plugins/admin/SecurityLog.php
author Dan Fuhry <dan@enanocms.org>
Thu, 01 Jul 2010 18:24:11 -0400
branch1.1.7-maintenance
changeset 1257 7365c9bf2106
parent 1175 1e2c9819ede3
child 1227 bdac73ed481e
permissions -rw-r--r--
Integrated XSS patch for 1.1.7 maintenance branch
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
109
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
     1
<?php
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
     2
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
     3
/*
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
     4
 * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
1081
745200a9cc2a Fixed some upgrade bugs; added support for choosing one's own date/time formats; rebrand as 1.1.7
Dan
parents: 1013
diff changeset
     5
 * Copyright (C) 2006-2009 Dan Fuhry
109
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
     6
 *
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
     7
 * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
     8
 * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
     9
 *
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    10
 * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    11
 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    12
 */
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    13
 
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    14
function page_Admin_SecurityLog()
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    15
{
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    16
  global $db, $session, $paths, $template, $plugins; // Common objects
358
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
    17
  global $lang;
109
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    18
  if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    19
  {
358
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
    20
    $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true);
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
    21
    echo '<h3>' . $lang->get('adm_err_not_auth_title') . '</h3>';
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
    22
    echo '<p>' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '</p>';
109
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    23
    return;
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    24
  }
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    25
  
140
40f7fa5fd061 Revamped the administrator's user CP, big time. The admin module now uses a smart form and enables all profile fields, including users_extra, to be changed. Passwords are encrypted when sent. The whole CP has been split off into a different file to accomodate the large amount of code.
Dan
parents: 128
diff changeset
    26
  // if ( defined('ENANO_DEMO_MODE') && substr($_SERVER['REMOTE_ADDR'], 0, 8) != '192.168.' )
40f7fa5fd061 Revamped the administrator's user CP, big time. The admin module now uses a smart form and enables all profile fields, including users_extra, to be changed. Passwords are encrypted when sent. The whole CP has been split off into a different file to accomodate the large amount of code.
Dan
parents: 128
diff changeset
    27
  // {
40f7fa5fd061 Revamped the administrator's user CP, big time. The admin module now uses a smart form and enables all profile fields, including users_extra, to be changed. Passwords are encrypted when sent. The whole CP has been split off into a different file to accomodate the large amount of code.
Dan
parents: 128
diff changeset
    28
  //   die('Security log is disabled in demo mode.');
40f7fa5fd061 Revamped the administrator's user CP, big time. The admin module now uses a smart form and enables all profile fields, including users_extra, to be changed. Passwords are encrypted when sent. The whole CP has been split off into a different file to accomodate the large amount of code.
Dan
parents: 128
diff changeset
    29
  // }
109
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    30
  
358
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
    31
  echo '<h3>' . $lang->get('acpsl_heading_main') . '</h3>';
109
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    32
  
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    33
  // Not calling the real fetcher because we have to paginate the results
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    34
  $offset = ( isset($_GET['offset']) ) ? intval($_GET['offset']) : 0;
1146
4a90e6e46937 PostgreSQL: fixed Admin:SecurityLog database error
Dan
parents: 1081
diff changeset
    35
  $q = $db->sql_query('SELECT COUNT(time_id) as num FROM '.table_prefix.'logs WHERE log_type=\'security\' GROUP BY log_id, time_id, log_type, action ORDER BY time_id DESC, action ASC;');
109
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    36
  if ( !$q )
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    37
    $db->_die();
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    38
  $row = $db->fetchrow();
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    39
  $db->free_result();
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    40
  $count = intval($row['num']);
1175
1e2c9819ede3 Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
parents: 1146
diff changeset
    41
1e2c9819ede3 Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
parents: 1146
diff changeset
    42
  $l = 'SELECT action,date_string,author,author_uid,u.username,edit_summary,time_id,page_text FROM '.table_prefix."logs AS l\n"
1e2c9819ede3 Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
parents: 1146
diff changeset
    43
     . "  LEFT JOIN " . table_prefix . "users AS u\n"
1e2c9819ede3 Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
parents: 1146
diff changeset
    44
     . "    ON ( u.user_id = l.author_uid OR u.user_id IS NULL )\n"
1e2c9819ede3 Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
parents: 1146
diff changeset
    45
     . "  WHERE log_type='security'\n"
1e2c9819ede3 Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
parents: 1146
diff changeset
    46
     . "  ORDER BY time_id DESC, action ASC;";
1e2c9819ede3 Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
parents: 1146
diff changeset
    47
         
