lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

FIX restore security event login/logout

Browse Source
This commit is contained in:
Laurent Destailleur 2018-12-10 11:19:52 +01:00
parent cf74e5b9a8
commit 3f912ebfff
4 changed files with 70 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
htdocs/core/class/events.class.php
View File

@ -76,9 +76,9 @@ class Events // extends CommonObject
// List of all Audit/Security events supported by triggers
public $eventstolog=array(
/*array('id'=>'USER_LOGIN', 'test'=>1),
array('id'=>'USER_LOGIN', 'test'=>1),
array('id'=>'USER_LOGIN_FAILED', 'test'=>1),
array('id'=>'USER_LOGOUT', 'test'=>1),*/
array('id'=>'USER_LOGOUT', 'test'=>1),
array('id'=>'USER_CREATE', 'test'=>1),
array('id'=>'USER_MODIFY', 'test'=>1),
array('id'=>'USER_NEW_PASSWORD', 'test'=>1),

4
htdocs/core/triggers/interface_20_all_Logevents.class.php
View File

@ -70,7 +70,7 @@ class InterfaceLogevents extends DolibarrTriggers
$date = dol_now();
// Actions
/*if ($action == 'USER_LOGIN')
if ($action == 'USER_LOGIN')
{
dol_syslog("Trigger '".$this->name."' for action '$action' launched by ".__FILE__.". id=".$object->id);
@ -97,7 +97,7 @@ class InterfaceLogevents extends DolibarrTriggers
// Initialisation donnees (date,duree,texte,desc)
$text="(UserLogoff,".$object->login.")";
$desc="(UserLogoff,".$object->login.")";
}*/
}
if ($action == 'USER_CREATE')
{
dol_syslog("Trigger '".$this->name."' for action '$action' launched by ".__FILE__.". id=".$object->id);

61
htdocs/main.inc.php
View File

@ -500,6 +500,17 @@ if (! defined('NOLOGIN'))
$_SESSION["dol_loginmesg"]=$langs->trans("ErrorBadValueForCode");
$test=false;
// Call trigger for the "security events" log
$user->trigger_mesg='ErrorBadValueForCode - login='.GETPOST("username","alpha",2);
// Call of triggers
include_once DOL_DOCUMENT_ROOT . '/core/class/interfaces.class.php';
$interface=new Interfaces($db);
$result=$interface->run_triggers('USER_LOGIN_FAILED',$user,$user,$langs,$conf);
if ($result < 0) {
$error++;
}
// End Call of triggers
// Hooks on failed login
$action='';
$hookmanager->initHooks(array('login'));
@ -568,6 +579,17 @@ if (! defined('NOLOGIN'))
// We set a generic message if not defined inside function checkLoginPassEntity or subfunctions
if (empty($_SESSION["dol_loginmesg"])) $_SESSION["dol_loginmesg"]=$langs->trans("ErrorBadLoginPassword");
// Call trigger for the "security events" log
$user->trigger_mesg=$langs->trans("ErrorBadLoginPassword").' - login='.GETPOST("username","alpha",2);
// Call of triggers
include_once DOL_DOCUMENT_ROOT.'/core/class/interfaces.class.php';
$interface=new Interfaces($db);
$result=$interface->run_triggers('USER_LOGIN_FAILED',$user,$user,$langs,$conf,GETPOST("username","alpha",2));
if ($result < 0) {
$error++;
}
// End Call of triggers
// Hooks on failed login
$action='';
$hookmanager->initHooks(array('login'));
@ -604,12 +626,25 @@ if (! defined('NOLOGIN'))
$langs->loadLangs(array('main', 'errors'));
$_SESSION["dol_loginmesg"]=$langs->trans("ErrorCantLoadUserFromDolibarrDatabase",$login);
$user->trigger_mesg='ErrorCantLoadUserFromDolibarrDatabase - login='.$login;
}
if ($resultFetchUser < 0)
{
$_SESSION["dol_loginmesg"]=$user->error;
$user->trigger_mesg=$user->error;
}
// Call triggers for the "security events" log
include_once DOL_DOCUMENT_ROOT . '/core/class/interfaces.class.php';
$interface=new Interfaces($db);
$result=$interface->run_triggers('USER_LOGIN_FAILED',$user,$user,$langs,$conf);
if ($result < 0) {
$error++;
}
// End call triggers
// Hooks on failed login
$action='';
$hookmanager->initHooks(array('login'));
@ -648,12 +683,25 @@ if (! defined('NOLOGIN'))
$langs->loadLangs(array('main', 'errors'));
$_SESSION["dol_loginmesg"]=$langs->trans("ErrorCantLoadUserFromDolibarrDatabase",$login);
$user->trigger_mesg='ErrorCantLoadUserFromDolibarrDatabase - login='.$login;
}
if ($resultFetchUser < 0)
{
$_SESSION["dol_loginmesg"]=$user->error;
$user->trigger_mesg=$user->error;
}
// Call triggers for the "security events" log
include_once DOL_DOCUMENT_ROOT . '/core/class/interfaces.class.php';
$interface=new Interfaces($db);
$result=$interface->run_triggers('USER_LOGIN_FAILED',$user,$user,$langs,$conf);
if ($result < 0) {
$error++;
}
// End call triggers
// Hooks on failed login
$action='';
$hookmanager->initHooks(array('login'));
@ -741,6 +789,17 @@ if (! defined('NOLOGIN'))
$loginfo = 'TZ='.$_SESSION["dol_tz"].';TZString='.$_SESSION["dol_tz_string"].';Screen='.$_SESSION["dol_screenwidth"].'x'.$_SESSION["dol_screenheight"];
// Call triggers for the "security events" log
$user->trigger_mesg = $loginfo;
// Call triggers
include_once DOL_DOCUMENT_ROOT . '/core/class/interfaces.class.php';
$interface=new Interfaces($db);
$result=$interface->run_triggers('USER_LOGIN',$user,$user,$langs,$conf);
if ($result < 0) {
$error++;
}
// End call triggers
// Hooks on successfull login
$action='';
$hookmanager->initHooks(array('login'));
@ -752,7 +811,7 @@ if (! defined('NOLOGIN'))
{
$db->rollback();
session_destroy();
dol_print_error($db,'Error in some hooks afterLogin');
dol_print_error($db,'Error in some triggers USER_LOGIN or in some hooks afterLogin');
exit;
}
else

13
htdocs/user/logout.php
View File

@ -41,13 +41,12 @@ if (!empty($_SESSION["dol_authmode"]) && ($_SESSION["dol_authmode"] == 'forceuse
global $conf, $langs, $user;
// Appel des triggers
// TODO @deprecated Remove this. Hook must be used, not this trigger.
//include_once DOL_DOCUMENT_ROOT . '/core/class/interfaces.class.php';
//$interface=new Interfaces($db);
//$result=$interface->run_triggers('USER_LOGOUT',$user,$user,$langs,$conf);
//if ($result < 0) { $error++; }
// Fin appel triggers
// Call triggers for the "security events" log
include_once DOL_DOCUMENT_ROOT . '/core/class/interfaces.class.php';
$interface=new Interfaces($db);
$result=$interface->run_triggers('USER_LOGOUT',$user,$user,$langs,$conf);
if ($result < 0) { $error++; }
// End call triggers
// Hooks on logout
$action='';