From 0e4f57eaedce6b9a608021fa8c2c4d525d4ad9a8 Mon Sep 17 00:00:00 2001
From: wrongecho <marcus@itflow.org>
Date: Sat, 21 Sep 2024 13:45:47 +0100
Subject: [PATCH] Show a 401 header for unsuccessful portal logins

---
 portal/login.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/portal/login.php b/portal/login.php
index 6d6ce3dbd..c436ecae5 100644
--- a/portal/login.php
+++ b/portal/login.php
@@ -50,6 +50,7 @@
     $password = $_POST['password'];
 
     if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
+        header("HTTP/1.1 401 Unauthorized");
         $_SESSION['login_message'] = 'Invalid e-mail';
     } else {
         $sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_email = '$email' AND contact_archived_at IS NULL LIMIT 1");
@@ -68,11 +69,13 @@
 
             } else {
                 mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Client Login', log_action = 'Failed', log_description = 'Failed client portal login attempt using $email', log_ip = '$ip', log_user_agent = '$user_agent'");
+                header("HTTP/1.1 401 Unauthorized");
                 $_SESSION['login_message'] = 'Incorrect username or password.';
             }
 
         } else {
             mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Client Login', log_action = 'Failed', log_description = 'Failed client portal login attempt using $email', log_ip = '$ip', log_user_agent = '$user_agent'");
+            header("HTTP/1.1 401 Unauthorized");
             $_SESSION['login_message'] = 'Incorrect username or password.';
         }
     }