|
||||
$this -> checkibr($fip);
|
||||
return FALSE;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$cookieval = $user_id.".".md5($userpass);
|
||||
if($user_xup)
|
||||
@ -143,7 +158,7 @@ class userlogin {
|
||||
else
|
||||
{
|
||||
if ($autologin == 1)
|
||||
{
|
||||
{ // Cookie valid for up to 30 days
|
||||
cookie($pref['cookie_name'], $cookieval, (time() + 3600 * 24 * 30));
|
||||
}
|
||||
else
|
||||
@ -156,6 +171,7 @@ class userlogin {
|
||||
|
||||
|
||||
// Calculate class membership - needed for a couple of things
|
||||
// Problem is that USERCLASS_LIST just contains 'guest' and 'everyone' at this point
|
||||
$class_list = explode(',',$lode['user_class']);
|
||||
if ($lode['user_admin'] && strlen($lode['user_perms']))
|
||||
{
|
||||
@ -174,7 +190,7 @@ class userlogin {
|
||||
$admin_log->user_audit(USER_AUDIT_LOGIN,'', $user_id,$user_name);
|
||||
}
|
||||
|
||||
$edata_li = array("user_id" => $user_id, "user_name" => $username, 'class_list' => implode(',',$class_list));
|
||||
$edata_li = array("user_id" => $user_id, "user_name" => $username, 'class_list' => implode(',',$class_list), 'remember_me' => $autologin);
|
||||
$e_event->trigger("login", $edata_li);
|
||||
$redir = (e_QUERY ? e_SELF."?".e_QUERY : e_SELF);
|
||||
|
||||
@ -182,8 +198,6 @@ class userlogin {
|
||||
|
||||
if (isset($pref['frontpage_force']) && is_array($pref['frontpage_force']))
|
||||
{ // See if we're to force a page immediately following login - assumes $pref['frontpage_force'] is an ordered list of rules
|
||||
// Problem is that USERCLASS_LIST just contains 'guest' and 'everyone' at this point
|
||||
$lode['user_perms'] = trim($lode['user_perms']);
|
||||
// $log_info = "New user: ".$lode['user_name']." Class: ".$lode['user_class']." Admin: ".$lode['user_admin']." Perms: ".$lode['user_perms'];
|
||||
// $admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","Login Start",$log_info,FALSE,FALSE);
|
||||
// $admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","New User class",implode(',',$class_list),FALSE,FALSE);
|
||||
@ -222,7 +236,7 @@ class userlogin {
|
||||
{
|
||||
$e107->add_ban(4,LAN_LOGIN_18,$fip,1);
|
||||
// $sql -> db_Insert("banlist", "'$fip', '1', '".LAN_LOGIN_18."' ");
|
||||
$sql -> db_Insert("generic", "0, 'auto_banned', '".time()."', 0, '$fip', '$user_id', '".LAN_LOGIN_20.": ".$tp -> toDB($username).", ".LAN_LOGIN_17.": ".md5($ouserpass)."' ");
|
||||
$sql -> db_Insert("generic", "0, 'auto_banned', '".time()."', 0, '{$fip}', '{$user_id}', '".LAN_LOGIN_20.": ".$tp -> toDB($username).", ".LAN_LOGIN_17.": ".md5($ouserpass)."' ");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
<?php
|
||||
// e107 Language File.
|
||||
// $Id: lan_log_messages.php,v 1.6 2008-01-01 18:18:12 e107steved Exp $
|
||||
// $Id: lan_log_messages.php,v 1.7 2008-01-01 21:26:23 e107steved Exp $
|
||||
|
||||
/*
|
||||
The definitions in this file are for standard 'explanatory' messages which might be entered
|
||||
@ -91,7 +91,7 @@ define('LAN_ROLL_LOG_04','Invalid username entered');
|
||||
define('LAN_ROLL_LOG_05','Login attempt by user not fully signed up');
|
||||
define('LAN_ROLL_LOG_06','Login blocked by event trigger handler');
|
||||
define('LAN_ROLL_LOG_07','Multiple logins from same address');
|
||||
define('LAN_ROLL_LOG_08','');
|
||||
define('LAN_ROLL_LOG_08','Excessive username length');
|
||||
define('LAN_ROLL_LOG_09','');
|
||||
define('LAN_ROLL_LOG_10','');
|
||||
|
||||
|
||||
@ -4,16 +4,11 @@
|
||||
| e107 website system - Language File.
|
||||
|
|
||||
| $Source: /cvs_backup/e107_0.8/e107_languages/English/lan_login.php,v $
|
||||
| $Revision: 1.1.1.1 $
|
||||
| $Date: 2006-12-02 04:34:39 $
|
||||
| $Author: mcfly_e107 $
|
||||
| $Revision: 1.2 $
|
||||
| $Date: 2008-01-01 21:26:23 $
|
||||
| $Author: e107steved $
|
||||
+----------------------------------------------------------------------------+
|
||||
*/
|
||||
define("LAN_27", "You left required field(s) blank");
|
||||
define("LAN_300", "Incorrect login. The entered data doesn't match to a registered user. Check if you have the CAPS-LOCK key activated as logins on this site are case sensitive");
|
||||
define("LAN_302", "You have not activated your account. You should have received an email with instructions on how to confirm your account. If not, please click <a href='".e_BASE."signup.php?resend'>here</a>.");
|
||||
define("LAN_303", "Incorrect code entered.");
|
||||
define("LAN_304", "That username/password combination is already in use.");
|
||||
define("LAN_LOGIN_1", "User name");
|
||||
define("LAN_LOGIN_2", "User password");
|
||||
define("LAN_LOGIN_3", "Protected server");
|
||||
@ -27,12 +22,16 @@ define("LAN_LOGIN_10", "Click to login");
|
||||
define("LAN_LOGIN_11", "Register as a New User");
|
||||
define("LAN_LOGIN_12", "Forgot Password");
|
||||
define("LAN_LOGIN_13", "Please enter text in image");
|
||||
|
||||
define("LAN_LOGIN_14", "User attempted to login with unrecognised user name");
|
||||
define("LAN_LOGIN_15", "User attempted to login with incorrect password");
|
||||
define("LAN_LOGIN_16", "User attempted to login with username/password combination that was already in use");
|
||||
define("LAN_LOGIN_17", "User password (hashed)");
|
||||
define("LAN_LOGIN_18", "Auto-ban: More than 10 failed login attempts");
|
||||
define("LAN_LOGIN_19", "> 10 failed login attempts");
|
||||
define("LAN_LOGIN_20", "You left required field(s) blank");
|
||||
define("LAN_LOGIN_21", "Incorrect login. The entered data doesn't match to a registered user. Check if you have the CAPS-LOCK key activated as logins on this site are case sensitive");
|
||||
define("LAN_LOGIN_22", "You have not activated your account. You should have received an email with instructions on how to confirm your account. If not, please click <a href='".e_BASE."signup.php?resend'>here</a>.");
|
||||
define("LAN_LOGIN_23", "Incorrect code entered.");
|
||||
define("LAN_LOGIN_24", "That username/password combination is already in use.");
|
||||
|
||||
?>
|
||||
Loading…
x
Reference in New Issue
Block a user