126 $l = 'SELECT action,date_string,author,edit_summary,time_id,page_text FROM '.table_prefix.'logs WHERE log_type=\'security\' ORDER BY time_id DESC, action ASC LIMIT 5'; |
126 $l = 'SELECT action,date_string,author,edit_summary,time_id,page_text FROM '.table_prefix.'logs WHERE log_type=\'security\' ORDER BY time_id DESC, action ASC LIMIT 5'; |
127 } |
127 } |
128 $q = $db->sql_query($l); |
128 $q = $db->sql_query($l); |
129 while($r = $db->fetchrow()) |
129 while($r = $db->fetchrow()) |
130 { |
130 { |
|
131 if ( $r['action'] == 'illegal_page' ) |
|
132 { |
|
133 list($illegal_id, $illegal_ns) = unserialize($r['page_text']); |
|
134 $url = makeUrlNS($illegal_ns, $illegal_id, false, true); |
|
135 $title = get_page_title_ns($illegal_id, $illegal_ns); |
|
136 $class = ( isPage($paths->nslist[$illegal_ns] . $illegal_id) ) ? '' : ' class="wikilink-nonexistent"'; |
|
137 $illegal_link = '<a href="' . $url . '"' . $class . ' onclick="window.open(this.href); return false;">' . $title . '</a>'; |
|
138 } |
131 if($cls == 'row2') $cls = 'row1'; |
139 if($cls == 'row2') $cls = 'row1'; |
132 else $cls = 'row2'; |
140 else $cls = 'row2'; |
133 echo '<tr><td class="'.$cls.'">'; |
141 echo '<tr><td class="'.$cls.'">'; |
134 switch($r['action']) { |
142 switch($r['action']) |
|
143 { |
135 case "admin_auth_good": echo 'Successful elevated authentication'; if ( !empty($r['page_text']) ) { $level = $session->userlevel_to_string( intval($r['page_text']) ); echo "<br /><small>Authentication level: $level</small>"; } break; |
144 case "admin_auth_good": echo 'Successful elevated authentication'; if ( !empty($r['page_text']) ) { $level = $session->userlevel_to_string( intval($r['page_text']) ); echo "<br /><small>Authentication level: $level</small>"; } break; |
136 case "admin_auth_bad": echo 'Failed elevated authentication'; if ( !empty($r['page_text']) ) { $level = $session->userlevel_to_string( intval($r['page_text']) ); echo "<br /><small>Attempted auth level: $level</small>"; } break; |
145 case "admin_auth_bad": echo 'Failed elevated authentication'; if ( !empty($r['page_text']) ) { $level = $session->userlevel_to_string( intval($r['page_text']) ); echo "<br /><small>Attempted auth level: $level</small>"; } break; |
137 case "activ_good": echo 'Successful account activation'; break; |
146 case "activ_good": echo 'Successful account activation'; break; |
138 case "auth_good": echo 'Successful regular user logon'; break; |
147 case "auth_good": echo 'Successful regular user logon'; break; |
139 case "activ_bad": echo 'Failed account activation'; break; |
148 case "activ_bad": echo 'Failed account activation'; break; |
140 case "auth_bad": echo 'Failed regular user logon'; break; |
149 case "auth_bad": echo 'Failed regular user logon'; break; |
141 case "sql_inject": echo 'SQL injection attempt<div style="max-width: 90%; clip: rect(0px,auto,auto,0px); overflow: auto; display: block; font-size: smaller;">Offending query: ' . htmlspecialchars($r['page_text']) . '</div>'; break; |
150 case "sql_inject": echo 'SQL injection attempt<div style="max-width: 90%; clip: rect(0px,auto,auto,0px); overflow: auto; display: block; font-size: smaller;">Offending query: ' . htmlspecialchars($r['page_text']) . '</div>'; break; |
142 case "db_backup": echo 'Database backup created<br /><small>Tables: ' . $r['page_text'] . '</small>'; break; |
151 case "db_backup": echo 'Database backup created<br /><small>Tables: ' . $r['page_text'] . '</small>'; break; |
143 case "install_enano": echo "Installed Enano version {$r['page_text']}"; break; |
152 case "install_enano": echo "Installed Enano version {$r['page_text']}"; break; |