1e2c9819ede3 Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
parents: 1146
diff changeset
    48
  $q = $db->sql_query($l);
109
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    49
  if ( !$q )
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    50
    $db->_die();
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    51
   
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    52
  $html = paginate(
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    53
      $q,
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    54
      '{time_id}',
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    55
      $count,
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    56
      makeUrlNS('Special', 'Administration', 'module=' . $paths->nslist['Admin'] . 'SecurityLog&offset=%s'),
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    57
      $offset,
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    58
      50,
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    59
      array('time_id' => 'seclog_format_inner'),
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    60
      '<div class="tblholder" style="/* max-height: 500px; clip: rect(0px,auto,auto,0px); overflow: auto; */"><table border="0" cellspacing="1" cellpadding="4" width="100%">
358
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
    61
       <tr>
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
    62
         <th style="width: 60%;">' . $lang->get('acpsl_col_type') . '</th>
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
    63
         <th>' . $lang->get('acpsl_col_date') . '</th>
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
    64
         <th>' . $lang->get('acpsl_col_username') . '</th>
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
    65
         <th>' . $lang->get('acpsl_col_ip') . '</th>
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
    66
       </tr>',
109
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    67
      '</table></div>'
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    68
    );
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    69
  
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    70
  echo $html;
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    71
  
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    72
}
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    73
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    74
function get_security_log($num = false)
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    75
{
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    76
  global $db, $session, $paths, $template, $plugins; // Common objects
659
16b5b89c8055 Fixed unlocalized column names in SecurityLog
Dan
parents: 536
diff changeset
    77
  global $lang;
16b5b89c8055 Fixed unlocalized column names in SecurityLog
Dan
parents: 536
diff changeset
    78
  
109
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    79
  if ( $session->auth_level < USER_LEVEL_ADMIN )
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    80
  {
1175
1e2c9819ede3 Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
parents: 1146
diff changeset
    81
    $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,author_uid) VALUES(\'security\',\'seclog_unauth\',' . time() . ', \'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\', \'' . $db->escape($session->username) . '\', ' . $session->user_id . ');');
109
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    82
    if ( !$q )
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    83
      $db->_die();
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    84
    die('Security log: unauthorized attempt to fetch. Call has been logged and reported to the administrators.');
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    85
  }
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    86
  
