3.53 audit log and membership plugin

2 posts by 2 authors in: Forums > CMS Builder
Last Post: March 16, 2020   (RSS)

By daniel - March 16, 2020

Hi Jeff,

The Audit Log was generally intended to track login attempts to the CMS admin, rather than general web logins. The "user_web" field does log their details if they're already logged in as a web user, but the logging action doesn't trigger via the WebsiteMembership login code. I can see the utility of being able to enable this, though, so that may be a good feature for a future update to the plugin.

In the meantime, if you'd like to customize the plugin to include the logging, you can do so by adding the auditLog_addEntry() function call to _websiteLogin_login() in websiteMembership.php. You could add them in/after the error checking block which could look something like this:

  // error checking
  if      (!@$_REQUEST['username']) { alert(t("Please enter a username!"). "<br>\n"); }
  else if (!@$_REQUEST['password']) { alert(t("Please enter a password!"). "<br>\n"); }
  else if (!$CURRENT_USER)          { alert(t("Invalid username or password!"). "<br>\n"); }
  if (function_exists('wsm_login_errorchecking')) { alert(wsm_login_errorchecking($CURRENT_USER)); }
  if (alert()) {
    auditLog_addEntry('Web Login: Failure', [ 'username' => $_REQUEST['username'] ]);
    return;
  }
  auditLog_addEntry('Web Login: Success', [ 'username' => $_REQUEST['username'] ]);

Let me know if you have any questions!

Thanks,

Daniel
Technical Lead
interactivetools.com