lindeas
/
jilo-web
1
1
Fork 0
Code Issues Pull Requests Packages Projects Releases 7 Wiki Activity

Compare commits

base: lindeas:b239b736899893c6c28a508870d32402a744daad
Branches Tags
lindeas:main
lindeas:v0.4.1
lindeas:v0.4
lindeas:v0.3
lindeas:v0.2.1
lindeas:v0.2
lindeas:v0.1.1
lindeas:v0.1
..
compare: lindeas:dbd0ab5f0e84dd829c43093665ebb0d55e639093
Branches Tags
lindeas:main
lindeas:v0.4.1
lindeas:v0.4
lindeas:v0.3
lindeas:v0.2.1
lindeas:v0.2
lindeas:v0.1.1
lindeas:v0.1

No commits in common. "b239b736899893c6c28a508870d32402a744daad" and "dbd0ab5f0e84dd829c43093665ebb0d55e639093" have entirely different histories.
b239b73689 ... dbd0ab5f0e

3 changed files with 20 additions and 66 deletions
Show Stats Expand all files Collapse all files

39
app/classes/twoFactorAuth.php
View File

@ -1,9 +1,5 @@
<?php
// Already required in index.php, but we require it here,
// because this class could be used standalone
require_once __DIR__ . '/../helpers/logger_loader.php';
/**
* Class TwoFactorAuthentication
*
@ -102,10 +98,7 @@ class TwoFactorAuthentication {
if ($code !== null) {
// Verify the setup code
if (!$this->verify($userId, $code)) {
app_log('warning', '2FA setup code verification failed', [
'scope' => 'security',
'user_id' => $userId,
]);
error_log("Code verification failed");
return false;
}
@ -124,10 +117,7 @@ class TwoFactorAuthentication {
if ($this->db->inTransaction()) {
$this->db->rollBack();
}
app_log('error', '2FA enable error: ' . $e->getMessage(), [
'scope' => 'security',
'user_id' => $userId,
]);
error_log('2FA enable error: ' . $e->getMessage());
return false;
}
}
@ -167,10 +157,7 @@ class TwoFactorAuthentication {
return false;
} catch (Exception $e) {
app_log('error', '2FA verification error: ' . $e->getMessage(), [
'scope' => 'security',
'user_id' => $userId,
]);
error_log('2FA verification error: ' . $e->getMessage());
return false;
}
}
@ -364,10 +351,7 @@ class TwoFactorAuthentication {
return false;
} catch (Exception $e) {
app_log('error', 'Backup code verification error: ' . $e->getMessage(), [
'scope' => 'security',
'user_id' => $userId,
]);
error_log('Backup code verification error: ' . $e->getMessage());
return false;
}
}
@ -394,10 +378,7 @@ class TwoFactorAuthentication {
return $stmt->execute([$userId]);
} catch (Exception $e) {
app_log('error', '2FA disable error: ' . $e->getMessage(), [
'scope' => 'security',
'user_id' => $userId,
]);
error_log('2FA disable error: ' . $e->getMessage());
return false;
}
}
@ -416,10 +397,7 @@ class TwoFactorAuthentication {
return $result && $result['enabled'];
} catch (Exception $e) {
app_log('error', '2FA status check error: ' . $e->getMessage(), [
'scope' => 'security',
'user_id' => $userId,
]);
error_log('2FA status check error: ' . $e->getMessage());
return false;
}
}
@ -435,10 +413,7 @@ class TwoFactorAuthentication {
return $stmt->fetch(PDO::FETCH_ASSOC);
} catch (Exception $e) {
app_log('error', 'Failed to get user 2FA settings: ' . $e->getMessage(), [
'scope' => 'security',
'user_id' => $userId,
]);
error_log('Failed to get user 2FA settings: ' . $e->getMessage());
return null;
}
}

22
app/helpers/logger_loader.php
View File

@ -13,25 +13,3 @@ function getLoggerInstance($database) {
require_once __DIR__ . '/../core/NullLogger.php';
return new \App\Core\NullLogger();
}
if (!function_exists('app_log')) {
/**
* Lightweight logging helper that prefers the plugin logger but falls back to NullLogger.
*/
function app_log(string $level, string $message, array $context = []): void {
global $logObject;
if (isset($logObject) && is_object($logObject) && method_exists($logObject, 'log')) {
$logObject->log($level, $message, $context);
return;
}
static $fallbackLogger = null;
if ($fallbackLogger === null) {
require_once __DIR__ . '/../core/NullLogger.php';
$fallbackLogger = new \App\Core\NullLogger();
}
$fallbackLogger->log($level, $message, $context);
}
}

23
public_html/index.php
View File

@ -122,10 +122,18 @@ $pipeline->add(function() {
return true;
});
// Always detect authenticated session so templates shared
// between public and private pages behave consistently.
// For public pages, we don't need to validate the session
// The Router will handle authentication for protected pages
$validSession = false;
$userId = null;
// Only check session for non-public pages
if (!in_array($page, $public_pages)) {
$validSession = Session::isValidSession(true);
$userId = $validSession ? Session::getUserId() : null;
if ($validSession) {
$userId = Session::getUserId();
}
}
// Initialize feedback message system
require_once '../app/classes/feedback.php';
@ -154,9 +162,6 @@ $allowed_urls = filter_allowed_urls($allowed_urls);
require_once __DIR__ . '/../app/core/Router.php';
use App\Core\Router;
$currentUser = Router::checkAuth($config, $app_root, $public_pages, $page);
if ($currentUser === null && $validSession) {
$currentUser = Session::getUsername();
}
// Connect to DB via DatabaseConnector
require_once __DIR__ . '/../app/core/DatabaseConnector.php';
@ -171,8 +176,6 @@ use App\Core\LogThrottler;
require_once __DIR__ . '/../app/core/NullLogger.php';
use App\Core\NullLogger;
$logObject = new NullLogger();
require_once __DIR__ . '/../app/helpers/logger_loader.php';
// Get the user IP
require_once __DIR__ . '/../app/helpers/ip_helper.php';
$user_IP = '';
@ -217,9 +220,7 @@ try {
}
} catch (\Throwable $e) {
// Do not break the app; log only
app_log('error', 'Migration check failed: ' . $e->getMessage(), [
'scope' => 'system',
]);
error_log('Migration check failed: ' . $e->getMessage());
}
// CSRF middleware and run pipeline