From b91317046ba1a0494554d8042a9490b7a57100b2 Mon Sep 17 00:00:00 2001
From: Mark Schouten <mark@tuxis.nl>
Date: Tue, 23 Aug 2016 12:30:27 +0200
Subject: [PATCH] Fix logging in cases we don't have a username yet. Also, log
 more stuff. Closes #104

---
 includes/misc.inc.php    | 9 ++++++---
 includes/session.inc.php | 4 ++++
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/includes/misc.inc.php b/includes/misc.inc.php
index 7041d0f..fd75739 100644
--- a/includes/misc.inc.php
+++ b/includes/misc.inc.php
@@ -128,7 +128,6 @@ function do_db_auth($u, $p) {
     $db->close();
 
     if ($userinfo and $userinfo['password'] and (crypt($p, $userinfo['password']) === $userinfo['password'])) {
-        writelog('Succesful login.');
         return TRUE;
     }
 
@@ -277,11 +276,15 @@ function clearlogs() {
     writelog("Logtable truncated.");
 }
 
-function writelog($line) {
+function writelog($line, $user=False) {
     global $logging;
     if ($logging !== TRUE)
         return;
 
+    if ($user === False) {
+        $user = get_sess_user();
+    }
+
     try {
         $db = get_db();
         $q = $db->prepare('CREATE TABLE IF NOT EXISTS logs (
@@ -292,7 +295,7 @@ function writelog($line) {
         $ret = $q->execute();
 
         $q = $db->prepare('INSERT INTO logs (user, log) VALUES (:user, :log)');
-        $q->bindValue(':user', get_sess_user(), SQLITE3_TEXT);
+        $q->bindValue(':user', $user, SQLITE3_TEXT);
         $q->bindValue(':log', $line, SQLITE3_TEXT);
         $q->execute();
         $db->close();
diff --git a/includes/session.inc.php b/includes/session.inc.php
index 0af9f89..996f052 100644
--- a/includes/session.inc.php
+++ b/includes/session.inc.php
@@ -150,6 +150,7 @@ function _try_login($username, $password) {
     global $wefactapiurl, $wefactapikey;
 
     if (!valid_user($username)) {
+        writelog("Illegal username at login!", $username);
         return false;
     }
 
@@ -158,6 +159,7 @@ function _try_login($username, $password) {
     if (isset($wefactapiurl) && isset($wefactapikey)) {
         $wefact = do_wefact_auth($username, $password);
         if (false === $wefact ) {
+            writelog("Failed Wefact login!", $username);
             return false;
         }
         if (-1 !== $wefact) {
@@ -166,11 +168,13 @@ function _try_login($username, $password) {
     }
 
     if ($do_local_auth && !do_db_auth($username, $password)) {
+        writelog("Failed login!", $username);
         return false;
     }
 
     $user = get_user_info($username);
     if (!$user) {
+        writelog("Failed to find user!", $username);
         return false;
     } else {
         _set_current_user($username, (bool) $user['isadmin']);