janis/ma
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

adding logging

Browse Source
This commit is contained in:
jakani24
2024-06-08 20:20:27 +02:00
parent e9e7340e96
commit 444e56d675
13 changed files with 26 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/server/cyberhex-code/system/insecure_zone/php/2fa.php
View File

@@ -59,12 +59,13 @@ include "../../../api/php/notifications/sendmessage.php"; //to send user notific
if($pin==$_SESSION["pin"]) if($pin==$_SESSION["pin"])
{ {
$_SESSION["login"]=true; $_SESSION["login"]=true;
log_action("LOGIN::2fa::SUCCESS","User ".$_SESSION["username"]." logged in with second factor.",$_SESSION["id"]);
if($_SESSION["send_login_message"]=="1"){ if($_SESSION["send_login_message"]=="1"){
$ip = $_SERVER['REMOTE_ADDR']; $ip = $_SERVER['REMOTE_ADDR'];
$username=$_SESSION["username"]; $username=$_SESSION["username"];
send_to_user("[LOGIN WARNING]\nHello $username\nSomebody has logged into Cyberhex with your account.\nIf this was you, you can ignore this message. Else please take steps to secure your account!\nIP: $ip\n",$username); send_to_user("[LOGIN WARNING]\nHello $username\nSomebody has logged into Cyberhex with your account.\nIf this was you, you can ignore this message. Else please take steps to secure your account!\nIP: $ip\n",$username);
echo '<script>window.location.href = "/system/secure_zone/php/index.php";</script>';
} }
echo '<script>window.location.href = "/system/secure_zone/php/index.php";</script>';
}else { }else {
$pin=mt_rand(100000, 999999); $pin=mt_rand(100000, 999999);
$_SESSION["pin"]=$pin; $_SESSION["pin"]=$pin;

1
src/server/cyberhex-code/system/insecure_zone/php/add_user_passkey.php
View File

@@ -174,6 +174,7 @@ try {
$return->msg = $msg; $return->msg = $msg;
header('Content-Type: application/json'); header('Content-Type: application/json');
print(json_encode($return)); print(json_encode($return));
log_action("PASSWD::PASSKEY::ADD","User ".$_SESSION["username"]." added a passkey.",$_SESSION["id"]);
} }
} catch (Throwable $ex) { } catch (Throwable $ex) {

2
src/server/cyberhex-code/system/insecure_zone/php/login.php
View File

@@ -331,6 +331,7 @@ async function checkRegistration() {
} }
exit(); exit();
} else { } else {
log_action("LOGIN::FAILURE","User ".$username." entered wrong password.",0);
echo '<div class="alert alert-danger" role="alert"> echo '<div class="alert alert-danger" role="alert">
Incorrect username or password. Incorrect username or password.
</div>'; </div>';
@@ -342,6 +343,7 @@ async function checkRegistration() {
</div>'; </div>';
} }
} else { } else {
log_action("LOGIN::FAILURE","User ".$username." entered unknown username.",0);
echo '<div class="alert alert-danger" role="alert"> echo '<div class="alert alert-danger" role="alert">
Incorrect username or password. Incorrect username or password.
</div>'; </div>';

1
src/server/cyberhex-code/system/insecure_zone/php/login_backend.php
View File

@@ -195,6 +195,7 @@ try {
//send the user to 2fa auth page //send the user to 2fa auth page
$return->msg="send_to_2fa"; $return->msg="send_to_2fa";
}else{ }else{
log_action("LOGIN::SUCCESS","User ".$_SESSION["username"]." logged in with passkey.",$_SESSION["id"]);
if($_SESSION["send_login_message"]=="1"){ if($_SESSION["send_login_message"]=="1"){
$ip = $_SERVER['REMOTE_ADDR']; $ip = $_SERVER['REMOTE_ADDR'];
$username=$row["username"]; $username=$row["username"];

1
src/server/cyberhex-code/system/secure_zone/php/add_user.php
View File

@@ -171,6 +171,7 @@ include "perms_functions.php";
echo '<div class="alert alert-success" role="alert"> echo '<div class="alert alert-success" role="alert">
User added successfully! User added successfully!
</div>'; </div>';
log_action("USER::ADD::SUCCESS","User ".$_SESSION["username"]." added another user ($username).",$_SESSION["id"]);
} }
}elseif($block==1){ }elseif($block==1){
echo '<div class="alert alert-danger" role="alert"> echo '<div class="alert alert-danger" role="alert">

