improve logging

1169ad78 · Hahn Axel (hahn) · 613458ad · 1169ad78 · 1169ad78 · 1169ad78
Commit 1169ad78 authored 1 month ago by Hahn Axel (hahn)
--- a/public_html/pages/challenge-email.php
+++ b/public_html/pages/challenge-email.php
@@ -16,10 +16,10 @@ if(count($_POST)){
    if(($_POST['action']??false) == "verify"){
        if($_SESSION['mfa_emailcode']!==$_POST['code']){
-            $oUser->log("error", "User entered wrong code for TOTP verification");
+            $oUser->log("error", "challenge $sMethod: wrong code.");
            $CONTENT.="<div class=\"msg error\">{{mfa.verification-failed}}</div>";
        } else {
-            $oUser->log("ok", "Email verification succeeded.");
+            $oUser->log("ok", "challenge $sMethod: succeeded.");
            $oUser->mfaSolved($sMethod, $_SESSION['mfa_ip']??'');
            session_start();
@@ -31,7 +31,6 @@ if(count($_POST)){
                header("location: " . $_SESSION['mfa_backurl']);
            }
            // OK
-            $oUser->log("debug", "TOTP verification succeeded.");
            $CONTENT.="<div class=\"msg success\">{{mfa.verification-ok}}</div>";
            return true;

--- a/public_html/pages/challenge-totp.php
+++ b/public_html/pages/challenge-totp.php
@@ -18,12 +18,12 @@ if(count($_POST)){
        $bCodeOK=false;
        if (ahTotp::verify_key($aMethodConfig['secret'], $_POST['code'])){
            $bCodeOK=true;
-            $oUser->log("ok", "TOTP verification succeeded.");
+            $oUser->log("ok", "challenge $sMethod: succeeded - TOTP code verified.");
        } else {
            $aCodes=$aMethodConfig['backupcodes']??[];
            if (isset($aCodes[$_POST['code']]) && $aCodes[$_POST['code']]==false){
                $bCodeOK=true;
-                $oUser->log("ok", "TOTP backup code succeeded.");
+                $oUser->log("ok", "challenge $sMethod: succeeded - backup code was used.");
                $aMethodConfig['backupcodes'][$_POST['code']]=time();
                $oUser->mfaAdd($sMethod, $aMethodConfig, true);
            }
@@ -35,13 +35,12 @@ if(count($_POST)){
                header("location: " . $_SESSION['mfa_backurl']);
            }
            // OK
-            $oUser->log("debug", "TOTP verification succeeded.");
            $CONTENT.="<div class=\"msg success\">{{mfa.verification-ok}}</div>";
            return true;
        } else {
            // ERROR ... and show the form again
-            $oUser->log("error", "User entered wrong code for TOTP verification");
+            $oUser->log("error", "challenge $sMethod: TOTP was wrong.");
            $CONTENT.="<div class=\"msg error\">{{mfa.verification-failed}}</div>";
        }
    }

--- a/public_html/pages/setup-email.php
+++ b/public_html/pages/setup-email.php
@@ -22,6 +22,7 @@ if(count($_POST)){
                session_start();
                if($_SESSION['mfa_setup_emailcode']!==$_POST['code']){
+                    $oUser->log("error", "setup $sMethod: $sAction wrong code.");
                    $CONTENT.="<div class=\"msg error\">{{setup.email.code-failed}}</div><br>";
                } else {
                    if ($oUser->mfaAdd($sMethod, [
@@ -33,6 +34,7 @@ if(count($_POST)){
                            <br>
                            <a class=\"pure-button\" href=\"?page=setup\">{{ico.back}} {{back}}</a>
                        ";
+                        $oUser->log("ok", "setup $sMethod: $sAction ok.");
                        $oUser->mfaSolved($sMethod, $_SESSION['mfa_ip']??'');
                        unset($_SESSION['mfa_setup_emailcode']);
                        unset($_SESSION['mfa_setup_emailaddress']);

--- a/public_html/pages/setup-totp.php
+++ b/public_html/pages/setup-totp.php
@@ -37,6 +37,7 @@ if(count($_POST)){
                if (ahTotp::verify_key($_POST['secret'], $_POST['code'])){
                    // OK
                    // $CONTENT.="<div class=\"msg success\">{{mfa.verification-ok}}</div>";
+                    $oUser->log("ok", "setup $sMethod: $sAction ok.");
                    $oUser->mfaSolved($sMethod, $_SESSION['mfa_ip']??'');
                    if ($oUser->mfaAdd($sMethod, [
                        "secret" => $sSecret,
@@ -54,6 +55,7 @@ if(count($_POST)){
                    }
                } else {
                    // ERROR
+                    $oUser->log("error", "setup $sMethod: $sAction wrong code.");
                    $CONTENT.="<div class=\"msg error\">{{mfa.verification-failed}}</div>
                        <br>
                    ";
@@ -63,6 +65,7 @@ if(count($_POST)){
            // ----- delete TOTP
            case 'delete':
                if ($oUser->mfaDelete($sMethod)){
+                    $oUser->log("ok", "setup $sMethod: $sAction ok.");
                    $CONTENT.="<div class=\"msg success\">{{mfa.save-ok}}</div>
                        <br>
                        {{mfa.deleted}}<br>
@@ -72,6 +75,7 @@ if(count($_POST)){
                    ";
                    return true;
                } else {
+                    $oUser->log("error", "setup $sMethod: $sAction failed.");
                    $CONTENT.="<div class=\"msg error\">{{mfa.save-failed}}</div>";
                }
                break;
@@ -80,13 +84,16 @@ if(count($_POST)){
            case "renewbackupcodes":
                $aTotpSettings['backupcodes']=generateBackupcodes();
                if($oUser->mfaAdd($sMethod, $aTotpSettings, true)){
+                    $oUser->log("ok", "setup $sMethod: $sAction ok.");
                    $CONTENT.="<div class=\"msg success\">{{mfa.save-ok}}</div>";
                } else {
+                    $oUser->log("error", "setup $sMethod: $sAction failed.");
                    $CONTENT.="<div class=\"msg error\">{{mfa.save-failed}}</div>";
                }
                break;
            // ----- unknown action
            default:
+                $oUser->log("error", "setup $sMethod: $sAction does not exist.");
                $CONTENT.="<div class=\"msg error\">{{mfa.unknown-action}}</div>";
                break;
        }