login-related logging etc

2025-10-10 04:24:45 +02:00 · 2008-01-01 21:26:23 +00:00
parent 8f9f596b02
commit fd22dbfb81
5 changed files with 74 additions and 59 deletions
--- a/e107_admin/admin_log.php
+++ b/e107_admin/admin_log.php
@@ -11,8 +11,8 @@
 |     GNU General Public License (http://gnu.org).
 |
 |     $Source: /cvs_backup/e107_0.8/e107_admin/admin_log.php,v $
-|     $Revision: 1.8 $
+|     $Revision: 1.9 $
-|     $Date: 2007-12-29 22:32:58 $
+|     $Date: 2008-01-01 21:26:16 $
 |     $Author: e107steved $
 |
 | Preferences:
@@ -371,7 +371,8 @@ $audit_checkboxes = array(
 	USER_AUDIT_NEW_PW 	=> RL_LAN_076,
 	USER_AUDIT_PW_RES 	=> RL_LAN_078,
 	USER_AUDIT_NEW_EML 	=> RL_LAN_077,
-	USER_AUDIT_NEW_SET 	=> RL_LAN_079
+	USER_AUDIT_NEW_SET 	=> RL_LAN_079,
 	USER_AUDIT_ADD_ADMIN => RL_LAN_080
 );
 //Uncomment once inherited user classes
@@ -391,7 +392,7 @@ $audit_checkboxes = array(
 // Uncomment once inherited userclasses		
 	$text .= "<select class='tbox' name='class_select'>\n";
-	$text .= $e_userclass->vetted_tree('user_audit_class',array($e_userclass,'select'), varset($pref['user_audit_class'],''),'force');
+	$text .= $e_userclass->vetted_tree('user_audit_class',array($e_userclass,'select'), varset($pref['user_audit_class'],''),'nobody,admin,member,classes');
 	$text .= "</select>\n";
 //	$text .= r_userclass('user_audit_class', varset($pref['user_audit_class'],''),'off','nobody,admin,user,classes');
 	$text .= "</td>
@@ -703,8 +704,8 @@ $col_fields = array('adminlog' => array('cf_datestring','dblog_type','dblog_ip',
 //		    $val = $tp->toHTML($row['dblog_title'],FALSE,'RAWTEXT,defs');
 			if (defined($val)) $val = constant($val);
 		    break;
-		  case 'dblog_username' :
+		  case 'dblog_user_name' :
-		    $val = $row['dblog_userid'] ? $row['dblog_username'] : 'Anonymous';
+		    $val = $row['dblog_user_id'] ? $row['dblog_user_name'] : LAN_ANONYMOUS;
 			break;
 		  case 'dblog_caller' :
 		    $val = $row['dblog_caller'];
--- a/e107_handlers/admin_log_class.php
+++ b/e107_handlers/admin_log_class.php
@@ -12,8 +12,8 @@
 |     GNU General Public License (http://gnu.org).
 |
 |     $Source: /cvs_backup/e107_0.8/e107_handlers/admin_log_class.php,v $
-|     $Revision: 1.7 $
+|     $Revision: 1.8 $
-|     $Date: 2007-12-29 22:07:42 $
+|     $Date: 2008-01-01 21:26:16 $
 |     $Author: e107steved $
 To do:
@@ -78,6 +78,7 @@ class e_admin_log {
 	  define('USER_AUDIT_NEW_EML',17);				// User changed email
 	  define('USER_AUDIT_PW_RES',18);				// Password reset
 	  define('USER_AUDIT_NEW_SET',19);				// User changed other settings
 	  define('USER_AUDIT_ADD_ADMIN',20);			// User added by admin
 	}
 	/**
@@ -232,7 +233,7 @@ Generic log entry point
 // $id and $u_name are left blank except for admin edits and user login, where they specify the id and login name of the 'target' user
  function user_audit($event_type, $event_data, $id = '', $u_name = '')
  {
-    global $e107, $tp;
+    global $e107, $tp, $pref;
 	list($time_usec, $time_sec) = explode(" ", microtime());		// Log event time immediately to minimise uncertainty
 	// See whether we should log this
--- a/e107_handlers/login.php
+++ b/e107_handlers/login.php
@@ -12,8 +12,8 @@
 |     GNU General Public License (http://gnu.org).
