Skip to content

Commit

Permalink
Merge pull request #1069 from itflow-org/client-http-header-loginfail
Browse files Browse the repository at this point in the history
Show a 401 header for unsuccessful portal logins
  • Loading branch information
johnnyq authored Sep 21, 2024
2 parents c5575e7 + 0e4f57e commit d33e5cd
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions portal/login.php
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,7 @@
$password = $_POST['password'];

if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
header("HTTP/1.1 401 Unauthorized");
$_SESSION['login_message'] = 'Invalid e-mail';
} else {
$sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_email = '$email' AND contact_archived_at IS NULL LIMIT 1");
Expand All @@ -68,11 +69,13 @@

} else {
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Client Login', log_action = 'Failed', log_description = 'Failed client portal login attempt using $email', log_ip = '$ip', log_user_agent = '$user_agent'");
header("HTTP/1.1 401 Unauthorized");
$_SESSION['login_message'] = 'Incorrect username or password.';
}

} else {
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Client Login', log_action = 'Failed', log_description = 'Failed client portal login attempt using $email', log_ip = '$ip', log_user_agent = '$user_agent'");
header("HTTP/1.1 401 Unauthorized");
$_SESSION['login_message'] = 'Incorrect username or password.';
}
}
Expand Down

0 comments on commit d33e5cd

Please sign in to comment.