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    87
  $return = '<div class="tblholder" style="/* max-height: 500px; clip: rect(0px,auto,auto,0px); overflow: auto; */"><table border="0" cellspacing="1" cellpadding="4" width="100%">';
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    88
  $cls = 'row2';                                                                                               
659
16b5b89c8055 Fixed unlocalized column names in SecurityLog
Dan
parents: 536
diff changeset
    89
  $return .= '<tr><th style="width: 60%;">' . $lang->get('acpsl_col_type') . '</th><th>' . $lang->get('acpsl_col_date') . '</th><th>' . $lang->get('acpsl_col_username') . '</th><th>' . $lang->get('acpsl_col_ip') . '</th></tr>';
109
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    90
  $hash = sha1(microtime());
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    91
  if ( defined('ENANO_DEMO_MODE') )
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    92
  {
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    93
    require('config.php');
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    94
    $hash = md5($dbpasswd);
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    95
    unset($dbname, $dbhost, $dbuser, $dbpasswd);
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    96
    unset($dbname, $dbhost, $dbuser, $dbpasswd); // PHP5 Zend bug
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    97
  }
140
40f7fa5fd061 Revamped the administrator's user CP, big time. The admin module now uses a smart form and enables all profile fields, including users_extra, to be changed. Passwords are encrypted when sent. The whole CP has been split off into a different file to accomodate the large amount of code.
Dan
parents: 128
diff changeset
    98
  // if ( defined('ENANO_DEMO_MODE') && !isset($_GET[ $hash ]) && substr($_SERVER['REMOTE_ADDR'], 0, 8) != '192.168.' )
40f7fa5fd061 Revamped the administrator's user CP, big time. The admin module now uses a smart form and enables all profile fields, including users_extra, to be changed. Passwords are encrypted when sent. The whole CP has been split off into a different file to accomodate the large amount of code.
Dan
parents: 128
diff changeset
    99
  // {
40f7fa5fd061 Revamped the administrator's user CP, big time. The admin module now uses a smart form and enables all profile fields, including users_extra, to be changed. Passwords are encrypted when sent. The whole CP has been split off into a different file to accomodate the large amount of code.
Dan
parents: 128
diff changeset
   100
  //   $return .= '<tr><td class="row1" colspan="4">Logs are recorded but not displayed for privacy purposes in the demo.</td></tr>';
40f7fa5fd061 Revamped the administrator's user CP, big time. The admin module now uses a smart form and enables all profile fields, including users_extra, to be changed. Passwords are encrypted when sent. The whole CP has been split off into a different file to accomodate the large amount of code.
Dan
parents: 128
diff changeset
   101
  // }
40f7fa5fd061 Revamped the administrator's user CP, big time. The admin module now uses a smart form and enables all profile fields, including users_extra, to be changed. Passwords are encrypted when sent. The whole CP has been split off into a different file to accomodate the large amount of code.
Dan
parents: 128
diff changeset
   102
  // else
40f7fa5fd061 Revamped the administrator's user CP, big time. The admin module now uses a smart form and enables all profile fields, including users_extra, to be changed. Passwords are encrypted when sent. The whole CP has been split off into a different file to accomodate the large amount of code.
Dan
parents: 128
diff changeset
   103
  // {
1175
1e2c9819ede3 Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
parents: 1146
diff changeset
   104
    $limit_clause = is_int($num) ? " LIMIT $num" : '';
1e2c9819ede3 Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
parents: 1146
diff changeset
   105
    $l = 'SELECT action,date_string,author,author_uid,u.username,edit_summary,time_id,page_text FROM '.table_prefix."logs AS l\n"
1e2c9819ede3 Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
parents: 1146
diff changeset
   106
         . "  LEFT JOIN " . table_prefix . "users AS u\n"
1e2c9819ede3 Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
parents: 1146
diff changeset
   107
         . "    ON ( u.user_id = l.author_uid OR u.user_id IS NULL )\n"
1e2c9819ede3 Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
parents: 1146
diff changeset
   108
         . "  WHERE log_type='security'\n"
1e2c9819ede3 Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
parents: 1146
diff changeset
   109
         . "  ORDER BY time_id DESC, action ASC{$limit_clause};";
1e2c9819ede3 Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
parents: 1146
diff changeset
   110
    
109
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   111
    $q = $db->sql_query($l);
413
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 411
diff changeset
   112
    while($r = $db->fetchrow($q))
109
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   113
    {
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   114
      $return .= seclog_format_inner($r);
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   115
    }
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   116
    $db->free_result();
140
40f7fa5fd061 Revamped the administrator's user CP, big time. The admin module now uses a smart form and enables all profile fields, including users_extra, to be changed. Passwords are encrypted when sent. The whole CP has been split off into a different file to accomodate the large amount of code.
Dan
parents: 128
diff changeset
   117
  // }
109
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   118
  $return .= '</table></div>';
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   119
  