 |
 |     $Source: /cvs_backup/e107_0.8/e107_handlers/login.php,v $
-|     $Revision: 1.12 $
+|     $Revision: 1.13 $
-|     $Date: 2007-12-31 17:20:55 $
+|     $Date: 2008-01-01 21:26:16 $
 |     $Author: e107steved $
 +----------------------------------------------------------------------------+
 */
@@ -22,8 +22,10 @@ if (!defined('e107_INIT')) { exit; }
 include_lan(e_LANGUAGEDIR.e_LANGUAGE."/lan_login.php");
-class userlogin {
+class userlogin 
-	function userlogin($username, $userpass, $autologin) {
+{
 	function userlogin($username, $userpass, $autologin) 
 	{
 		/* Constructor
 		# Class called when user attempts to log in
 		#
@@ -38,40 +40,49 @@ class userlogin {
 		$username = trim($username);
 		$userpass = trim($userpass);
 		if($username == "" || $userpass == "")
-		{
+		{	// Required fields blank
-			define("LOGINMESSAGE", LAN_27."<br /><br />");
+		  define("LOGINMESSAGE", LAN_LOGIN_20."<br /><br />");
-			return FALSE;
+		  $admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"LOGIN",'LAN_ROLL_LOG_01',$username,FALSE,LOG_TO_ROLLING);
 		  return FALSE;
 		}
-	 	if(!is_object($sql)){
+	 	if(!is_object($sql)) { $sql = new db; }
 		$sql = new db;
 		}
 		$fip = $e107->getip();
 //	    $admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","User login",'IP: '.$fip,FALSE,LOG_TO_ROLLING);
-		$e107->check_ban("banlist_ip='{$fip}' ",FALSE);
+		$e107->check_ban("banlist_ip='{$fip}' ",FALSE);			// This will exit if a ban is in force
 //		if($sql -> db_Select("banlist", "*", "banlist_ip='{$fip}' ")) {	exit;}
 		$autologin = intval($autologin);
-		if ($pref['auth_method'] && $pref['auth_method'] != "e107") {
+		if ($pref['auth_method'] && $pref['auth_method'] != "e107") 
-			$auth_file = e_PLUGIN."alt_auth/".$pref['auth_method']."_auth.php";
+		{
-			if (file_exists($auth_file)) {
+		  $auth_file = e_PLUGIN."alt_auth/".$pref['auth_method']."_auth.php";
-				require_once(e_PLUGIN."alt_auth/alt_auth_login_class.php");
+		  if (file_exists($auth_file)) 
-				$result = new alt_login($pref['auth_method'], $username, $userpass);
+		  {
-			}
+			require_once(e_PLUGIN."alt_auth/alt_auth_login_class.php");
 			$result = new alt_login($pref['auth_method'], $username, $userpass);
 		  }
 		}
-		if ($pref['logcode'] && extension_loaded("gd")) {
+		if ($pref['logcode'] && extension_loaded("gd")) 
-			require_once(e_HANDLER."secure_img_handler.php");
+		{
-			$sec_img = new secure_image;
+		  require_once(e_HANDLER."secure_img_handler.php");
-			if (!$sec_img->verify_code($_POST['rand_num'], $_POST['code_verify'])) {
+		  $sec_img = new secure_image;
-				define("LOGINMESSAGE", LAN_303."<br /><br />");
+		  if (!$sec_img->verify_code($_POST['rand_num'], $_POST['code_verify'])) 
-				return FALSE;
+		  {	// Invalid code
-			}
+			define("LOGINMESSAGE", LAN_LOGIN_23."<br /><br />");
 			$admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"LOGIN",'LAN_ROLL_LOG_02','',FALSE,LOG_TO_ROLLING);
 			return FALSE;
 		  }
 		}
 		$username = preg_replace("/\sOR\s|\=|\#/", "", $username);
-		$username = substr($username, 0, 30);
+		if (strlen($username) > varset($pref['loginname_maxlength'],30))
 		{  // Error - invalid username
 		  define("LOGINMESSAGE", LAN_LOGIN_21."<br /><br />");
 		  $admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"LOGIN",'LAN_ROLL_LOG_08',$username,FALSE,LOG_TO_ROLLING);
 		  return FALSE;
 		}
 		$ouserpass = $userpass;
 		$userpass = md5($ouserpass);
@@ -81,23 +92,24 @@ class userlogin {
 			$userpass = md5(utf8_decode($ouserpass));
 		}
 //	    $admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","User login",'Doing final checks',FALSE,LOG_TO_ROLLING);
 		if (!$sql->db_Select("user", "*", "user_loginname = '".$tp -> toDB($username)."'")) 
