From 8db9822f6396dda5223ec0a6fa7c23d9a15104dd Mon Sep 17 00:00:00 2001
From: Marcus Hill <bcf8c9f2@opayq.com>
Date: Sun, 30 Jun 2024 11:51:39 +0100
Subject: [PATCH] Add audit log cleanup/retention period to cron

Audit logs will be automatically cleaned up after 90 days (new installs) or 7 years (existing installs). This is configurable in Settings > Security.
---
 cron.php              | 10 ++++++++--
 database_updates.php  | 19 +++++++++++++------
 database_version.php  |  2 +-
 db.sql                |  1 +
 get_settings.php      |  1 +
 post/setting.php      |  3 ++-
 settings_security.php | 10 ++++++++++
 7 files changed, 36 insertions(+), 10 deletions(-)

diff --git a/cron.php b/cron.php
index de0f44db5..029b18b7f 100644
--- a/cron.php
+++ b/cron.php
@@ -67,9 +67,12 @@
 $config_enable_alert_domain_expire = intval($row['config_enable_alert_domain_expire']);
 $config_send_invoice_reminders = intval($row['config_send_invoice_reminders']);
 
-// Remmeber Token Expire
+// Remember-me Token Expiry
 $config_login_remember_me_expire = intval($row['config_login_remember_me_expire']);
 
+// Log retention
+$config_log_retention = intval($row['config_log_retention']);
+
 // Set Currency Format
 $currency_format = numfmt_create($company_locale, NumberFormatter::CURRENCY);
 
@@ -120,9 +123,12 @@
 // Clean-up mail queue
 mysqli_query($mysqli, "DELETE FROM email_queue WHERE email_queued_at < CURDATE() - INTERVAL 90 DAY");
 
-// Clean-up old remember me tokens (2 or more days old)
+// Clean-up old remember me tokens
 mysqli_query($mysqli, "DELETE FROM remember_tokens WHERE remember_token_created_at < CURDATE() - INTERVAL $config_login_remember_me_expire DAY");
 
+// Cleanup old audit logs
+mysqli_query($mysqli, "DELETE FROM logs WHERE log_created_at < CURDATE() - INTERVAL $config_log_retention DAY");
+
 //Logging
 //mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Cron', log_action = 'Task', log_description = 'Cron cleaned up old data'");
 
diff --git a/database_updates.php b/database_updates.php
index 5fbd21c63..0d0af3aec 100644
--- a/database_updates.php
+++ b/database_updates.php
@@ -1944,7 +1944,7 @@
 
     if (CURRENT_DATABASE_VERSION == '1.3.6') {
         mysqli_query($mysqli, "ALTER TABLE `clients` ADD `client_abbreviation` VARCHAR(10) DEFAULT NULL AFTER `client_tax_id_number`");
-    
+
         mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.3.7'");
      }
 
@@ -1975,7 +1975,7 @@
         )");
 
         mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.3.9'");
-    
+
     }
 
     if (CURRENT_DATABASE_VERSION == '1.3.9') {
@@ -2073,14 +2073,21 @@
         mysqli_query($mysqli, "ALTER TABLE `assets` ADD `asset_photo` VARCHAR(200) DEFAULT NULL AFTER `asset_install_date`");
 
         mysqli_query($mysqli, "ALTER TABLE `assets` ADD `asset_physical_location` VARCHAR(200) DEFAULT NULL AFTER `asset_photo`");
-    
+
         mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.4.1'");
     }
 
-    // if (CURRENT_DATABASE_VERSION == '1.4.1') {
-    //     // Insert queries here required to update to DB version 1.4.2
+    if (CURRENT_DATABASE_VERSION == '1.4.1') {
+        mysqli_query($mysqli, "ALTER TABLE `settings` ADD `config_log_retention` INT(11) NOT NULL DEFAULT '90' AFTER `config_login_remember_me_expire`;");
+        mysqli_query($mysqli, "UPDATE `settings` SET `config_log_retention` = '2555' WHERE company_id = 1;"); // Set to 7 years for existing installs
+
+        mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.4.2'");
+    }
+
+    // if (CURRENT_DATABASE_VERSION == '1.4.2') {
+    //     // Insert queries here required to update to DB version 1.4.3
     //     // Then, update the database to the next sequential version
-    //     mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.4.2'");
+    //     mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.4.3'");
     // }
 
