From e34a11d70c72da029c203a186bd526136b187bd2 Mon Sep 17 00:00:00 2001
From: xiaomlove <i353856593@163.com>
Date: Thu, 25 Aug 2022 22:07:57 +0800
Subject: [PATCH] more signin log

---
 app/Http/Controllers/AuthenticateController.php |  1 +
 include/functions.php                           | 13 ++++++++-----
 public/takelogin.php                            |  7 ++++++-
 3 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/app/Http/Controllers/AuthenticateController.php b/app/Http/Controllers/AuthenticateController.php
index 392fff18..572ca7b5 100644
--- a/app/Http/Controllers/AuthenticateController.php
+++ b/app/Http/Controllers/AuthenticateController.php
@@ -51,6 +51,7 @@ class AuthenticateController extends Controller
             $user = User::query()->where('passkey', $passkey)->first(['id', 'passhash']);
             if ($user) {
                 $passhash = md5($user->passhash . $_SERVER["REMOTE_ADDR"]);
+                do_log(sprintf('passhash: %s, remote_addr: %s, md5: %s', $user->passhash, $_SERVER["REMOTE_ADDR"], $passhash));
                 logincookie($user->id, $passhash,false, 86400 * 30, true, true, true);
                 $user->last_login = now();
                 $user->save();
diff --git a/include/functions.php b/include/functions.php
index d2d0f16f..98a454d5 100644
--- a/include/functions.php
+++ b/include/functions.php
@@ -1976,16 +1976,19 @@ function userlogin() {
 
 	if ($_COOKIE["c_secure_login"] == base64("yeah"))
 	{
-
-		if ($_COOKIE["c_secure_pass"] != md5($row["passhash"].$_SERVER["REMOTE_ADDR"])) {
-            do_log("$log, secure login == yeah, c_secure_pass invalid");
+        $md5 = md5($row["passhash"].$_SERVER["REMOTE_ADDR"]);
+        $log .= ", secure login == yeah, passhash: {$row['passhash']}, remote_addr: {$_SERVER["REMOTE_ADDR"]}, md5: $md5";
+		if ($_COOKIE["c_secure_pass"] != $md5) {
+		    do_log("$log, c_secure_pass != md5");
             return $loginResult = false;
         }
 	}
 	else
 	{
-		if ($_COOKIE["c_secure_pass"] !== md5($row["passhash"])) {
-            do_log("$log, c_secure_pass invalid");
+	    $md5 = md5($row["passhash"]);
+        $log .= "$log, passhash: {$row['passhash']}, md5: $md5";
+		if ($_COOKIE["c_secure_pass"] !== $md5) {
+            do_log("$log, c_secure_pass != md5");
             return $loginResult = false;
         }
 	}
diff --git a/public/takelogin.php b/public/takelogin.php
index 5719c980..439b3199 100644
--- a/public/takelogin.php
+++ b/public/takelogin.php
@@ -33,7 +33,7 @@ if (!empty($row['two_step_secret'])) {
         failedlogins($lang_takelogin['std_invalid_two_step_code']);
     }
 }
-
+$log = "user: " . $row['id'];
 if ($row["passhash"] != md5($row["secret"] . $password . $row["secret"]))
 	login_failedlogins();
 
@@ -44,11 +44,13 @@ if (isset($_POST["securelogin"]) && $_POST["securelogin"] == "yes")
 {
 	$securelogin_indentity_cookie = true;
 	$passh = md5($row["passhash"].$_SERVER["REMOTE_ADDR"]);
+	$log .= ", secure login == yeah, passhash: {$row['passhash']}, remote_addr: {$_SERVER["REMOTE_ADDR"]}, md5: $passh";
 }
 else
 {
 	$securelogin_indentity_cookie = false;
 	$passh = md5($row["passhash"]);
+    $log .= ",  passhash: {$row['passhash']}, md5: $passh";
 }
 
 if ($securelogin=='yes' || (isset($_POST["ssl"]) && $_POST["ssl"] == "yes"))
@@ -69,6 +71,9 @@ else
 {
 	$trackerssl = false;
 }
+
+do_log($log);
+
 if (isset($_POST["logout"]) && $_POST["logout"] == "yes")
 {
 	logincookie($row["id"], $passh,1,900,$securelogin_indentity_cookie, $ssl, $trackerssl);