New: Audit feature can low log unsuccessful try to login and add ip in report

htdocs/admin/tools/listevents.php

@@ -17,9 +17,9 @@
  */
 
 /**
-        \file       htdocs/compta/clients.php
-        \ingroup    compta
-        \brief      Page accueil des clients
+        \file       htdocs/admin/tools/listevents.php
+        \ingroup    core
+        \brief      List of security events
         \version    $Id$
 */
  
@@ -58,8 +58,8 @@ llxHeader();
 
 $userstatic=new User($db);
 
-$sql = "SELECT e.rowid, e.type, ".$db->pdate("e.dateevent")." as dateevent,";
-$sql.= " e.fk_user, e.label, e.description,";
+$sql = "SELECT e.rowid, e.type, e.ip, ".$db->pdate("e.dateevent")." as dateevent,";
+$sql.= " e.fk_user, e.description,";
 $sql.= " u.login";
 $sql.= " FROM ".MAIN_DB_PREFIX."events as e";
 $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."user as u ON u.rowid = e.fk_user";
@@ -77,9 +77,10 @@ if ($result)
 	print '<table class="liste" width="100%">';
 	print '<tr class="liste_titre">';
 	print_liste_field_titre($langs->trans("Date"),$_SERVER["PHP_SELF"],"e.dateevent","","",'align="left"',$sortfield,$sortorder);
-	print_liste_field_titre($langs->trans("Type"),$_SERVER["PHP_SELF"],"e.type","","",'align="left"',$sortfield,$sortorder);
+	print_liste_field_titre($langs->trans("Code"),$_SERVER["PHP_SELF"],"e.type","","",'align="left"',$sortfield,$sortorder);
+	print_liste_field_titre($langs->trans("IP"),$_SERVER["PHP_SELF"],"e.ip","","",'align="left"',$sortfield,$sortorder);
 	print_liste_field_titre($langs->trans("User"),$_SERVER["PHP_SELF"],"u.login","","",'align="left"',$sortfield,$sortorder);
-	print_liste_field_titre($langs->trans("Label"),$_SERVER["PHP_SELF"],"e.label","","",'align="left"',$sortfield,$sortorder);
+	print_liste_field_titre($langs->trans("Description"),$_SERVER["PHP_SELF"],"e.description","","",'align="left"',$sortfield,$sortorder);
 	print '<td>&nbsp;</td>';
 	print "</tr>\n";
 
@@ -96,10 +97,6 @@ if ($result)
 	print '<input class="flat" type="text" size="10" name="search_compta" value="'.$_GET["search_user"].'">';
 	print '</td>';
 
-	print '<td align="left" class="liste_titre">';
-	print '<input class="flat" type="text" size="10" name="search_compta" value="'.$_GET["search_label"].'">';
-	print '</td>';
-
 	print '<td align="right" class="liste_titre">';
 	print '<input type="image" class="liste_titre" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/search.png" name="button_search" alt="'.$langs->trans("Search").'">';
 	print '</td>';
@@ -116,14 +113,32 @@ if ($result)
 		$var=!$var;
 
 		print "<tr $bc[$var]>";
-		print '<td align="left" nowrap="nowrap">'.dolibarr_print_date($obj->dateevent,'dayhour').'</td>';
+	
+		// Date
+		print '<td align="left" nowrap="nowrap">'.dolibarr_print_date($obj->dateevent,'%Y-%m-%d %H:%M:%S').'</td>';
+
+		// Code
 		print '<td>'.$obj->type.'</td>';
+
+		// IP
+		print '<td>'.$obj->ip.'</td>';
+
+		// Login
+		print '<td>';
+		if ($obj->fk_user)
+		{
 			$userstatic->id=$obj->fk_user;
 			$userstatic->login=$obj->login;
-		print '<td>'.$userstatic->getLoginUrl(1).'</td>';
-		print '<td>'.$obj->label.'</td>';
-//		print '<td>'.$obj->description.'</td>';
+			print $userstatic->getLoginUrl(1);
+		}
+		else print '&nbsp;';
+		print '</td>';
+
+		// Description
+		print '<td>'.$obj->description.'</td>';
+		
 		print '<td>&nbsp;</td>';
+
 		print "</tr>\n";
 		$i++;
 	}

htdocs/core/events.class.php

@@ -49,7 +49,6 @@ class Events // extends CommonObject
 	var $tms;
 	var $type;
 	var $dateevent;
-	var $label;
 	var $description;
 