 		{	// Invalid user
-			define("LOGINMESSAGE", LAN_300."<br /><br />");
+			define("LOGINMESSAGE", LAN_LOGIN_21."<br /><br />");
 			$sql -> db_Insert("generic", "0, 'failed_login', '".time()."', 0, '{$fip}', 0, '".LAN_LOGIN_14." ::: ".LAN_LOGIN_1.": ".$tp -> toDB($username)."'");
 			$admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"LOGIN",'LAN_ROLL_LOG_04',$username,FALSE,LOG_TO_ROLLING);
 			$this -> checkibr($fip);
 			return FALSE;
 		}
 		else if(!$sql->db_Select("user", "*", "user_loginname = '".$tp -> toDB($username)."' AND user_password = '{$userpass}'")) 
 		{	// Invalid user/password combination
-			define("LOGINMESSAGE", LAN_300."<br /><br />");
+			define("LOGINMESSAGE", LAN_LOGIN_21."<br /><br />");
 			$admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"LOGIN",'LAN_ROLL_LOG_03',$username,FALSE,LOG_TO_ROLLING);
 			return FALSE;
 		}
 		else if(!$sql->db_Select("user", "*", "user_loginname = '".$tp -> toDB($username)."' AND user_password = '{$userpass}' AND user_ban!=2 ")) 
-		{	// Banned user
+		{	// User not fully signed up - hasn't activated account
-		  define("LOGINMESSAGE", LAN_302."<br /><br />");
+		  define("LOGINMESSAGE", LAN_LOGIN_22."<br /><br />");
-//		  $admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","User login",'User is banned: '.$tp -> toDB($username),FALSE,LOG_TO_ROLLING);
+		  $admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"LOGIN",'LAN_ROLL_LOG_05',$username,FALSE,LOG_TO_ROLLING);
 		  $sql -> db_Insert("generic", "0, 'failed_login', '".time()."', 0, '{$fip}', 0, '".LAN_LOGIN_15." ::: ".LAN_LOGIN_1.": ".$tp -> toDB($username)."'");
 		  $this -> checkibr($fip);
 		  return FALSE;
@@ -109,11 +121,13 @@ class userlogin {
 		  if ($ret!='') 
 		  {
 			define("LOGINMESSAGE", $ret."<br /><br />");
 			$admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"LOGIN",'LAN_ROLL_LOG_06',$username,FALSE,LOG_TO_ROLLING);
 			return FALSE;
 		  } 
 		  else 
 		  {	// Trigger events happy as well
 			$lode = $sql -> db_Fetch();		// Get user info
 			$lode['user_perms'] = trim($lode['user_perms']);
 			$user_id = $lode['user_id'];
 			$user_name = $lode['user_name'];
 			$user_xup = $lode['user_xup'];
@@ -123,12 +137,13 @@ class userlogin {
 			{
 			  if($sql -> db_Select("online", "online_ip", "online_user_id='".$user_id.".".$user_name."'")) 
