From a99621bc6b0d481820898f36839f7f8e948802e1 Mon Sep 17 00:00:00 2001 From: "SWG: Resurgence" <52303455+swgresurgence@users.noreply.github.com> Date: Fri, 6 Sep 2019 09:52:23 -0500 Subject: [PATCH 1/3] Added Auth Log Functions. - Added section organization. - Added definitions for IP Addresses and Station ID's - Added Content for Auth Logs. --- html/auth.php | 40 +++++++++++++++++++++++++++++++++++++++- 1 file changed, 39 insertions(+), 1 deletion(-) diff --git a/html/auth.php b/html/auth.php index a3762ce..7b67860 100644 --- a/html/auth.php +++ b/html/auth.php @@ -1,6 +1,19 @@ query("SELECT * FROM user_account WHERE username = '$username'") or die(mysql_error()); @@ -24,12 +37,23 @@ function checkhashSSHA($salt, $password) { return $hash; } +// ####################################################################### +// ######################### POST GET ITEMS ############################## +// ####################################################################### + $username = $mysqli->real_escape_string($_POST['user_name']); $password = $mysqli->real_escape_string($_POST['user_password']); +$ip = urldecode($_POST['ip']); +$suid = urldecode($_POST['stationID']); $user = getUserByEmailAndPassword($username, $password); + +// ####################################################################### +// ####################### FINAL GET ID ################################## +// ####################################################################### + if ($user != false) { if($user['accesslevel'] == "banned") { - $response['message'] = "Account banned"; + $response['message'] = "Your account has been banned. For further information regarding the ban of your account or to submit a Ban Appeal, contact a member of CSR Staff."; } else { $response['message'] = "success"; } @@ -38,4 +62,18 @@ else { $response['message'] = "Account does not exist or password was incorrect"; } echo json_encode($response); + +// ####################################################################### +// ####################### AUTHENTICATION LOGS ########################### +// ####################################################################### + +$auth_content = '[' . date('m/d/Y h:i:s a') . '] ' . 'Username: ' . $username . ', Station ID: ' . $suid . ', IP: ' . $ip . "\n"; +chdir('WEBHOST_DIRECTORY_FOR_LOG_FILE '); +file_put_contents('logs/auth_log.txt', $auth_content, FILE_APPEND); +echo $result; +die(); + +// ####################################################################### +// ####################### END OF FILE ################################### +// ####################################################################### ?> From 39130d878f8f5b37231b9d2af31fe0093a783cd7 Mon Sep 17 00:00:00 2001 From: "SWG: Resurgence" <52303455+swgresurgence@users.noreply.github.com> Date: Fri, 6 Sep 2019 19:34:16 -0500 Subject: [PATCH 2/3] Removed Redundant Echo --- html/auth.php | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/html/auth.php b/html/auth.php index 7b67860..f6d4cc2 100644 --- a/html/auth.php +++ b/html/auth.php @@ -5,7 +5,7 @@ header('Content-Type: text/html; charset=utf-8'); // ####################### SET PHP ENVIRONMENT ########################### // ####################################################################### -ini_set('display_errors', 1); +#ini_set('display_errors', 1); date_default_timezone_set('America/Chicago'); include 'includes/db_connect.php'; @@ -68,9 +68,8 @@ echo json_encode($response); // ####################################################################### $auth_content = '[' . date('m/d/Y h:i:s a') . '] ' . 'Username: ' . $username . ', Station ID: ' . $suid . ', IP: ' . $ip . "\n"; -chdir('WEBHOST_DIRECTORY_FOR_LOG_FILE '); +chdir('./logs'); file_put_contents('logs/auth_log.txt', $auth_content, FILE_APPEND); -echo $result; die(); // ####################################################################### From 1cfcb52db3ec9d4a58699e074ee4d0feecfa9491 Mon Sep 17 00:00:00 2001 From: Tekaoh <45337851+Tekaoh@users.noreply.github.com> Date: Fri, 6 Sep 2019 20:05:27 -0500 Subject: [PATCH 3/3] Disable logging by default and add an explanation --- html/auth.php | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/html/auth.php b/html/auth.php index f6d4cc2..3cf4d13 100644 --- a/html/auth.php +++ b/html/auth.php @@ -68,8 +68,13 @@ echo json_encode($response); // ####################################################################### $auth_content = '[' . date('m/d/Y h:i:s a') . '] ' . 'Username: ' . $username . ', Station ID: ' . $suid . ', IP: ' . $ip . "\n"; -chdir('./logs'); -file_put_contents('logs/auth_log.txt', $auth_content, FILE_APPEND); + +// To enable logging, give the chdir function the absolute path to your webroot directory and uncomment the following two lines. +// Also make sure that your apache2 user owns the webroot directory and has write permissions. + +#chdir('WEBROOT_DIRECTORY_GOES_HERE'); // If you're running VM 2.1, chdir should be /srv/www/htdocs +#file_put_contents('logs/auth_log.txt', $auth_content, FILE_APPEND); + die(); // #######################################################################