 } else {
diff --git a/database_version.php b/database_version.php
index c4e949b43..d8db970e6 100644
--- a/database_version.php
+++ b/database_version.php
@@ -5,4 +5,4 @@
  * It is used in conjunction with database_updates.php
  */
 
-DEFINE("LATEST_DATABASE_VERSION", "1.4.1");
+DEFINE("LATEST_DATABASE_VERSION", "1.4.2");
diff --git a/db.sql b/db.sql
index 22c33ec01..cceaca6cf 100644
--- a/db.sql
+++ b/db.sql
@@ -1501,6 +1501,7 @@ CREATE TABLE `settings` (
   `config_login_key_required` tinyint(1) NOT NULL DEFAULT 0,
   `config_login_key_secret` varchar(255) DEFAULT NULL,
   `config_login_remember_me_expire` int(11) NOT NULL DEFAULT 3,
+  `config_log_retention` int(11) NOT NULL DEFAULT 90,
   `config_module_enable_ticketing` tinyint(1) NOT NULL DEFAULT 1,
   `config_theme` varchar(200) DEFAULT 'blue',
   `config_telemetry` tinyint(1) DEFAULT 0,
diff --git a/get_settings.php b/get_settings.php
index e4d67fa9b..01db4e91a 100644
--- a/get_settings.php
+++ b/get_settings.php
@@ -113,6 +113,7 @@
 $config_login_key_required = $row['config_login_key_required'];
 $config_login_key_secret = $row['config_login_key_secret'];
 $config_login_remember_me_expire = intval($row['config_login_remember_me_expire']);
+$config_log_retention = intval($row['config_log_retention']);
 
 // Locale
 $config_currency_format = "US_en";
diff --git a/post/setting.php b/post/setting.php
index 50aafeb14..5e9b77040 100644
--- a/post/setting.php
+++ b/post/setting.php
@@ -545,8 +545,9 @@
     $config_login_key_required = intval($_POST['config_login_key_required']);
     $config_login_key_secret = sanitizeInput($_POST['config_login_key_secret']);
     $config_login_remember_me_expire = intval($_POST['config_login_remember_me_expire']);
+    $config_log_retention = intval($_POST['config_log_retention']);
 
-    mysqli_query($mysqli,"UPDATE settings SET config_login_message = '$config_login_message', config_login_key_required = '$config_login_key_required', config_login_key_secret = '$config_login_key_secret', config_login_remember_me_expire = $config_login_remember_me_expire WHERE company_id = 1");
+    mysqli_query($mysqli,"UPDATE settings SET config_login_message = '$config_login_message', config_login_key_required = '$config_login_key_required', config_login_key_secret = '$config_login_key_secret', config_login_remember_me_expire = $config_login_remember_me_expire, config_log_retention = $config_log_retention WHERE company_id = 1");
 
     // Logging
     mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Settings', log_action = 'Modify', log_description = '$session_name modified login key settings', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
diff --git a/settings_security.php b/settings_security.php
index 70671cd9d..175497afa 100644
--- a/settings_security.php
+++ b/settings_security.php
@@ -43,6 +43,16 @@
                 </div>
             </div>
 
+            <div class="form-group">
+                <label>Log retention <small class="text-secondary">(The amount of days before audit logs are deleted during nightly cron)</small></label>
+                <div class="input-group">
+                    <div class="input-group-prepend">
+                        <span class="input-group-text"><i class="fa fa-fw fa-clock"></i></span>
+                    </div>
+                    <input type="number" class="form-control" name="config_log_retention" placeholder="Enter days to retain" value="<?php echo intval($config_log_retention); ?>">
+                </div>
+            </div>
+
             <hr>
 
             <button type="submit" name="edit_security_settings" class="btn btn-primary text-bold"><i class="fas fa-check mr-2"></i>Save</button>