3
src/server/cyberhex-code/system/secure_zone/php/client_settings.php
View File

@@ -37,12 +37,15 @@ if ($conn->connect_error) {
include "client_settings_functions.php"; include "client_settings_functions.php";
if(isset($_GET["update"])){ if(isset($_GET["update"])){
safe_settings(); safe_settings();
log_action("CLIENT_SETTINGS::UPDATE::SUCCESS","User ".$_SESSION["username"]." updated some client settings.",$_SESSION["id"]);
} }
if(isset($_GET["delete"])){ if(isset($_GET["delete"])){
delete_item($_GET["db"],$_GET["delete"]); delete_item($_GET["db"],$_GET["delete"]);
log_action("CLIENT_SETTINGS::DELETE::SUCCESS","User ".$_SESSION["username"]." deleted some client settings.",$_SESSION["id"]);
} }
if(isset($_GET["add"])){ if(isset($_GET["add"])){
add_item($_GET["add"],$_GET["value"],$_GET["field"]); add_item($_GET["add"],$_GET["value"],$_GET["field"]);
log_action("CLIENT_SETTINGS::ADD::SUCCESS","User ".$_SESSION["username"]." added some client settings.",$_SESSION["id"]);
} }
load_settings(); load_settings();

3
src/server/cyberhex-code/system/secure_zone/php/database_settings.php
View File

@@ -99,12 +99,15 @@ async function add_item(db,element_id1,field1,element_id2,field2){ //we have two
include "database_settings_functions.php"; include "database_settings_functions.php";
if(isset($_GET["update"])){ if(isset($_GET["update"])){
safe_settings($_GET["db"]); safe_settings($_GET["db"]);
log_action("DB_SETTINGS::UPDATE::SUCCESS","User ".$_SESSION["username"]." updated the database settings.",$_SESSION["id"]);
} }
if(isset($_GET["delete"])){ if(isset($_GET["delete"])){
delete_item($_GET["db"],$_GET["delete"]); delete_item($_GET["db"],$_GET["delete"]);
log_action("DB_SETTINGS::DELETE::SUCCESS","User ".$_SESSION["username"]." deleted some database settings.",$_SESSION["id"]);
} }
if(isset($_GET["add"])){ if(isset($_GET["add"])){
add_item($_GET["add"],$_GET["value1"],$_GET["field1"],$_GET["value2"],$_GET["field2"]); add_item($_GET["add"],$_GET["value1"],$_GET["field1"],$_GET["value2"],$_GET["field2"]);
log_action("DB_SETTINGS::ADD::SUCCESS","User ".$_SESSION["username"]." added some database settings.",$_SESSION["id"]);
} }
?> ?>
<div class="container mt-5"> <div class="container mt-5">

2
src/server/cyberhex-code/system/secure_zone/php/export_log.php
View File

@@ -94,7 +94,7 @@ $filter_query = "&loglevel=$loglevel&logtext=$logtext&machine_id=$machine_id&tim
echo '<div class="alert alert-success" role="alert"> echo '<div class="alert alert-success" role="alert">
Log export finished. <a href="/export/cyberhex_log_export.csv" download>Download export</a> Log export finished. <a href="/export/cyberhex_log_export.csv" download>Download export</a>
</div>'; </div>';
log_action("LOG::ENTRY::EXPORT::SUCCESS","User ".$_SESSION["username"]." exported the log.",$_SESSION["id"]);
} }
//now display the normal page //now display the normal page

6
src/server/cyberhex-code/system/secure_zone/php/manage_user.php
View File

@@ -192,11 +192,6 @@ include "perms_functions.php";
die("Connection failed: " . $conn->connect_error); die("Connection failed: " . $conn->connect_error);
} }
$conn = new mysqli($DB_SERVERNAME, $DB_USERNAME, $DB_PASSWORD,$DB_DATABASE);
if ($conn->connect_error) {
$success=0;
die("Connection failed: " . $conn->connect_error);
}
$stmt = $conn->prepare("UPDATE users set email=?, username=?,perms=? WHERE id=?"); $stmt = $conn->prepare("UPDATE users set email=?, username=?,perms=? WHERE id=?");
$stmt->bind_param("sssi", $m_email, $m_username, $m_permissions,$m_userid); $stmt->bind_param("sssi", $m_email, $m_username, $m_permissions,$m_userid);
@@ -210,6 +205,7 @@ include "perms_functions.php";
//echo '<div class="alert alert-success" role="alert"> //echo '<div class="alert alert-success" role="alert">
// User updated successfully! // User updated successfully!
// </div>'; // </div>';
log_action("PROFILE::UPDATE::SUCCESS","User ".$_SESSION["username"]." updated another users profile ($m_username).",$_SESSION["id"]);
echo("<script>location.href='user_list.php'; </script>"); echo("<script>location.href='user_list.php'; </script>");
}elseif($block==1){ }elseif($block==1){
echo '<div class="alert alert-danger" role="alert"> echo '<div class="alert alert-danger" role="alert">

