From 3f912ebfff954d60d49105aa3ced23e1865fd80e Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Mon, 10 Dec 2018 11:19:52 +0100
Subject: [PATCH] FIX restore security event login/logout

---
 htdocs/core/class/events.class.php            |  4 +-
 .../interface_20_all_Logevents.class.php      |  4 +-
 htdocs/main.inc.php                           | 61 ++++++++++++++++++-
 htdocs/user/logout.php                        | 13 ++--
 4 files changed, 70 insertions(+), 12 deletions(-)

diff --git a/htdocs/core/class/events.class.php b/htdocs/core/class/events.class.php
index 78439af1134..68e029dae4b 100644
--- a/htdocs/core/class/events.class.php
+++ b/htdocs/core/class/events.class.php
@@ -76,9 +76,9 @@ class Events // extends CommonObject
 
 	// List of all Audit/Security events supported by triggers
 	public $eventstolog=array(
-		/*array('id'=>'USER_LOGIN',             'test'=>1),
+		array('id'=>'USER_LOGIN',             'test'=>1),
 		array('id'=>'USER_LOGIN_FAILED',      'test'=>1),
-	    array('id'=>'USER_LOGOUT',            'test'=>1),*/
+	    array('id'=>'USER_LOGOUT',            'test'=>1),
 		array('id'=>'USER_CREATE',            'test'=>1),
 		array('id'=>'USER_MODIFY',            'test'=>1),
 		array('id'=>'USER_NEW_PASSWORD',      'test'=>1),
diff --git a/htdocs/core/triggers/interface_20_all_Logevents.class.php b/htdocs/core/triggers/interface_20_all_Logevents.class.php
index 4d5d7e74280..b2100b806fb 100644
--- a/htdocs/core/triggers/interface_20_all_Logevents.class.php
+++ b/htdocs/core/triggers/interface_20_all_Logevents.class.php
@@ -70,7 +70,7 @@ class InterfaceLogevents extends DolibarrTriggers
         $date = dol_now();
 
         // Actions
-        /*if ($action == 'USER_LOGIN')
+        if ($action == 'USER_LOGIN')
         {
             dol_syslog("Trigger '".$this->name."' for action '$action' launched by ".__FILE__.". id=".$object->id);
 
@@ -97,7 +97,7 @@ class InterfaceLogevents extends DolibarrTriggers
             // Initialisation donnees (date,duree,texte,desc)
             $text="(UserLogoff,".$object->login.")";
             $desc="(UserLogoff,".$object->login.")";
-        }*/
+        }
         if ($action == 'USER_CREATE')
         {
             dol_syslog("Trigger '".$this->name."' for action '$action' launched by ".__FILE__.". id=".$object->id);
diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php
index 06f67a9b79f..438fff1eb15 100644
--- a/htdocs/main.inc.php
+++ b/htdocs/main.inc.php
@@ -500,6 +500,17 @@ if (! defined('NOLOGIN'))
 				$_SESSION["dol_loginmesg"]=$langs->trans("ErrorBadValueForCode");
 				$test=false;
 
+				// Call trigger for the "security events" log
+				$user->trigger_mesg='ErrorBadValueForCode - login='.GETPOST("username","alpha",2);
+				// Call of triggers
+				include_once DOL_DOCUMENT_ROOT . '/core/class/interfaces.class.php';
+				$interface=new Interfaces($db);
+				$result=$interface->run_triggers('USER_LOGIN_FAILED',$user,$user,$langs,$conf);
+				if ($result < 0) {
+					$error++;
+				}
+				// End Call of triggers
+				
 				// Hooks on failed login
 				$action='';
 				$hookmanager->initHooks(array('login'));
@@ -568,6 +579,17 @@ if (! defined('NOLOGIN'))
 				// We set a generic message if not defined inside function checkLoginPassEntity or subfunctions
 				if (empty($_SESSION["dol_loginmesg"])) $_SESSION["dol_loginmesg"]=$langs->trans("ErrorBadLoginPassword");
 
+				// Call trigger for the "security events" log
+				$user->trigger_mesg=$langs->trans("ErrorBadLoginPassword").' - login='.GETPOST("username","alpha",2);
+				// Call of triggers
+				include_once DOL_DOCUMENT_ROOT.'/core/class/interfaces.class.php';
+				$interface=new Interfaces($db);
+				$result=$interface->run_triggers('USER_LOGIN_FAILED',$user,$user,$langs,$conf,GETPOST("username","alpha",2));
+				if ($result < 0) {
+					$error++;
+				}
+				// End Call of triggers
+
 				// Hooks on failed login
 				$action='';
 				$hookmanager->initHooks(array('login'));
@@ -604,12 +626,25 @@ if (! defined('NOLOGIN'))
 				$langs->loadLangs(array('main', 'errors'));
 
