forked from Business/AccountHub
Add more details to logging
This commit is contained in:
parent
5929d13147
commit
2a9ad78477
38
api.php
38
api.php
@ -15,19 +15,36 @@ header("Content-Type: application/json");
|
||||
$key = $VARS['key'];
|
||||
if ($database->has('apikeys', ['key' => $key]) !== TRUE) {
|
||||
header("HTTP/1.1 403 Unauthorized");
|
||||
insertAuthLog(14, null, "Key: " . $key);
|
||||
die("\"403 Unauthorized\"");
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the API key with most of the characters replaced with *s.
|
||||
* @global string $key
|
||||
* @return string
|
||||
*/
|
||||
function getCensoredKey() {
|
||||
global $key;
|
||||
$resp = $key;
|
||||
if (strlen($key) > 5) {
|
||||
for ($i = 2; $i < strlen($key) - 2; $i++) {
|
||||
$resp[$i] = "*";
|
||||
}
|
||||
}
|
||||
return $resp;
|
||||
}
|
||||
|
||||
switch ($VARS['action']) {
|
||||
case "ping":
|
||||
exit(json_encode(["status" => "OK"]));
|
||||
break;
|
||||
case "auth":
|
||||
if (authenticate_user($VARS['username'], $VARS['password'])) {
|
||||
insertAuthLog(12);
|
||||
insertAuthLog(12, null, "Username: " . $VARS['username'] . ", Key: " . getCensoredKey());
|
||||
exit(json_encode(["status" => "OK", "msg" => lang("login successful", false)]));
|
||||
} else {
|
||||
insertAuthLog(13);
|
||||
insertAuthLog(13, null, "Username: " . $VARS['username'] . ", Key: " . getCensoredKey());
|
||||
exit(json_encode(["status" => "ERROR", "msg" => lang("login incorrect", false)]));
|
||||
}
|
||||
break;
|
||||
@ -57,7 +74,7 @@ switch ($VARS['action']) {
|
||||
if (verifyTOTP($VARS['username'], $VARS['code'])) {
|
||||
exit(json_encode(["status" => "OK", "valid" => true]));
|
||||
} else {
|
||||
insertAuthLog(7);
|
||||
insertAuthLog(7, null, "Username: " . $VARS['username'] . ", Key: " . getCensoredKey());
|
||||
exit(json_encode(["status" => "ERROR", "msg" => lang("2fa incorrect", false), "valid" => false]));
|
||||
}
|
||||
break;
|
||||
@ -66,29 +83,30 @@ switch ($VARS['action']) {
|
||||
case "login":
|
||||
// simulate a login, checking account status and alerts
|
||||
if (authenticate_user($VARS['username'], $VARS['password'])) {
|
||||
$uid = $database->select('accounts', 'uid', ['username' => $VARS['username']])[0];
|
||||
switch (get_account_status($VARS['username'])) {
|
||||
case "LOCKED_OR_DISABLED":
|
||||
insertAuthLog(5);
|
||||
insertAuthLog(5, $uid, "Username: " . $VARS['username'] . ", Key: " . getCensoredKey());
|
||||
exit(json_encode(["status" => "ERROR", "msg" => lang("account locked", false)]));
|
||||
case "TERMINATED":
|
||||
insertAuthLog(5);
|
||||
insertAuthLog(5, $uid, "Username: " . $VARS['username'] . ", Key: " . getCensoredKey());
|
||||
exit(json_encode(["status" => "ERROR", "msg" => lang("account terminated", false)]));
|
||||
case "CHANGE_PASSWORD":
|
||||
insertAuthLog(5);
|
||||
insertAuthLog(5, $uid, "Username: " . $VARS['username'] . ", Key: " . getCensoredKey());
|
||||
exit(json_encode(["status" => "ERROR", "msg" => lang("password expired", false)]));
|
||||
case "NORMAL":
|
||||
insertAuthLog(4);
|
||||
insertAuthLog(4, $uid, "Username: " . $VARS['username'] . ", Key: " . getCensoredKey());
|
||||
exit(json_encode(["status" => "OK"]));
|
||||
case "ALERT_ON_ACCESS":
|
||||
sendLoginAlertEmail($VARS['username']);
|
||||
insertAuthLog(4);
|
||||
insertAuthLog(4, $uid, "Username: " . $VARS['username'] . ", Key: " . getCensoredKey());
|
||||
exit(json_encode(["status" => "OK", "alert" => true]));
|
||||
default:
|
||||
insertAuthLog(5);
|
||||
insertAuthLog(5, $uid, "Username: " . $VARS['username'] . ", Key: " . getCensoredKey());
|
||||
exit(json_encode(["status" => "ERROR", "msg" => lang("account state error", false)]));
|
||||
}
|
||||
} else {
|
||||
insertAuthLog(5);
|
||||
insertAuthLog(5, null, "Username: " . $VARS['username'] . ", Key: " . getCensoredKey());
|
||||
exit(json_encode(["status" => "ERROR", "msg" => lang("login incorrect", false)]));
|
||||
}
|
||||
break;
|
||||
|
BIN
database.mwb
BIN
database.mwb
Binary file not shown.
@ -38,11 +38,11 @@ if ($VARS['progress'] == "1") {
|
||||
}
|
||||
} else {
|
||||
$alert = lang("login incorrect", false);
|
||||
insertAuthLog(2);
|
||||
insertAuthLog(2, null, "Username: ".$VARS['username']);
|
||||
}
|
||||
} else {
|
||||
$alert = lang("captcha error", false);
|
||||
insertAuthLog(8);
|
||||
insertAuthLog(8, null, "Username: ".$VARS['username']);
|
||||
}
|
||||
} else if ($VARS['progress'] == "2") {
|
||||
if (verifyTOTP($VARS['username'], $VARS['authcode'])) {
|
||||
@ -52,7 +52,7 @@ if ($VARS['progress'] == "1") {
|
||||
die("Logged in, go to home.php");
|
||||
} else {
|
||||
$alert = lang("2fa incorrect", false);
|
||||
insertAuthLog(6);
|
||||
insertAuthLog(6, null, "Username: ".$VARS['username']);
|
||||
}
|
||||
}
|
||||
?>
|
||||
|
@ -183,8 +183,9 @@ function sendLoginAlertEmail($username) {
|
||||
// TODO: add email code
|
||||
}
|
||||
|
||||
function insertAuthLog($type, $uid = null) {
|
||||
function insertAuthLog($type, $uid = null, $data = "") {
|
||||
global $database;
|
||||
// find IP address
|
||||
$ip = "";
|
||||
if (isset($_SERVER["HTTP_CF_CONNECTING_IP"])) {
|
||||
$ip = $_SERVER["HTTP_CF_CONNECTING_IP"];
|
||||
@ -203,7 +204,7 @@ function insertAuthLog($type, $uid = null) {
|
||||
} else {
|
||||
$ip = "NOT FOUND";
|
||||
}
|
||||
$database->insert("authlog", ['#logtime' => 'NOW()', 'logtype' => $type, 'uid' => $uid, 'ip' => $ip]);
|
||||
$database->insert("authlog", ['#logtime' => 'NOW()', 'logtype' => $type, 'uid' => $uid, 'ip' => $ip, 'otherdata' => $data]);
|
||||
}
|
||||
|
||||
function verifyReCaptcha($response) {
|
||||
|
Loading…
x
Reference in New Issue
Block a user