144 case "upgrade_enano": echo "Upgraded Enano to version {$r['page_text']}"; break; |
153 case "upgrade_enano": echo "Upgraded Enano to version {$r['page_text']}"; break; |
|
154 case "illegal_page": echo "Unauthorized viewing attempt<br /><small>Page: {$illegal_link}</small>"; break; |
145 } |
155 } |
146 echo '</td><td class="'.$cls.'">'.date('d M Y h:i a', $r['time_id']).'</td><td class="'.$cls.'">'.$r['author'].'</td><td class="'.$cls.'" style="cursor: pointer;" onclick="ajaxReverseDNS(this);" title="Click for reverse DNS info">'.$r['edit_summary'].'</td></tr>'; |
156 echo '</td><td class="'.$cls.'">'.date('d M Y h:i a', $r['time_id']).'</td><td class="'.$cls.'">'.$r['author'].'</td><td class="'.$cls.'" style="cursor: pointer;" onclick="ajaxReverseDNS(this);" title="Click for reverse DNS info">'.$r['edit_summary'].'</td></tr>'; |
147 } |
157 } |
148 $db->free_result(); |
158 $db->free_result(); |
149 } |
159 } |
786 global $db, $session, $paths, $template, $plugins; // Common objects |
796 global $db, $session, $paths, $template, $plugins; // Common objects |
787 if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN ) |
797 if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN ) |
788 { |
798 { |
789 echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>'; |
799 echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>'; |
790 return; |
800 return; |
|
801 } |
|
802 |
|
803 if ( isset($_GET['src']) && $_GET['src'] == 'get' && !empty($_GET['user']) ) |
|
804 { |
|
805 $_POST['go'] = true; |
|
806 $_POST['username'] = $_GET['user']; |
791 } |
807 } |
792 |
808 |
793 if(isset($_POST['go'])) |
809 if(isset($_POST['go'])) |
794 { |
810 { |
795 // We need the user ID before we can do anything |
811 // We need the user ID before we can do anything |
2310 if(defined('SQL_BACKUP_CRYPT')) |
2326 if(defined('SQL_BACKUP_CRYPT')) |
2311 // Try to increase our time limit |
2327 // Try to increase our time limit |
2312 @set_time_limit(300); // five minutes |
2328 @set_time_limit(300); // five minutes |
2313 // Do the actual export |
2329 // Do the actual export |
2314 $aesext = ( defined('SQL_BACKUP_CRYPT') ) ? '.tea' : ''; |
2330 $aesext = ( defined('SQL_BACKUP_CRYPT') ) ? '.tea' : ''; |
2315 $filename = 'enano_backup_' . date('dmy') . '.sql' . $aesext; |
2331 $filename = 'enano_backup_' . date('ymd') . '.sql' . $aesext; |
2316 ob_start(); |
2332 ob_start(); |
2317 header('Content-disposition: attachment, filename="'.$filename.'";'); |
2333 header('Content-disposition: attachment, filename="'.$filename.'";'); |
2318 header('Content-type: application/transact-sql'); |
2334 header('Content-type: application/transact-sql'); |
2319 // Spew some headers |
2335 // Spew some headers |
2320 $headdate = date('F d, Y \a\t h:i a'); |
2336 $headdate = date('F d, Y \a\t h:i a'); |
2340 // if($t == table_prefix.'files' && isset($_POST['do_data'])) |
2356 // if($t == table_prefix.'files' && isset($_POST['do_data'])) |
2341 // unset($tables[$i]); |
2357 // unset($tables[$i]); |
2342 } |
2358 } |
2343 foreach($tables as $t) |
2359 foreach($tables as $t) |
2344 { |
2360 { |
|
2361 // THE FOLLOWING COMMENT DOES NOT APPLY AS OF 1.0. |
2345 // Sorry folks - this script CAN'T backup enano_files, enano_search_index, and enano_search_cache due to the sheer size of the tables. |
2362 // Sorry folks - this script CAN'T backup enano_files, enano_search_index, and enano_search_cache due to the sheer size of the tables. |
2346 // If encryption is enabled the log data will be excluded too. |
2363 // If encryption is enabled the log data will be excluded too. |
2347 echo export_table( |
2364 echo export_table( |
2348 $t, |
2365 $t, |
2349 isset($_POST['do_struct']), |
2366 isset($_POST['do_struct']), |