Add a more detailed failed login message and fix CIDR login loop (#7461)

* Add a more detailed failed login message and fix CIDR login loop

* Use a column for login failure detail

* Add translations

* Fix accidental overwrite of database write result message

* Remove test data for CIDR

core/authentication/resources/classes/authentication.php

@@ -59,6 +59,9 @@ class authentication {
 		//set default return array as null
 			$result = null;
 
+		//use a login message when a login attempt fails
+			$failed_login_message = null;
+
 		//get the domain_name and domain_uuid
 			if (!isset($this->domain_name) || !isset($this->domain_uuid)) {
 				$this->get_domain();
@@ -170,13 +173,16 @@ class authentication {
 
 		//set authorized to false if any authentication method failed
 			$authorized = false;
+			$plugin_name = '';
 			if (is_array($_SESSION['authentication']['plugin'])) {
 				foreach($_SESSION['authentication']['plugin'] as $row) {
+					$plugin_name = $row['plugin'];
 					if ($row["authorized"]) {
 						$authorized = true;
 					}
 					else {
 						$authorized = false;
+						$failed_login_message = "Authentication plugin '$plugin_name' blocked login attempt";
 						break;
 					}
 				}
@@ -193,6 +199,8 @@ class authentication {
 				} else {
 					//user failed the cidr check - no longer authorized
 					$authorized = false;
+					$failed_login_message = "CIDR blocked login attempt";
+					$_SESSION['authentication']['plugin'][$name]['authorized'] = false;
 				}
 			}
 
@@ -200,8 +208,7 @@ class authentication {
 			$_SESSION['authorized'] = $authorized;
 
 		//log the attempt
-			$plugin_classname = substr($class_name, 7);
+			user_logs::add($_SESSION['authentication']['plugin'][$name], $failed_login_message);
-			user_logs::add($_SESSION['authentication']['plugin'][$plugin_classname]);
 
 		//return the result
 			return $result ?? false;
@@ -313,6 +320,9 @@ class authentication {
 			require_once $project_root . '/app/domains/resources/domains.php';
 		}
 
+		//initialize the parameters array
+		$parameters = [];
+
 		//get the user settings
 		$sql = "select * from v_user_settings ";
 		$sql .= "where domain_uuid = :domain_uuid ";
@@ -321,7 +331,6 @@ class authentication {
 		$parameters['domain_uuid'] = $result["domain_uuid"];
 		$parameters['user_uuid'] = $result["user_uuid"];
 		$user_settings = $database->select($sql, $parameters, 'all');
-		unset($sql, $parameters);
 
 		//store user settings in the session when available
 		if (is_array($user_settings)) {

core/user_logs/app_config.php

@@ -73,6 +73,11 @@
 		$apps[$x]['db'][$y]['fields'][$z]['search_by'] = 'true';
 		$apps[$x]['db'][$y]['fields'][$z]['description']['en-us'] = 'Enter the result.';
 		$z++;
+		$apps[$x]['db'][$y]['fields'][$z]['name'] = 'detail';
+		$apps[$x]['db'][$y]['fields'][$z]['type'] = 'text';
+		$apps[$x]['db'][$y]['fields'][$z]['search_by'] = '';
+		$apps[$x]['db'][$y]['fields'][$z]['description']['en-us'] = 'Details about the result.';
+		$z++;
 		$apps[$x]['db'][$y]['fields'][$z]['name'] = 'remote_address';
 		$apps[$x]['db'][$y]['fields'][$z]['type'] = 'text';
 		$apps[$x]['db'][$y]['fields'][$z]['search_by'] = 'true';

core/user_logs/app_languages.php

@@ -538,6 +538,33 @@ $text['label-location']['zh-cn'] = "地点";
 $text['label-location']['ja-jp'] = "位置";
 $text['label-location']['ko-kr'] = "위치";
 
+$text['label-detail']['en-us'] = "Detail";
+$text['label-detail']['en-gb'] = "Detail";
+$text['label-detail']['ar-eg'] = "تفصيل";
+$text['label-detail']['de-at'] = "Detail";
+$text['label-detail']['de-ch'] = "Detail";
+$text['label-detail']['de-de'] = "Detail";
+$text['label-detail']['el-gr'] = "Λεπτομέρεια";
+$text['label-detail']['es-cl'] = "Detalle";
+$text['label-detail']['es-mx'] = "Detalle";
+$text['label-detail']['fr-ca'] = "Détail";
+$text['label-detail']['fr-fr'] = "Détail";
+$text['label-detail']['he-il'] = "פרט";
+$text['label-detail']['it-it'] = "Dettaglio";
+$text['label-detail']['ka-ge'] = "დეტალი";
+$text['label-detail']['nl-nl'] = "Detail";
+$text['label-detail']['pl-pl'] = "Szczegół";
+$text['label-detail']['pt-br'] = "Detalhe";
+$text['label-detail']['pt-pt'] = "Detalhe";
+$text['label-detail']['ro-ro'] = "Detaliu";
+$text['label-detail']['ru-ru'] = "Деталь";
+$text['label-detail']['sv-se'] = "Detalj";
+$text['label-detail']['uk-ua'] = "Деталь";
+$text['label-detail']['tr-tr'] = "Detay";
+$text['label-detail']['zh-cn'] = "细节";
+$text['label-detail']['ja-jp'] = "詳細";
+$text['label-detail']['ko-kr'] = "세부";
+
 $text['description-location']['en-us'] = "Enter the location.";
 $text['description-location']['en-gb'] = "Enter the location.";
 $text['description-location']['ar-eg'] = "أدخل الموقع.";

