Update scripts to capture session ID

bin/v-log-user-login

@@ -6,7 +6,7 @@
 user=$1
 ip=$2
 status=$3
-fingerprint=${4}
+session_id=$4
 
 active="yes"
 if [ $status = "failed" ]; then
@@ -21,7 +21,7 @@ source $HESTIA/conf/hestia.conf
 #                    Verifications                         #
 #----------------------------------------------------------#
 
-check_args '2' "$#" 'USER IP [FINGERPRINT]'
+check_args '2' "$#" 'USER IP SESSION_ID'
 is_format_valid 'user' 'ip'
 is_object_valid 'user' 'USER' "$user"
 
@@ -31,16 +31,14 @@ time=$(echo "$time_n_date" |cut -f 1 -d \ )
 date=$(echo "$time_n_date" |cut -f 2 -d \ )
 
 if [ ! -f $USER_DATA/auth.log ]; then
-    touch  $USER_DATA/auth.log
+    touch $USER_DATA/auth.log
 fi
 
 #----------------------------------------------------------#
 #                       Action                             #
 #----------------------------------------------------------#
 
-awk -i inplace -v finger="FINGERPRINT='$fingerprint'" -v active="ACTIVE='no'" '$2 == TIME {$5=ACTIVE}1' $USER_DATA/auth.log   
-
-echo "IP='$ip' FINGERPRINT='$fingerprint' STATUS='$status' DATE='$date' TIME='$time' ACTIVE='$active'" >> $USER_DATA/auth.log
+echo "DATE='$date' TIME='$time' IP='$ip' ACTION='login' STATUS='$status' SESSION='$session_id' ACTIVE='$active'" >> $USER_DATA/auth.log
 
 #----------------------------------------------------------#
 #                       Hestia                             #

bin/v-log-user-logout

@@ -4,7 +4,7 @@
 
 # Argument definition
 user=$1
-fingerprint=$2
+session_id=$2
 
 # Includes
 source $HESTIA/func/main.sh
@@ -14,19 +14,19 @@ source $HESTIA/conf/hestia.conf
 #                    Verifications                         #
 #----------------------------------------------------------#
 
-check_args '2' "$#" 'USER FINGERPRINT'
+check_args '2' "$#" 'USER SESSION_ID'
 is_format_valid 'user'
 is_object_valid 'user' 'USER' "$user"
 
 if [ ! -f $USER_DATA/auth.log ]; then
-    touch  $USER_DATA/auth.log
+    touch $USER_DATA/auth.log
 fi
 
 #----------------------------------------------------------#
 #                       Action                             #
 #----------------------------------------------------------#
 
-awk -i inplace -v finger="FINGERPRINT='$fingerprint'" -v active="ACTIVE='no'" '$2 == TIME  {$5=active}1' $USER_DATA/auth.log 
+sed -i "s/SESSION='$session_id' ACTIVE='yes'/SESSION='$session_id' ACTIVE='no'/g" $USER_DATA/auth.log
 
 #----------------------------------------------------------#
 #                       Hestia                             #

web/delete/log/auth/index.php

@@ -25,7 +25,7 @@ if(isset($_SERVER['HTTP_CF_CONNECTING_IP'])){
 } 
 $v_ip = escapeshellarg($ip);
     
-$v_murmur = escapeshellarg($_SESSION['MURMUR']);
+$v_murmur = escapeshellarg($_SESSION['token']);
 exec(HESTIA_CMD."v-log-user-login ".$v_username." ".$v_ip." success ".$v_murmur, $output, $return_var);
 
