86f69474cc
- Created AuditLogger service class (360+ lines) * 16 action type constants (LOGIN_SUCCESS, PAYMENT_FAILURE, etc.) * log() - main logging method with flexible parameters * logLogin() - specialized login audit logging * logLogout() - session termination tracking * logPasswordChange() - credential change tracking * logBookingCreate() - booking audit trail * logPayment() - payment attempt/result tracking * logMembership() - membership action tracking * logAccessDenied() - authorization failure logging * getRecentLogs() - retrieve audit history * getLogsByAction() - filter logs by action type - Integrated audit logging into validate_login.php: * Logs all login attempts (success and failures) * Captures failure reasons (invalid password, not verified, etc.) * Logs Google OAuth registrations and logins * Logs email/password login attempts * Captures IP address for each log entry * Includes timestamp (via database NOW()) - Audit Log Fields: * user_id - identifier of user performing action * action - action type (e.g., login_success) * status - success/failure/pending * ip_address - client IP (handles proxy/load balancer) * details - JSON-encoded metadata * created_at - timestamp - Design Features: * Uses DatabaseService singleton for connections * Graceful error handling (doesn't break application) * JSON serialization of complex data for analysis * IP detection handles proxies and load balancers * Constants for action types enable IDE autocomplete * Extensible for additional event types - Security Benefits: * Complete login audit trail for fraud detection * Failed login attempts tracked (detects brute force) * IP address recorded for geo-blocking/analysis * Timestamps enable timeline correlation * Action types enable targeted monitoring
8.5 KiB
8.5 KiB