Phase 2: Add comprehensive audit logging
- Created AuditLogger service class (360+ lines)
* 16 action type constants (LOGIN_SUCCESS, PAYMENT_FAILURE, etc.)
* log() - main logging method with flexible parameters
* logLogin() - specialized login audit logging
* logLogout() - session termination tracking
* logPasswordChange() - credential change tracking
* logBookingCreate() - booking audit trail
* logPayment() - payment attempt/result tracking
* logMembership() - membership action tracking
* logAccessDenied() - authorization failure logging
* getRecentLogs() - retrieve audit history
* getLogsByAction() - filter logs by action type
- Integrated audit logging into validate_login.php:
* Logs all login attempts (success and failures)
* Captures failure reasons (invalid password, not verified, etc.)
* Logs Google OAuth registrations and logins
* Logs email/password login attempts
* Captures IP address for each log entry
* Includes timestamp (via database NOW())
- Audit Log Fields:
* user_id - identifier of user performing action
* action - action type (e.g., login_success)
* status - success/failure/pending
* ip_address - client IP (handles proxy/load balancer)
* details - JSON-encoded metadata
* created_at - timestamp
- Design Features:
* Uses DatabaseService singleton for connections
* Graceful error handling (doesn't break application)
* JSON serialization of complex data for analysis
* IP detection handles proxies and load balancers
* Constants for action types enable IDE autocomplete
* Extensible for additional event types
- Security Benefits:
* Complete login audit trail for fraud detection
* Failed login attempts tracked (detects brute force)
* IP address recorded for geo-blocking/analysis
* Timestamps enable timeline correlation
* Action types enable targeted monitoring
86f69474cc