 // Render page

web/inc/main.php

@@ -39,7 +39,7 @@ if (!isset($_SESSION['user_combined_ip'])){
 // Checking user to use session from the same IP he has been logged in
 if ($_SESSION['user_combined_ip'] != $user_combined_ip && $_SERVER['REMOTE_ADDR'] != '127.0.0.1'){
     $v_user = escapeshellarg($_SESSION['user']);
-    $v_murmur = escapeshellarg($_SESSION['MURMUR']);
+    $v_murmur = escapeshellarg($_SESSION['token']);
     exec(HESTIA_CMD."v-log-user-logout ".$v_user." ".$v_murmur, $output, $return_var);
     session_destroy();
     session_start();
@@ -80,7 +80,7 @@ if (!defined('NO_AUTH_REQUIRED')){
         header("Location: /login/");
     } else if ($_SESSION['INACTIVE_SESSION_TIMEOUT'] * 60 + $_SESSION['LAST_ACTIVITY'] < time()) {
         $v_user = escapeshellarg($_SESSION['user']);
-        $v_murmur = escapeshellarg($_SESSION['MURMUR']);
+        $v_murmur = escapeshellarg($_SESSION['token']);
         exec(HESTIA_CMD."v-log-user-logout ".$v_user." ".$v_murmur, $output, $return_var);
         session_destroy();
         header("Location: /login/");

web/login/index.php

@@ -137,7 +137,7 @@ function authenticate_user($user, $password, $twofa = ''){
             if ( $return_var > 0 ) {
                 sleep(2);
                 $error = "<a class=\"error\">"._('Invalid username or password')."</a>";
-                $v_murmur = escapeshellarg($_POST['murmur']);
+                $v_murmur = escapeshellarg($_POST['token']);
                 exec(HESTIA_CMD."v-log-user-login ".$v_user." ".$v_ip." failed ".$v_murmur, $output, $return_var);
 
                 return $error;
@@ -161,7 +161,7 @@ function authenticate_user($user, $password, $twofa = ''){
                                 $error = "<a class=\"error\">"._('Invalid or missing 2FA token')."</a>";
                                 $_SESSION['login']['username'] = $user;
                                 $_SESSION['login']['password'] = $password;
-                                $v_murmur = escapeshellarg($_POST['murmur']);
+                                $v_murmur = escapeshellarg($_POST['token']);
                                 exec(HESTIA_CMD."v-log-user-login ".$v_user." ".$v_ip." failed ".$v_murmur, $output, $return_var);
                                 return $error;
                                 unset($_POST['twofa']);
@@ -175,7 +175,7 @@ function authenticate_user($user, $password, $twofa = ''){
                 $_SESSION['user'] = key($data);
                 $v_user = $_SESSION['user'];
                 //log successfull login attempt
-                $v_murmur = escapeshellarg($_POST['murmur']);
+                $v_murmur = escapeshellarg($_POST['token']);
                 exec(HESTIA_CMD."v-log-user-login ".$v_user." ".$v_ip." success ".$v_murmur, $output, $return_var);
 
                 $_SESSION['LAST_ACTIVITY'] = time();

web/logout/index.php

@@ -12,9 +12,9 @@ if (!empty($_SESSION['look'])) {
     unset($_SESSION['_sf2_meta']);
     header("Location: /");
 } else {
-    if($_SESSION['MURMUR'] && $_SESSION['user']){
+    if($_SESSION['token'] && $_SESSION['user']){
         $v_user = escapeshellarg($_SESSION['user']);
-        $v_murmur = escapeshellarg($_SESSION['MURMUR']);
+        $v_murmur = escapeshellarg($_SESSION['token']);
         exec(HESTIA_CMD."v-log-user-logout ".$v_user." ".$v_murmur, $output, $return_var);
     }
     

web/templates/login_1.html

@@ -11,7 +11,7 @@
                                     <form method="post" action="/login/" id="form_login">
                                     <input type="hidden" name="token" value="<?php echo $_SESSION['token']; ?>">
                                     <input type="hidden" name="user" value="<?php echo $_POST['user']; ?>">
-                                    <input type="hidden" name="murmur" value="<?php echo $_POST['murmur']; ?>" id="murmur">    
+                                    <input type="hidden" name="murmur" value="<?php echo $_SESSION['token']; ?>" id="murmur">    
                                     <table class="login-box">
                                         <tr>
                                             <td style="padding: 12px 0 0 2px;" class="login-welcome">