     
@@ -78,30 +77,28 @@ class Events // extends CommonObject
 		// Clean parameters
 		$this->id=trim($this->id);
 		$this->fk_action=trim($this->fk_action);
-		$this->label=trim($this->label);
 		$this->description=trim($this->description);
 
 		// Check parameters
-		if (! $user->id) { $this->error='ErrorBadValueForParameter'; return -1; }
+		if (! $this->description) { $this->error='ErrorBadValueForParameter'; return -1; }
 		
         // Insert request
 		$sql = "INSERT INTO ".MAIN_DB_PREFIX."events(";
 		
 		$sql.= "type,";
+		$sql.= "ip,";
 		$sql.= "dateevent,";
 		$sql.= "fk_user,";
-		$sql.= "label,";
 		$sql.= "description";
 
         $sql.= ") VALUES (";
        
 		$sql.= " '".$this->type."',";
+		$sql.= " '".$_SERVER['REMOTE_ADDR']."',";
 		$sql.= " ".$this->db->idate($this->dateevent).",";
-		$sql.= " '".$user->id."',";
-		$sql.= " '".$this->label."',";
+		$sql.= " ".($user->id?"'".$user->id."'":'NULL').",";
 		$sql.= " '".$this->description."'";
 
-        
 		$sql.= ")";
 
 	   	dolibarr_syslog("Events::create sql=".$sql, LOG_DEBUG);
@@ -134,7 +131,6 @@ class Events // extends CommonObject
         
 		$this->id=trim($this->id);
 		$this->type=trim($this->type);
-		$this->label=trim($this->label);
 		$this->description=trim($this->description);
 
         
@@ -147,7 +143,6 @@ class Events // extends CommonObject
         
 		$sql.= " type='".$this->type."',";
 		$sql.= " dateevent=".$this->db->idate($this->dateevent).",";
-		$sql.= " label='".addslashes($this->label)."',";
 		$sql.= " description='".addslashes($this->description)."'";
         
         $sql.= " WHERE rowid=".$this->id;
@@ -180,7 +175,6 @@ class Events // extends CommonObject
 		$sql.= " ".$this->db->pdate('t.tms').",";
 		$sql.= " t.type,";
 		$sql.= " ".$this->db->pdate('t.dateevent').",";
-		$sql.= " t.label,";
 		$sql.= " t.description";
 
 		
@@ -200,7 +194,6 @@ class Events // extends CommonObject
 				$this->tms = $obj->tms;
 				$this->type = $obj->type;
 				$this->dateevent = $obj->dateevent;
-				$this->label = $obj->label;
 				$this->description = $obj->description;
 
                 
@@ -254,7 +247,6 @@ class Events // extends CommonObject
 		$this->tms=time();
 		$this->type='';
 		$this->dateevent=time();
-		$this->label='Speciment event';
 		$this->description='This is a specimen event';
 	}
 

htdocs/includes/login/functions_dolibarr.php

 <?php
-/* Copyright (C) 2007 Laurent Destailleur  <eldy@users.sourceforge.net>
+/* Copyright (C) 2007-2008 Laurent Destailleur  <eldy@users.sourceforge.net>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -14,14 +14,13 @@
  * You should have received a copy of the GNU General Public License
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
- *
- * $Id$
  */
 
 /**
         \file       htdocs/includes/login/functions_dolibarr.php
         \ingroup    core
         \brief      Authentication functions for Dolibarr mode
+		\version	$Id$
 */
 
 

htdocs/includes/triggers/interface_all_Logevents.class.php

@@ -49,7 +49,7 @@ class InterfaceLogevents
     
         $this->name = "Logevents";
         $this->family = "core";
-        $this->description = "Les triggers de ce composant permettent de logguer les evenements Dolibarr (modification status des objets).";
+        $this->description = "Les triggers de ce composant permettent de logguer les evenements de securite Dolibarr.";
         $this->version = 'dolibarr';                        // 'experimental' or 'dolibarr' or version
     }
 
@@ -116,6 +116,17 @@ class InterfaceLogevents
             $this->texte=$langs->transnoentities("UserLogged",$object->login);
             $this->desc=$langs->transnoentities("UserLogged",$object->login);
 		}
+        if ($action == 'USER_LOGIN_FAILED')
+        {
+            dolibarr_syslog("Trigger '".$this->name."' for action '$action' launched by ".__FILE__.". id=".$object->id);
+            $langs->load("users");
+		
+            // Initialisation donnees (date,duree,texte,desc)
+            $this->date=time();
+            $this->duree=0;
+            $this->texte=$object->trigger_mesg;	// Message direct
+            $this->desc=$object->trigger_mesg;	// Message direct
+		}
         if ($action == 'USER_CREATE')
         {
             dolibarr_syslog("Trigger '".$this->name."' for action '$action' launched by ".__FILE__.". id=".$object->id);
@@ -496,10 +507,10 @@ class InterfaceLogevents
             }
             else
             {
-                $error ="Failed to insert : ".$webcal->error." ";
+                $error ="Failed to insert security event: ".$event->error;
                 $this->error=$error;
 