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   120
  return $return;
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   121
}
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   122
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   123
function seclog_format_inner($r, $f = false)
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   124
{
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   125
  if ( is_array($f) )
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   126
  {
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   127
    unset($r);
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   128
    $r =& $f;
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   129
  }
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   130
  global $db, $session, $paths, $template, $plugins; // Common objects
358
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
   131
  global $lang;
109
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   132
  $return = '';
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   133
  static $cls = 'row2';
140
40f7fa5fd061 Revamped the administrator's user CP, big time. The admin module now uses a smart form and enables all profile fields, including users_extra, to be changed. Passwords are encrypted when sent. The whole CP has been split off into a different file to accomodate the large amount of code.
Dan
parents: 128
diff changeset
   134
  if ( substr($_SERVER['REMOTE_ADDR'], 0, 8) != '192.168.' && defined('ENANO_DEMO_MODE') )
40f7fa5fd061 Revamped the administrator's user CP, big time. The admin module now uses a smart form and enables all profile fields, including users_extra, to be changed. Passwords are encrypted when sent. The whole CP has been split off into a different file to accomodate the large amount of code.
Dan
parents: 128
diff changeset
   135
  {
40f7fa5fd061 Revamped the administrator's user CP, big time. The admin module now uses a smart form and enables all profile fields, including users_extra, to be changed. Passwords are encrypted when sent. The whole CP has been split off into a different file to accomodate the large amount of code.
Dan
parents: 128
diff changeset
   136
    $r['edit_summary'] = preg_replace('/([0-9])/', 'x', $r['edit_summary']);
40f7fa5fd061 Revamped the administrator's user CP, big time. The admin module now uses a smart form and enables all profile fields, including users_extra, to be changed. Passwords are encrypted when sent. The whole CP has been split off into a different file to accomodate the large amount of code.
Dan
parents: 128
diff changeset
   137
  }
109
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   138
  if ( $r['action'] == 'illegal_page' )
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   139
  {
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   140
    list($illegal_id, $illegal_ns) = unserialize($r['page_text']);
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   141
    $url = makeUrlNS($illegal_ns, $illegal_id, false, true);
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   142
    $title = get_page_title_ns($illegal_id, $illegal_ns);
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   143
    $class = ( isPage($paths->nslist[$illegal_ns] . $illegal_id) ) ? '' : ' class="wikilink-nonexistent"';
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   144
    $illegal_link = '<a href="' . $url . '"' . $class . ' onclick="window.open(this.href); return false;">' . $title . '</a>';
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   145
  }
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   146
  else if ( $r['action'] == 'plugin_enable' || $r['action'] == 'plugin_disable' )
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   147
  {
950
36289dcb5c8a Security log: fixed typo in plugin enable/disable display
Dan
parents: 801
diff changeset
   148
    $r['page_text'] = htmlspecialchars($r['page_text']);
109
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   149
  }
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   150
  $cls = ( $cls == 'row2' ) ? 'row1' : 'row2';
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   151
  $return .= '<tr><td class="'.$cls.'">';
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   152
  switch($r['action'])
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   153
  {
358
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
   154
    case "admin_auth_good" : $return .= $lang->get('acpsl_entry_admin_auth_good'  , array('level' => $session->userlevel_to_string( intval($r['page_text']) ))); break;
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
   155
    case "admin_auth_bad"  : $return .= $lang->get('acpsl_entry_admin_auth_bad'   , array('level' => $session->userlevel_to_string( intval($r['page_text']) ))); break;
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
   156
    case "activ_good"      : $return .= $lang->get('acpsl_entry_activ_good')      ; break;
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
   157
    case "auth_good"       : $return .= $lang->get('acpsl_entry_auth_good')       ; break;
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
   158
    case "activ_bad"       : $return .= $lang->get('acpsl_entry_activ_bad')       ; break;
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
   159
    case "auth_bad"        : $return .= $lang->get('acpsl_entry_auth_bad')        ; break;
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
   160
    case "sql_inject"      : $return .= $lang->get('acpsl_entry_sql_inject'       , array('query' => htmlspecialchars($r['page_text']))); break;
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
   161
    case "db_backup"       : $return .= $lang->get('acpsl_entry_db_backup'        , array('tables' => $r['page_text']))       ; break;