 				$_SESSION["dol_loginmesg"]=$langs->trans("ErrorCantLoadUserFromDolibarrDatabase",$login);
+			
+				$user->trigger_mesg='ErrorCantLoadUserFromDolibarrDatabase - login='.$login;
 			}
 			if ($resultFetchUser < 0)
 			{
 				$_SESSION["dol_loginmesg"]=$user->error;
+				
+				$user->trigger_mesg=$user->error;
 			}
 
+			// Call triggers for the "security events" log
+			include_once DOL_DOCUMENT_ROOT . '/core/class/interfaces.class.php';
+			$interface=new Interfaces($db);
+			$result=$interface->run_triggers('USER_LOGIN_FAILED',$user,$user,$langs,$conf);
+			if ($result < 0) {
+				$error++;
+			}
+			// End call triggers
+			
 			// Hooks on failed login
 			$action='';
 			$hookmanager->initHooks(array('login'));
@@ -648,12 +683,25 @@ if (! defined('NOLOGIN'))
 				$langs->loadLangs(array('main', 'errors'));
 
 				$_SESSION["dol_loginmesg"]=$langs->trans("ErrorCantLoadUserFromDolibarrDatabase",$login);
+
+				$user->trigger_mesg='ErrorCantLoadUserFromDolibarrDatabase - login='.$login;
 			}
 			if ($resultFetchUser < 0)
 			{
 				$_SESSION["dol_loginmesg"]=$user->error;
+				
+				$user->trigger_mesg=$user->error;
 			}
 
+			// Call triggers for the "security events" log
+			include_once DOL_DOCUMENT_ROOT . '/core/class/interfaces.class.php';
+			$interface=new Interfaces($db);
+			$result=$interface->run_triggers('USER_LOGIN_FAILED',$user,$user,$langs,$conf);
+			if ($result < 0) {
+				$error++;
+			}
+			// End call triggers
+			
 			// Hooks on failed login
 			$action='';
 			$hookmanager->initHooks(array('login'));
@@ -741,6 +789,17 @@ if (! defined('NOLOGIN'))
 
 		$loginfo = 'TZ='.$_SESSION["dol_tz"].';TZString='.$_SESSION["dol_tz_string"].';Screen='.$_SESSION["dol_screenwidth"].'x'.$_SESSION["dol_screenheight"];
 
+		// Call triggers for the "security events" log
+		$user->trigger_mesg = $loginfo;
+		// Call triggers
+		include_once DOL_DOCUMENT_ROOT . '/core/class/interfaces.class.php';
+		$interface=new Interfaces($db);
+		$result=$interface->run_triggers('USER_LOGIN',$user,$user,$langs,$conf);
+		if ($result < 0) {
+			$error++;
+		}
+		// End call triggers
+		
 		// Hooks on successfull login
 		$action='';
 		$hookmanager->initHooks(array('login'));
@@ -752,7 +811,7 @@ if (! defined('NOLOGIN'))
 		{
 			$db->rollback();
 			session_destroy();
-			dol_print_error($db,'Error in some hooks afterLogin');
+			dol_print_error($db,'Error in some triggers USER_LOGIN or in some hooks afterLogin');
 			exit;
 		}
 		else
diff --git a/htdocs/user/logout.php b/htdocs/user/logout.php
index 3f53a4c67dd..668ca6fa4db 100644
--- a/htdocs/user/logout.php
+++ b/htdocs/user/logout.php
@@ -41,13 +41,12 @@ if (!empty($_SESSION["dol_authmode"]) && ($_SESSION["dol_authmode"] == 'forceuse
 
 global $conf, $langs, $user;
 
-// Appel des triggers
-// TODO @deprecated Remove this. Hook must be used, not this trigger.
-//include_once DOL_DOCUMENT_ROOT . '/core/class/interfaces.class.php';
-//$interface=new Interfaces($db);
-//$result=$interface->run_triggers('USER_LOGOUT',$user,$user,$langs,$conf);
-//if ($result < 0) { $error++; }
-// Fin appel triggers
+// Call triggers for the "security events" log
+include_once DOL_DOCUMENT_ROOT . '/core/class/interfaces.class.php';
+$interface=new Interfaces($db);
+$result=$interface->run_triggers('USER_LOGOUT',$user,$user,$langs,$conf);
+if ($result < 0) { $error++; }
+// End call triggers
 
 // Hooks on logout
 $action='';