-                //dolibarr_syslog("interface_webcal.class.php: ".$this->error);
+                dolibarr_syslog("interface_all_Logevents.class.php: ".$this->error);
                 return -1;
             }
         }

htdocs/main.inc.php

@@ -111,7 +111,6 @@ if ($conf->main_force_https)
 }
 
 // Chargement des includes complementaire de presentation
-
 if (! defined('NOREQUIREMENU')) require_once(DOL_DOCUMENT_ROOT ."/menu.class.php");			// Need 11ko memory (11ko in 2.2)
 if (! defined('NOREQUIREHTML')) require_once(DOL_DOCUMENT_ROOT ."/html.form.class.php");	// Need 690ko memory (800ko in 2.2)
 if (! defined('NOREQUIREAJAX') && $conf->use_javascript_ajax) require_once(DOL_DOCUMENT_ROOT.'/lib/ajax.lib.php');	// Need 20ko memory
@@ -123,9 +122,6 @@ session_name($sessionname);
 session_start();
 dolibarr_syslog("Session name=".$sessionname." Session id()=".session_id().", _SESSION['dol_login']=".$_SESSION["dol_login"]);
 
-$bc[0]="class=\"impair\"";
-$bc[1]="class=\"pair\"";
-
 /*
  * Phase identification
  */
@@ -177,14 +173,25 @@ if (! isset($_SESSION["dol_login"]))
 			dolibarr_syslog('Bad value for code, connexion refused');
 			$langs->load('main');
 			$langs->load('other');
+			
+			$user->trigger_mesg='ErrorBadValueForCode - login='.$_POST["username"];
 			$_SESSION["dol_loginmesg"]=$langs->trans("ErrorBadValueForCode");
 			$test=false;
+			
+			// Appel des triggers
+			include_once(DOL_DOCUMENT_ROOT . "/interfaces.class.php");
+			$interface=new Interfaces($db);
+			$result=$interface->run_triggers('USER_LOGIN_FAILED',$user,$user,$langs,$conf);
+			if ($result < 0) { $error++; }
+			// Fin appel triggers
 		}
 	}
     
 	// Tests de validation user/mot de passe
 	// Si ok, la variable login doit avoir ete initialisee
 	// Si erreur, on a place message erreur dans session sous le nom dol_loginmesg
+	if ($test)
+	{
 		foreach($authmode as $mode)
 		{
 			if ($test && $mode && ! $login)
@@ -202,7 +209,7 @@ if (! isset($_SESSION["dol_login"]))
 				}
 				else
 				{
-				dolibarr_syslog("Authentification ko - failed to load file '".$authfile."'");
+					dolibarr_syslog("Authentification ko - failed to load file '".$authfile."'",LOG_ERR);
 					sleep(1);
 					$langs->load('main');
 					$langs->load('other');
@@ -211,6 +218,25 @@ if (! isset($_SESSION["dol_login"]))
 			}
 		}
 
+		if (! $login)
+		{
+			dolibarr_syslog('Bad password, connexion refused',LOG_DEBUG);
+			$langs->load('main');
+			$langs->load('other');
+
+			// Bad password. No authmode has found a good password.
+			$user->trigger_mesg=$langs->trans("ErrorBadLoginPassword").' - login='.$_POST["username"];
+			$_SESSION["dol_loginmesg"]=$langs->trans("ErrorBadLoginPassword");
+			
+			// Appel des triggers
+			include_once(DOL_DOCUMENT_ROOT . "/interfaces.class.php");
+			$interface=new Interfaces($db);
+			$result=$interface->run_triggers('USER_LOGIN_FAILED',$user,$user,$langs,$conf);
+			if ($result < 0) { $error++; }
+			// Fin appel triggers
+		}
+	}
+	
 	// Fin des tests de login/passwords
     if (! $login)
     {
@@ -228,8 +254,27 @@ if (! isset($_SESSION["dol_login"]))
 		session_start();
 