 			  {
-				define("LOGINMESSAGE", LAN_304."<br /><br />");
+				define("LOGINMESSAGE", LAN_LOGIN_24."<br /><br />");
-				$sql -> db_Insert("generic", "0, 'failed_login', '".time()."', 0, '$fip', '$user_id', '".LAN_LOGIN_16." ::: ".LAN_LOGIN_1.": ".$tp -> toDB($username).", ".LAN_LOGIN_17.": ".md5($ouserpass)."' ");
+				$admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"LOGIN",'LAN_ROLL_LOG_07',"U: {$username} IP: {$fip}",FALSE,LOG_TO_ROLLING);
 				$sql -> db_Insert("generic", "0, 'failed_login', '".time()."', 0, '{$fip}', '{$user_id}', '".LAN_LOGIN_16." ::: ".LAN_LOGIN_1.": ".$tp -> toDB($username).", ".LAN_LOGIN_17.": ".md5($ouserpass)."' ");
 				$this -> checkibr($fip);
 				return FALSE;
 				}
 			  }
 			}
 			  $cookieval = $user_id.".".md5($userpass);
 			  if($user_xup) 
@@ -143,7 +158,7 @@ class userlogin {
 			  else 
 			  {
 				if ($autologin == 1) 
-				{
+				{	// Cookie valid for up to 30 days
 				  cookie($pref['cookie_name'], $cookieval, (time() + 3600 * 24 * 30));
 				} 
 				else 
@@ -156,6 +171,7 @@ class userlogin {
 			  // Calculate class membership - needed for a couple of things
 			  // Problem is that USERCLASS_LIST just contains 'guest' and 'everyone' at this point
 			  $class_list = explode(',',$lode['user_class']);
 			  if ($lode['user_admin'] && strlen($lode['user_perms']))
 			  {
@@ -174,7 +190,7 @@ class userlogin {
 			    $admin_log->user_audit(USER_AUDIT_LOGIN,'', $user_id,$user_name);
 			  }
-			  $edata_li = array("user_id" => $user_id, "user_name" => $username, 'class_list' => implode(',',$class_list));
+			  $edata_li = array("user_id" => $user_id, "user_name" => $username, 'class_list' => implode(',',$class_list), 'remember_me' => $autologin);
 			  $e_event->trigger("login", $edata_li);
 			  $redir = (e_QUERY ? e_SELF."?".e_QUERY : e_SELF);
@@ -182,8 +198,6 @@ class userlogin {
 				if (isset($pref['frontpage_force']) && is_array($pref['frontpage_force'])) 
 				{	// See if we're to force a page immediately following login - assumes $pref['frontpage_force'] is an ordered list of rules
 					// Problem is that USERCLASS_LIST just contains 'guest' and 'everyone' at this point
 				  $lode['user_perms'] = trim($lode['user_perms']);
 //				  $log_info = "New user: ".$lode['user_name']."  Class: ".$lode['user_class']."  Admin: ".$lode['user_admin']."  Perms: ".$lode['user_perms'];
 //				  $admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","Login Start",$log_info,FALSE,FALSE);
 //				  $admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","New User class",implode(',',$class_list),FALSE,FALSE);
@@ -222,7 +236,7 @@ class userlogin {
 		{
 		  $e107->add_ban(4,LAN_LOGIN_18,$fip,1);
 //				$sql -> db_Insert("banlist", "'$fip', '1', '".LAN_LOGIN_18."' ");
-		  $sql -> db_Insert("generic", "0, 'auto_banned', '".time()."', 0, '$fip', '$user_id', '".LAN_LOGIN_20.": ".$tp -> toDB($username).", ".LAN_LOGIN_17.": ".md5($ouserpass)."' ");
+		  $sql -> db_Insert("generic", "0, 'auto_banned', '".time()."', 0, '{$fip}', '{$user_id}', '".LAN_LOGIN_20.": ".$tp -> toDB($username).", ".LAN_LOGIN_17.": ".md5($ouserpass)."' ");
 		}
 	  }
 	}
--- a/e107_languages/English/admin/lan_log_messages.php
+++ b/e107_languages/English/admin/lan_log_messages.php
@@ -1,6 +1,6 @@
 <?php
 // e107 Language File.
