From 2db9187968315fc4b3553a04b0e1b0b874d92466 Mon Sep 17 00:00:00 2001
From: Skylar Ittner <admin@netsyms.com>
Date: Fri, 23 Jun 2017 15:48:45 -0600
Subject: [PATCH] Add API for sending alert emails

---
 api.php        | 15 +++++++++++++++
 lang/en_us.php |  2 +-
 lib/login.php  |  4 ++--
 3 files changed, 18 insertions(+), 3 deletions(-)

diff --git a/api.php b/api.php
index 8e82bfc..02679e8 100644
--- a/api.php
+++ b/api.php
@@ -264,6 +264,21 @@ switch ($VARS['action']) {
         }
         $user_key_valid = $database->has('mobile_codes', ['[>]accounts' => ['uid' => 'uid']], ["AND" => ['mobile_codes.code' => $VARS['code'], 'accounts.username' => $VARS['username']]]);
         exit(json_encode(["status" => "OK", "valid" => $user_key_valid]));
+    case "alertemail":
+        engageRateLimit();
+        if (is_empty($VARS['username']) || !user_exists($VARS['username'])) {
+            http_response_code(400);
+            die("\"400 Bad Request\"");
+        }
+        $appname = "???";
+        if (!is_empty($VARS['appname'])) {
+            $appname = $VARS['appname'];
+        }
+        $result = sendLoginAlertEmail($VARS['username'], $appname);
+        if ($result === TRUE) {
+            exit(json_encode(["status" => "OK"]));
+        }
+        exit(json_encode(["status" => "ERROR", "msg" => $result]));
     default:
         http_response_code(404);
         die(json_encode("404 Not Found: the requested action is not available."));
diff --git a/lang/en_us.php b/lang/en_us.php
index 300bcd0..0d23f80 100644
--- a/lang/en_us.php
+++ b/lang/en_us.php
@@ -53,5 +53,5 @@ $STRINGS = [
     "login failed try on web" => "There is a problem with your account. Visit Portal via a web browser for more information.",
     "mobile login disabled" => "Mobile login has been disabled by your system administrator.  Contact technical support for more information.",
     "admin alert email subject" => "Alert: User login notification",
-    "admin alert email message" => "You (or another administrator) requested to be notified when user \"{username}\" logged in, an event which happened just now.\r\n\r\nUsername: {username}\r\nDate/Time: {datetime}\r\nIP address: {ipaddr}",
+    "admin alert email message" => "You (or another administrator) requested to be notified when user \"{username}\" logged in, an event which happened just now.\r\n\r\nUsername: \t{username}\r\nApplication: \t{appname}\r\nDate/Time: \t{datetime}\r\nIP address: \t{ipaddr}",
 ];
diff --git a/lib/login.php b/lib/login.php
index 6b715a4..0b7b3dd 100644
--- a/lib/login.php
+++ b/lib/login.php
@@ -282,7 +282,7 @@ function doLoginUser($username, $password) {
  * @param String $username the account username
  * @return Mixed TRUE if successful, error string if not
  */
-function sendLoginAlertEmail($username) {
+function sendLoginAlertEmail($username, $appname = "Portal") {
     if (is_empty(ADMIN_EMAIL) || filter_var(ADMIN_EMAIL, FILTER_VALIDATE_EMAIL) === FALSE) {
         return "false";
     }
@@ -319,7 +319,7 @@ function sendLoginAlertEmail($username) {
     $mail->addAddress(ADMIN_EMAIL, "System Admin");
     $mail->isHTML(false);
     $mail->Subject = lang("admin alert email subject", false);
-    $mail->Body = lang2("admin alert email message", ["username" => $username, "datetime" => date("Y-m-d H:i:s"), "ipaddr" => getClientIP()], false);
+    $mail->Body = lang2("admin alert email message", ["username" => $username, "datetime" => date("Y-m-d H:i:s"), "ipaddr" => getClientIP(), "appname" => $appname], false);
 
     if (!$mail->send()) {
         return $mail->ErrorInfo;