core/user_logs/resources/classes/user_logs.php

@@ -57,7 +57,7 @@
 		/**
 		 * add user_logs
 		 */
-		public static function add($result) {
+		public static function add($result, $details = '') {
 
 			//prepare the array
 				$array = [];
@@ -76,6 +76,7 @@
 				}
 				else {
 					$array['user_logs'][0]["result"] = 'failure';
+					$array['user_logs'][0]["detail"] = $details;
 				}
 
 			//add the dialplan permission

core/user_logs/user_logs.php

@@ -39,6 +39,21 @@
 	$language = new text;
 	$text = $language->get();
 
+//set config object
+	global $config;
+	if (!($confing instanceof config)) {
+		$config = config::load();
+	}
+
+//set database object
+	global $database;
+	if (!($database instanceof database)) {
+		$database = database::new(['config' => $config]);
+	}
+//check for the new column
+	$table_prefix = database::TABLE_PREFIX;
+	$has_column_detail = $database->column_exists("{$table_prefix}user_logs", 'detail');
+
 //get the http post data
 	if (!empty($_POST['user_logs']) && is_array($_POST['user_logs'])) {
 		$action = $_POST['action'];
@@ -67,7 +82,6 @@
 		}
 
 		//prepare the database object
-		$database = new database;
 		$database->app_name = 'user_logs';
 		$database->app_uuid = '582a13cf-7d75-4ea3-b2d9-60914352d76e';
 
@@ -125,7 +139,6 @@
 		$sql .= ") ";
 		$parameters['search'] = '%'.$search.'%';
 	}
-	$database = new database;
 	$num_rows = $database->select($sql, $parameters ?? null, 'column');
 	unset($sql, $parameters);
 
@@ -139,12 +152,7 @@
 	$offset = $rows_per_page * $page;
 
 //set the time zone
-	if (isset($_SESSION['domain']['time_zone']['name'])) {
+	$time_zone = $settings->get('domain', 'time_zone', date_default_timezone_get());
-		$time_zone = $_SESSION['domain']['time_zone']['name'];
-	}
-	else {
-		$time_zone = date_default_timezone_get();
-	}
 	$parameters['time_zone'] = $time_zone;
 
 //get the list
@@ -161,6 +169,9 @@
 	$sql .= "result, ";
 	$sql .= "remote_address, ";
 	$sql .= "user_agent, ";
+	if ($has_column_detail) {
+		$sql .= "detail, ";
+	}
 	$sql .= "session_id ";
 	$sql .= "from v_user_logs as u, v_domains as d ";
 	if (permission_exists('user_log_all') && $show == 'all') {
@@ -183,7 +194,6 @@
 	$sql .= "and u.domain_uuid = d.domain_uuid ";
 	$sql .= order_by($order_by, $order, 'timestamp', 'desc');
 	$sql .= limit_offset($rows_per_page, $offset);
-	$database = new database;
 	$user_logs = $database->select($sql, $parameters ?? null, 'all');
 	unset($sql, $parameters);
 
@@ -250,6 +260,9 @@
 	echo th_order_by('username', $text['label-username'], $order_by, $order);
 	echo th_order_by('type', $text['label-type'], $order_by, $order);
 	echo th_order_by('result', $text['label-result'], $order_by, $order);
+	if ($has_column_detail) {
+		echo th_order_by('detail', $text['label-detail'], $order_by, $order);
+	}
 	echo th_order_by('remote_address', $text['label-remote_address'], $order_by, $order);
 	echo th_order_by('user_agent', $text['label-user_agent'], $order_by, $order);
 	echo "</tr>\n";
@@ -283,6 +296,9 @@
 			echo "	<td>".escape($row['username'])."</td>\n";
 			echo "	<td>".escape($row['type'])."</td>\n";
 			echo "	<td>".escape($row['result'])."</td>\n";
+			if ($has_column_detail) {
+				echo "	<td>".escape($row['detail'])."</td>\n";
+			}
 			echo "	<td>".escape($row['remote_address'])."</td>\n";
 			echo "	<td>".escape($row['user_agent'])."</td>\n";
 			echo "</tr>\n";