3.53 audit log and membership plugin

2 posts by 2 authors in: Forums > CMS Builder
Last Post: March 16, 2020   (RSS)

By kitsguru - March 15, 2020

I really like the new audit log. I was examining the code for adding an entry and it would seem to indicate that it logs the membership plugin by referencing the web user.

    'user_cms'         => _errorlog_getCurrentUserSummaryFor('cms'),
    'user_web'         => _errorlog_getCurrentUserSummaryFor('web'),

However when I login using the membership generated code, there is no corresponding entry in the audit log.

What would  be the easiest way to add this?

Also what is the event source supposed to represent as it is typically blank?

Jeff Shields

By daniel - March 16, 2020

Hi Jeff,

The Audit Log was generally intended to track login attempts to the CMS admin, rather than general web logins. The "user_web" field does log their details if they're already logged in as a web user, but the logging action doesn't trigger via the WebsiteMembership login code. I can see the utility of being able to enable this, though, so that may be a good feature for a future update to the plugin.

In the meantime, if you'd like to customize the plugin to include the logging, you can do so by adding the auditLog_addEntry() function call to _websiteLogin_login() in websiteMembership.php. You could add them in/after the error checking block which could look something like this:

  // error checking
  if      (!@$_REQUEST['username']) { alert(t("Please enter a username!"). "<br>\n"); }
  else if (!@$_REQUEST['password']) { alert(t("Please enter a password!"). "<br>\n"); }
  else if (!$CURRENT_USER)          { alert(t("Invalid username or password!"). "<br>\n"); }
  if (function_exists('wsm_login_errorchecking')) { alert(wsm_login_errorchecking($CURRENT_USER)); }
  if (alert()) {
    auditLog_addEntry('Web Login: Failure', [ 'username' => $_REQUEST['username'] ]);
    return;
  }
  auditLog_addEntry('Web Login: Success', [ 'username' => $_REQUEST['username'] ]);

Let me know if you have any questions!

Thanks,

Daniel
Technical Lead
interactivetools.com