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
   162
    case "install_enano"   : $return .= $lang->get('acpsl_entry_install_enano'    , array('version' => $r['page_text'])); break; // version is in $r['page_text']
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
   163
    case "upgrade_enano"   : $return .= $lang->get('acpsl_entry_upgrade_enano'    , array('version' => $r['page_text'])); break; // version is in $r['page_text']
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
   164
    case "illegal_page"    : $return .= $lang->get('acpsl_entry_illegal_page'     , array('illegal_link' => $illegal_link))    ; break;
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
   165
    case "upload_enable"   : $return .= $lang->get('acpsl_entry_upload_enable')   ; break;
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
   166
    case "upload_disable"  : $return .= $lang->get('acpsl_entry_upload_disable')  ; break;
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
   167
    case "magick_enable"   : $return .= $lang->get('acpsl_entry_magick_enable')   ; break;
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
   168
    case "magick_disable"  : $return .= $lang->get('acpsl_entry_magick_disable')  ; break;
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
   169
    case "filehist_enable" : $return .= $lang->get('acpsl_entry_filehist_enable') ; break;
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
   170
    case "filehist_disable": $return .= $lang->get('acpsl_entry_filehist_disable'); break;
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
   171
    case "magick_path"     : $return .= $lang->get('acpsl_entry_magick_path')     ; break;
359
e0787bb6285b Implemented IP logging for comments and registration
Dan
parents: 358
diff changeset
   172
    case "plugin_disable"  : $return .= $lang->get('acpsl_entry_plugin_disable'   , array('plugin' => $r['page_text'])); break;
e0787bb6285b Implemented IP logging for comments and registration
Dan
parents: 358
diff changeset
   173
    case "plugin_enable"   : $return .= $lang->get('acpsl_entry_plugin_enable'    , array('plugin' => $r['page_text'])); break;
529
7803c9db3506 Implemented security logging for plugin management
Dan
parents: 504
diff changeset
   174
    case "plugin_install"  : $return .= $lang->get('acpsl_entry_plugin_install'   , array('plugin' => $r['page_text'])); break;
7803c9db3506 Implemented security logging for plugin management
Dan
parents: 504
diff changeset
   175
    case "plugin_uninstall": $return .= $lang->get('acpsl_entry_plugin_uninstall' , array('plugin' => $r['page_text'])); break;
7803c9db3506 Implemented security logging for plugin management
Dan
parents: 504
diff changeset
   176
    case "plugin_upgrade"  : $return .= $lang->get('acpsl_entry_plugin_upgrade'   , array('plugin' => $r['page_text'])); break;
358
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
   177
    case "seclog_unauth"   : $return .= $lang->get('acpsl_entry_seclog_unauth')   ; break;
359
e0787bb6285b Implemented IP logging for comments and registration
Dan
parents: 358
diff changeset
   178
    case "u_from_admin"    : $return .= $lang->get('acpsl_entry_u_from_admin'     , array('username' => $r['page_text'])); break;
e0787bb6285b Implemented IP logging for comments and registration
Dan
parents: 358
diff changeset
   179
    case "u_from_mod"      : $return .= $lang->get('acpsl_entry_u_from_mod'       , array('username' => $r['page_text'])); break;
e0787bb6285b Implemented IP logging for comments and registration
Dan
parents: 358
diff changeset
   180
    case "u_to_admin"      : $return .= $lang->get('acpsl_entry_u_to_admin'       , array('username' => $r['page_text'])); break;
e0787bb6285b Implemented IP logging for comments and registration
Dan
parents: 358
diff changeset
   181
    case "u_to_mod"        : $return .= $lang->get('acpsl_entry_u_to_mod'         , array('username' => $r['page_text'])); break;
e0787bb6285b Implemented IP logging for comments and registration
Dan
parents: 358
diff changeset
   182
    case "view_comment_ip" : $return .= $lang->get('acpsl_entry_view_comment_ip'  , array('username' => htmlspecialchars($r['page_text']))); break;
109
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   183
  }
1175
1e2c9819ede3 Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
parents: 1146
diff changeset
   184
  $author_bit = '<span style="';
1e2c9819ede3 Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
parents: 1146
diff changeset
   185
  $rank_info = $session->get_user_rank($r['author_uid']);
1e2c9819ede3 Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
parents: 1146
diff changeset
   186
  $author_bit .= $rank_info['rank_style'];
1e2c9819ede3 Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
parents: 1146
diff changeset
   187
  $author_bit .= '">';
1e2c9819ede3 Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
parents: 1146
diff changeset
   188
  $author_bit .= $r['author_uid'] > 1 && !empty($r['username']) ? htmlspecialchars($r['username']) : htmlspecialchars($r['author']);
1e2c9819ede3 Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
parents: 1146
diff changeset
   189
  $author_bit .= '</span>';
1e2c9819ede3 Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
parents: 1146
diff changeset
   190
  $return .= '</td><td class="'.$cls.'">'.enano_date(ED_DATE | ED_TIME, $r['time_id']).'</td><td class="'.$cls.'">'.$author_bit.'</td><td class="'.$cls.'" style="cursor: pointer;" onclick="ajaxReverseDNS(this);" title="' . $lang->get('acpsl_tip_reverse_dns') . '">'.$r['edit_summary'].'</td></tr>';
109
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   191
  return $return;
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   192
}
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   193
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   194
?>