 		$langs->load('main');
-		if ($resultFetchUser == 0) $_SESSION["dol_loginmesg"]=$langs->trans("ErrorCantLoadUserFromDolibarrDatabase",$login);
-		if ($resultFetchUser < 0)  $_SESSION["dol_loginmesg"]=$user->error;
+		if ($resultFetchUser == 0) 
+		{
+			$langs->load('main');
+			$langs->load('other');
+
+			$user->trigger_mesg='ErrorCantLoadUserFromDolibarrDatabase - login='.$login;
+			$_SESSION["dol_loginmesg"]=$langs->trans("ErrorCantLoadUserFromDolibarrDatabase",$login);
+		}
+		if ($resultFetchUser < 0)
+		{
+			$user->trigger_mesg=$user->error;
+			$_SESSION["dol_loginmesg"]=$user->error;
+		}
+
+		// Appel des triggers
+		include_once(DOL_DOCUMENT_ROOT . "/interfaces.class.php");
+		$interface=new Interfaces($db);
+		$result=$interface->run_triggers('USER_LOGIN_FAILED',$user,$user,$langs,$conf);
+		if ($result < 0) { $error++; }
+		// Fin appel triggers
+
 		header('Location: '.DOL_URL_ROOT.'/index.php');
 		exit;
 	}
@@ -250,8 +295,27 @@ else
 		session_start();
 
 		$langs->load('main');
-		if ($resultFetchUser == 0) $_SESSION["dol_loginmesg"]=$langs->trans("ErrorCantLoadUserFromDolibarrDatabase",$login);
-		if ($resultFetchUser < 0)  $_SESSION["dol_loginmesg"]=$user->error;
+		if ($resultFetchUser == 0) 
+		{
+			$langs->load('main');
+			$langs->load('other');
+
+			$user->trigger_mesg='ErrorCantLoadUserFromDolibarrDatabase - login='.$login;
+			$_SESSION["dol_loginmesg"]=$langs->trans("ErrorCantLoadUserFromDolibarrDatabase",$login);
+		}
+		if ($resultFetchUser < 0)
+		{
+			$user->trigger_mesg=$user->error;
+			$_SESSION["dol_loginmesg"]=$user->error;
+		}
+
+		// Appel des triggers
+		include_once(DOL_DOCUMENT_ROOT . "/interfaces.class.php");
+		$interface=new Interfaces($db);
+		$result=$interface->run_triggers('USER_LOGIN_FAILED',$user,$user,$langs,$conf);
+		if ($result < 0) { $error++; }
+		// Fin appel triggers
+
 		header('Location: '.DOL_URL_ROOT.'/index.php');
 		exit;
 	}
@@ -273,13 +337,15 @@ if (! isset($_SESSION["dol_login"]))
 	include_once(DOL_DOCUMENT_ROOT . "/interfaces.class.php");
 	$interface=new Interfaces($db);
 	$result=$interface->run_triggers('USER_LOGIN',$user,$user,$langs,$conf);
-	if ($result < 0) { $error++; $this->errors=$interface->errors; }
+	if ($result < 0) { $error++; }
 	// Fin appel triggers
 	
 	if ($error)
 	{
-		dolibarr_print_errors($db,$this->errors);
 		$db->rollback();
+		session_destroy();
+		dolibarr_print_error($db,'Error in some triggers on action USER_LOGIN',LOG_ERR);
+		exit;
 	}
 	else
 	{

mysql/migration/2.2.0-2.4.0.sql

@@ -192,8 +192,8 @@ create table llx_events
   type			 varchar(32)  NOT NULL, 
   dateevent      datetime,             
   fk_user        integer,              
-  label          varchar(50)  NOT NULL, 
-  description    varchar(200) NOT NULL,        
+  description    varchar(250) NOT NULL,        
+  ip			 varchar(32) NOT NULL,
   fk_object      integer               
 ) type=innodb;
 

mysql/tables/llx_events.sql

@@ -17,8 +17,9 @@
 --
 -- $Id$
 -- ========================================================================
--- This table logs all dolibarr events
--- Content of this table is not managed by users but by Dolibarr triggers.
+-- This table logs all dolibarr security events
+-- Content of this table is not managed by users but by Dolibarr
+-- trigger interface_all_LogEvent.
 -- ========================================================================
 
 create table llx_events
@@ -28,8 +29,8 @@ create table llx_events
   type			 varchar(32)  NOT NULL, -- action type
   dateevent      datetime,              -- date event
   fk_user        integer,               -- id user
-  label          varchar(50)  NOT NULL, -- label of action
-  description    varchar(200) NOT NULL, -- full description of action
+  description    varchar(250) NOT NULL, -- full description of action
+  ip			 varchar(32) NOT NULL,  -- ip
   fk_object      integer                -- id of related object
 ) type=innodb;