-// $Id: lan_log_messages.php,v 1.6 2008-01-01 18:18:12 e107steved Exp $
+// $Id: lan_log_messages.php,v 1.7 2008-01-01 21:26:23 e107steved Exp $
 /*
 The definitions in this file are for standard 'explanatory' messages which might be entered
@@ -91,7 +91,7 @@ define('LAN_ROLL_LOG_04','Invalid username entered');
 define('LAN_ROLL_LOG_05','Login attempt by user not fully signed up');
 define('LAN_ROLL_LOG_06','Login blocked by event trigger handler');
 define('LAN_ROLL_LOG_07','Multiple logins from same address');
-define('LAN_ROLL_LOG_08','');
+define('LAN_ROLL_LOG_08','Excessive username length');
 define('LAN_ROLL_LOG_09','');
 define('LAN_ROLL_LOG_10','');
--- a/e107_languages/English/lan_login.php
+++ b/e107_languages/English/lan_login.php
@@ -4,16 +4,11 @@
 |     e107 website system - Language File.
 |
 |     $Source: /cvs_backup/e107_0.8/e107_languages/English/lan_login.php,v $
-|     $Revision: 1.1.1.1 $
+|     $Revision: 1.2 $
-|     $Date: 2006-12-02 04:34:39 $
+|     $Date: 2008-01-01 21:26:23 $
-|     $Author: mcfly_e107 $
+|     $Author: e107steved $
 +----------------------------------------------------------------------------+
 */
 define("LAN_27", "You left required field(s) blank");
 define("LAN_300", "Incorrect login. The entered data doesn't match to a registered user. Check if you have the CAPS-LOCK key activated as logins on this site are case sensitive");
 define("LAN_302", "You have not activated your account. You should have received an email with instructions on how to confirm your account. If not, please click <a href='".e_BASE."signup.php?resend'>here</a>.");
 define("LAN_303", "Incorrect code entered.");
 define("LAN_304", "That username/password combination is already in use.");
 define("LAN_LOGIN_1", "User name");
 define("LAN_LOGIN_2", "User password");
 define("LAN_LOGIN_3", "Protected server");
@@ -27,12 +22,16 @@ define("LAN_LOGIN_10", "Click to login");
 define("LAN_LOGIN_11", "Register as a New User");
 define("LAN_LOGIN_12", "Forgot Password");
 define("LAN_LOGIN_13", "Please enter text in image");
 define("LAN_LOGIN_14", "User attempted to login with unrecognised user name");
 define("LAN_LOGIN_15", "User attempted to login with incorrect password");
 define("LAN_LOGIN_16", "User attempted to login with username/password combination that was already in use");
 define("LAN_LOGIN_17", "User password (hashed)");
 define("LAN_LOGIN_18", "Auto-ban: More than 10 failed login attempts");
 define("LAN_LOGIN_19", "> 10 failed login attempts");
 define("LAN_LOGIN_20", "You left required field(s) blank");
 define("LAN_LOGIN_21", "Incorrect login. The entered data doesn't match to a registered user. Check if you have the CAPS-LOCK key activated as logins on this site are case sensitive");
 define("LAN_LOGIN_22", "You have not activated your account. You should have received an email with instructions on how to confirm your account. If not, please click <a href='".e_BASE."signup.php?resend'>here</a>.");
 define("LAN_LOGIN_23", "Incorrect code entered.");
 define("LAN_LOGIN_24", "That username/password combination is already in use.");
 ?>