Skip to content

Commit 2d0b57e

Browse files
author
Kristan Kenney
committed
Update scripts to capture session ID
1 parent e945217 commit 2d0b57e

File tree

7 files changed

+17
-19
lines changed

7 files changed

+17
-19
lines changed

bin/v-log-user-login

Lines changed: 4 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@
66
user=$1
77
ip=$2
88
status=$3
9-
fingerprint=${4}
9+
session_id=$4
1010

1111
active="yes"
1212
if [ $status = "failed" ]; then
@@ -21,7 +21,7 @@ source $HESTIA/conf/hestia.conf
2121
# Verifications #
2222
#----------------------------------------------------------#
2323

24-
check_args '2' "$#" 'USER IP [FINGERPRINT]'
24+
check_args '2' "$#" 'USER IP SESSION_ID'
2525
is_format_valid 'user' 'ip'
2626
is_object_valid 'user' 'USER' "$user"
2727

@@ -31,16 +31,14 @@ time=$(echo "$time_n_date" |cut -f 1 -d \ )
3131
date=$(echo "$time_n_date" |cut -f 2 -d \ )
3232

3333
if [ ! -f $USER_DATA/auth.log ]; then
34-
touch $USER_DATA/auth.log
34+
touch $USER_DATA/auth.log
3535
fi
3636

3737
#----------------------------------------------------------#
3838
# Action #
3939
#----------------------------------------------------------#
4040

41-
awk -i inplace -v finger="FINGERPRINT='$fingerprint'" -v active="ACTIVE='no'" '$2 == TIME {$5=ACTIVE}1' $USER_DATA/auth.log
42-
43-
echo "IP='$ip' FINGERPRINT='$fingerprint' STATUS='$status' DATE='$date' TIME='$time' ACTIVE='$active'" >> $USER_DATA/auth.log
41+
echo "DATE='$date' TIME='$time' IP='$ip' ACTION='login' STATUS='$status' SESSION='$session_id' ACTIVE='$active'" >> $USER_DATA/auth.log
4442

4543
#----------------------------------------------------------#
4644
# Hestia #

bin/v-log-user-logout

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@
44

55
# Argument definition
66
user=$1
7-
fingerprint=$2
7+
session_id=$2
88

99
# Includes
1010
source $HESTIA/func/main.sh
@@ -14,19 +14,19 @@ source $HESTIA/conf/hestia.conf
1414
# Verifications #
1515
#----------------------------------------------------------#
1616

17-
check_args '2' "$#" 'USER FINGERPRINT'
17+
check_args '2' "$#" 'USER SESSION_ID'
1818
is_format_valid 'user'
1919
is_object_valid 'user' 'USER' "$user"
2020

2121
if [ ! -f $USER_DATA/auth.log ]; then
22-
touch $USER_DATA/auth.log
22+
touch $USER_DATA/auth.log
2323
fi
2424

2525
#----------------------------------------------------------#
2626
# Action #
2727
#----------------------------------------------------------#
2828

29-
awk -i inplace -v finger="FINGERPRINT='$fingerprint'" -v active="ACTIVE='no'" '$2 == TIME {$5=active}1' $USER_DATA/auth.log
29+
sed -i "s/SESSION='$session_id' ACTIVE='yes'/SESSION='$session_id' ACTIVE='no'/g" $USER_DATA/auth.log
3030

3131
#----------------------------------------------------------#
3232
# Hestia #

web/delete/log/auth/index.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -25,7 +25,7 @@
2525
}
2626
$v_ip = escapeshellarg($ip);
2727

28-
$v_murmur = escapeshellarg($_SESSION['MURMUR']);
28+
$v_murmur = escapeshellarg($_SESSION['token']);
2929
exec(HESTIA_CMD."v-log-user-login ".$v_username." ".$v_ip." success ".$v_murmur, $output, $return_var);
3030

