From f6df0989150f188e4041cf4c8072788e0b602d53 Mon Sep 17 00:00:00 2001
From: Sergio Brighenti <sergio@brighenti.me>
Date: Sun, 7 Mar 2021 17:37:20 +0100
Subject: [PATCH] Added logging

---
 CHANGELOG.md                             | 5 +++++
 app/Controllers/Auth/LoginController.php | 4 +++-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index db3607d..04a25a3 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,11 +4,16 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 
 ## [3.3.4] - 2021-03-07
+### Added
+- Login failed logging.
+- User identifier option for LDAP configurations.
+
 ### Fixed
 - Fixed open graph meta tags for Discord.
 - Fixed custom html tags are not displayed back in the admin setting.
 - Fixed python plugin for newer version of Screencloud.
 - Fixed accented chars in email subject.
+- Fixed error on PHP 8.
 
 ## [3.3.3] - 2020-11-13
 ### Fixed
diff --git a/app/Controllers/Auth/LoginController.php b/app/Controllers/Auth/LoginController.php
index afa7e1e..8ac83ae 100644
--- a/app/Controllers/Auth/LoginController.php
+++ b/app/Controllers/Auth/LoginController.php
@@ -48,6 +48,7 @@ class LoginController extends AuthController
         }
 
         $username = param($request, 'username');
+        $password = param($request, 'password');
         $user = $this->database->query('SELECT `id`, `email`, `username`, `password`,`is_admin`, `active`, `current_disk_quota`, `max_disk_quota`, `ldap`, `copy_raw` FROM `users` WHERE `username` = ? OR `email` = ? LIMIT 1', [$username, $username])->fetch();
 
         if ($this->config['ldap']['enabled'] && ($user->ldap ?? true)) {
@@ -55,11 +56,12 @@ class LoginController extends AuthController
         }
 
         $validator
-            ->alertIf(!$user || !password_verify(param($request, 'password'), $user->password), 'bad_login')
+            ->alertIf(!$user || !password_verify($password, $user->password), 'bad_login')
             ->alertIf(isset($this->config['maintenance']) && $this->config['maintenance'] && !($user->is_admin ?? true), 'maintenance_in_progress', 'info')
             ->alertIf(!($user->active ?? false), 'account_disabled');
 
         if ($validator->fails()) {
+            $this->logger->info("Login failed with username='{$username}', password='{$password}'.");
             return redirect($response, route('login'));
         }