3
src/server/cyberhex-code/system/secure_zone/php/passwd.php
View File

@@ -298,16 +298,19 @@ $email = $_SESSION["email"];
$stmt->execute(); $stmt->execute();
$stmt->close(); $stmt->close();
$conn->close(); $conn->close();
log_action("PASSWD::CHANGE::SUCCESS","User ".$_SESSION["username"]." changed his password.",$_SESSION["id"]);
echo '<br><div class="alert alert-success" role="alert"> echo '<br><div class="alert alert-success" role="alert">
Information updated successfully! Information updated successfully!
</div>'; </div>';
} else { } else {
log_action("PASSWD::CHANGE::FAILURE","User ".$_SESSION["username"]." tried to change his password but failed due to wrong password.",$_SESSION["id"]);
echo '<div class="alert alert-danger" role="alert"> echo '<div class="alert alert-danger" role="alert">
Incorrect password. Incorrect password.
</div>'; </div>';
} }
} else { } else {
log_action("PASSWD::CHANGE::FAILURE","User ".$_SESSION["username"]." tried to change his password but failed due to wrong password.",$_SESSION["id"]);
echo '<div class="alert alert-danger" role="alert"> echo '<div class="alert alert-danger" role="alert">
Incorrect password. Incorrect password.
</div>'; </div>';

1
src/server/cyberhex-code/system/secure_zone/php/profile.php
View File

@@ -128,6 +128,7 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
</form> </form>
<?php <?php
if(isset($_GET["update"])){ if(isset($_GET["update"])){
log_action("PROFILE::UPDATE::SUCCESS","User ".$_SESSION["username"]." updated his profile.",$_SESSION["id"]);
echo '<br><div class="alert alert-success" role="alert"> echo '<br><div class="alert alert-success" role="alert">
Information updated successfully! Information updated successfully!
</div>'; </div>';

3
src/server/cyberhex-code/system/secure_zone/php/server_settings.php
View File

@@ -34,12 +34,15 @@ if ($conn->connect_error) {
include "client_settings_functions.php"; include "client_settings_functions.php";
if(isset($_GET["update"])){ if(isset($_GET["update"])){
safe_settings(); safe_settings();
log_action("SERVER_SETTINGS::UPDATE::SUCCESS","User ".$_SESSION["username"]." updated some server settings.",$_SESSION["id"]);
} }
if(isset($_GET["delete"])){ if(isset($_GET["delete"])){
delete_item($_GET["db"],$_GET["delete"]); delete_item($_GET["db"],$_GET["delete"]);
log_action("SERVER_SETTINGS::DELETE::SUCCESS","User ".$_SESSION["username"]." deleted some server settings.",$_SESSION["id"]);
} }
if(isset($_GET["add"])){ if(isset($_GET["add"])){
add_item($_GET["add"],$_GET["value"],$_GET["field"]); add_item($_GET["add"],$_GET["value"],$_GET["field"]);
log_action("SERVER_SETTINGS::ADD::SUCCESS","User ".$_SESSION["username"]." added some server settings.",$_SESSION["id"]);
} }
load_settings(); load_settings();

4
src/server/cyberhex-code/system/secure_zone/php/view_log.php
View File

@@ -129,6 +129,7 @@ $conn->close();
//delete entry if requested and if user has rights to do that //delete entry if requested and if user has rights to do that
if(isset($_GET["delete"])){ if(isset($_GET["delete"])){
if($perms[3]!=="1"){ if($perms[3]!=="1"){
log_action("LOG::ENTRY::DELETE::FAILURE","User ".$_SESSION["username"]." tried to delete a log entry but not succeeded because of insufficient permissions.",$_SESSION["id"]);
echo '<div class="alert alert-danger" role="alert"> echo '<div class="alert alert-danger" role="alert">
You are not allowed to delete log entries. (insufficient permissions) You are not allowed to delete log entries. (insufficient permissions)
</div>'; </div>';
@@ -149,10 +150,12 @@ $conn->close();
echo '<div class="alert alert-success" role="alert"> echo '<div class="alert alert-success" role="alert">
Log entry deleted. Log entry deleted.
</div>'; </div>';
log_action("LOG::ENTRY::DELETE::SUCCESS","User ".$_SESSION["username"]." deleted a log entry.",$_SESSION["id"]);
} }
} }
if(isset($_GET["delete_all"])){ if(isset($_GET["delete_all"])){
if($perms[3]!=="1"){ if($perms[3]!=="1"){
log_action("LOG::ENTRY::DELETE::FAILURE","User ".$_SESSION["username"]." tried to delete the full log but not succeeded because of insufficient permissions.",$_SESSION["id"]);
echo '<div class="alert alert-danger" role="alert"> echo '<div class="alert alert-danger" role="alert">
You are not allowed to delete log entries. (insufficient permissions) You are not allowed to delete log entries. (insufficient permissions)
</div>'; </div>';
@@ -171,6 +174,7 @@ $conn->close();
echo '<div class="alert alert-success" role="alert"> echo '<div class="alert alert-success" role="alert">
Log deleted. Log deleted.
</div>'; </div>';
log_action("LOG::ENTRY::DELETE::SUCCESS","User ".$_SESSION["username"]." deleted the full log.",$_SESSION["id"]);
} }
} }