3131
// Render page

web/inc/main.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -39,7 +39,7 @@
3939
// Checking user to use session from the same IP he has been logged in
4040
if ($_SESSION['user_combined_ip'] != $user_combined_ip && $_SERVER['REMOTE_ADDR'] != '127.0.0.1'){
4141
$v_user = escapeshellarg($_SESSION['user']);
42-
$v_murmur = escapeshellarg($_SESSION['MURMUR']);
42+
$v_murmur = escapeshellarg($_SESSION['token']);
4343
exec(HESTIA_CMD."v-log-user-logout ".$v_user." ".$v_murmur, $output, $return_var);
4444
session_destroy();
4545
session_start();
@@ -80,7 +80,7 @@
8080
header("Location: /login/");
8181
} else if ($_SESSION['INACTIVE_SESSION_TIMEOUT'] * 60 + $_SESSION['LAST_ACTIVITY'] < time()) {
8282
$v_user = escapeshellarg($_SESSION['user']);
83-
$v_murmur = escapeshellarg($_SESSION['MURMUR']);
83+
$v_murmur = escapeshellarg($_SESSION['token']);
8484
exec(HESTIA_CMD."v-log-user-logout ".$v_user." ".$v_murmur, $output, $return_var);
8585
session_destroy();
8686
header("Location: /login/");

web/login/index.php

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -137,7 +137,7 @@ function authenticate_user($user, $password, $twofa = ''){
137137
if ( $return_var > 0 ) {
138138
sleep(2);
139139
$error = "<a class=\"error\">"._('Invalid username or password')."</a>";
140-
$v_murmur = escapeshellarg($_POST['murmur']);
140+
$v_murmur = escapeshellarg($_POST['token']);
141141
exec(HESTIA_CMD."v-log-user-login ".$v_user." ".$v_ip." failed ".$v_murmur, $output, $return_var);
142142

143143
return $error;
@@ -161,7 +161,7 @@ function authenticate_user($user, $password, $twofa = ''){
161161
$error = "<a class=\"error\">"._('Invalid or missing 2FA token')."</a>";
162162
$_SESSION['login']['username'] = $user;
163163
$_SESSION['login']['password'] = $password;
164-
$v_murmur = escapeshellarg($_POST['murmur']);
164+
$v_murmur = escapeshellarg($_POST['token']);
165165
exec(HESTIA_CMD."v-log-user-login ".$v_user." ".$v_ip." failed ".$v_murmur, $output, $return_var);
166166
return $error;
167167
unset($_POST['twofa']);
@@ -175,7 +175,7 @@ function authenticate_user($user, $password, $twofa = ''){
175175
$_SESSION['user'] = key($data);
176176
$v_user = $_SESSION['user'];
177177
//log successfull login attempt
178-
$v_murmur = escapeshellarg($_POST['murmur']);
178+
$v_murmur = escapeshellarg($_POST['token']);
179179
exec(HESTIA_CMD."v-log-user-login ".$v_user." ".$v_ip." success ".$v_murmur, $output, $return_var);
180180

181181
$_SESSION['LAST_ACTIVITY'] = time();

web/logout/index.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -12,9 +12,9 @@
1212
unset($_SESSION['_sf2_meta']);
1313
header("Location: /");
1414
} else {
15-
if($_SESSION['MURMUR'] && $_SESSION['user']){
15+
if($_SESSION['token'] && $_SESSION['user']){
1616
$v_user = escapeshellarg($_SESSION['user']);
17-
$v_murmur = escapeshellarg($_SESSION['MURMUR']);
17+
$v_murmur = escapeshellarg($_SESSION['token']);
1818
exec(HESTIA_CMD."v-log-user-logout ".$v_user." ".$v_murmur, $output, $return_var);
1919
}
2020

web/templates/login_1.html

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@
1111
<form method="post" action="/login/" id="form_login">
1212
<input type="hidden" name="token" value="<?php echo $_SESSION['token']; ?>">
1313
<input type="hidden" name="user" value="<?php echo $_POST['user']; ?>">
14-
<input type="hidden" name="murmur" value="<?php echo $_POST['murmur']; ?>" id="murmur">
14+
<input type="hidden" name="murmur" value="<?php echo $_SESSION['token']; ?>" id="murmur">
1515
<table class="login-box">
1616
<tr>
1717
<td style="padding: 12px 0 0 2px;" class="login-welcome">

0 commit comments

Comments
 (0)