plugins/admin/SecurityLog.php
author Dan
Sun, 22 Mar 2009 00:55:06 -0400
changeset 885 a86a69394a95
parent 801 eb8b23f11744
child 950 36289dcb5c8a
permissions -rw-r--r--
Major revamp to sidebar editor. Some behavioral changes as well as being based on jQuery UI Sortables. Creation interface remains the same, but better strings merged in from stable.
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
109
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
     1
<?php
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
     2
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
     3
/*
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
     4
 * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
801
eb8b23f11744 Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents: 685
diff changeset
     5
 * Version 1.1.6 (Caoineag beta 1)
536
218a627eb53e Rebrand as 1.1.4 (Caoineag alpha 4)
Dan
parents: 529
diff changeset
     6
 * Copyright (C) 2006-2008 Dan Fuhry
109
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
     7
 *
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
     8
 * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
     9
 * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    10
 *
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    11
 * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    12
 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    13
 */
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    14
 
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    15
function page_Admin_SecurityLog()
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    16
{
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    17
  global $db, $session, $paths, $template, $plugins; // Common objects
358
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
    18
  global $lang;
109
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    19
  if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    20
  {
358
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
    21
    $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true);
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
    22
    echo '<h3>' . $lang->get('adm_err_not_auth_title') . '</h3>';
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
    23
    echo '<p>' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '</p>';
109
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    24
    return;
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    25
  }
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    26
  
140
40f7fa5fd061 Revamped the administrator's user CP, big time. The admin module now uses a smart form and enables all profile fields, including users_extra, to be changed. Passwords are encrypted when sent. The whole CP has been split off into a different file to accomodate the large amount of code.
Dan
parents: 128
diff changeset
    27
  // if ( defined('ENANO_DEMO_MODE') && substr($_SERVER['REMOTE_ADDR'], 0, 8) != '192.168.' )
40f7fa5fd061 Revamped the administrator's user CP, big time. The admin module now uses a smart form and enables all profile fields, including users_extra, to be changed. Passwords are encrypted when sent. The whole CP has been split off into a different file to accomodate the large amount of code.
Dan
parents: 128
diff changeset
    28
  // {
40f7fa5fd061 Revamped the administrator's user CP, big time. The admin module now uses a smart form and enables all profile fields, including users_extra, to be changed. Passwords are encrypted when sent. The whole CP has been split off into a different file to accomodate the large amount of code.
Dan
parents: 128
diff changeset
    29
  //   die('Security log is disabled in demo mode.');
40f7fa5fd061 Revamped the administrator's user CP, big time. The admin module now uses a smart form and enables all profile fields, including users_extra, to be changed. Passwords are encrypted when sent. The whole CP has been split off into a different file to accomodate the large amount of code.
Dan
parents: 128
diff changeset
    30
  // }
109
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    31
  
358
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
    32
  echo '<h3>' . $lang->get('acpsl_heading_main') . '</h3>';
109
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    33
  
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    34
  // Not calling the real fetcher because we have to paginate the results
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    35
  $offset = ( isset($_GET['offset']) ) ? intval($_GET['offset']) : 0;
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    36
  $q = $db->sql_query('SELECT COUNT(time_id) as num FROM '.table_prefix.'logs WHERE log_type=\'security\' ORDER BY time_id DESC, action ASC;');
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    37
  if ( !$q )
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    38
    $db->_die();
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    39
  $row = $db->fetchrow();
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    40
  $db->free_result();
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    41
  $count = intval($row['num']);
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    42
  $q = $db->sql_unbuffered_query('SELECT action,date_string,author,edit_summary,time_id,page_text FROM '.table_prefix.'logs WHERE log_type=\'security\' ORDER BY time_id DESC, action ASC;');
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    43
  if ( !$q )
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    44
    $db->_die();
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    45
   
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    46
  $html = paginate(
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    47
      $q,
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    48
      '{time_id}',
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    49
      $count,
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    50
      makeUrlNS('Special', 'Administration', 'module=' . $paths->nslist['Admin'] . 'SecurityLog&offset=%s'),
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    51
      $offset,
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    52
      50,
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    53
      array('time_id' => 'seclog_format_inner'),
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    54
      '<div class="tblholder" style="/* max-height: 500px; clip: rect(0px,auto,auto,0px); overflow: auto; */"><table border="0" cellspacing="1" cellpadding="4" width="100%">
358
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
    55
       <tr>
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
    56
         <th style="width: 60%;">' . $lang->get('acpsl_col_type') . '</th>
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
    57
         <th>' . $lang->get('acpsl_col_date') . '</th>
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
    58
         <th>' . $lang->get('acpsl_col_username') . '</th>
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
    59
         <th>' . $lang->get('acpsl_col_ip') . '</th>
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
    60
       </tr>',
109
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    61
      '</table></div>'
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    62
    );
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    63
  
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    64
  echo $html;
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    65
  
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    66
}
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    67
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    68
function get_security_log($num = false)
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    69
{
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    70
  global $db, $session, $paths, $template, $plugins; // Common objects
659
16b5b89c8055 Fixed unlocalized column names in SecurityLog
Dan
parents: 536
diff changeset
    71
  global $lang;
16b5b89c8055 Fixed unlocalized column names in SecurityLog
Dan
parents: 536
diff changeset
    72
  
109
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    73
  if ( $session->auth_level < USER_LEVEL_ADMIN )
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    74
  {
320
112debff64bd SURPRISE! Preliminary PostgreSQL support added. The required schema file is not present in this commit and will be included at a later date. No installer support is implemented. Also in this commit: several fixes including <!-- SYSMSG ... --> was broken in template compiler; set fixed width on included images to prevent the thumbnail box from getting huge; added a much more friendly interface to AJAX responses that are invalid JSON
Dan
parents: 166
diff changeset
    75
    $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author) VALUES(\'security\',\'seclog_unauth\',' . time() . ',"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '");');
109
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    76
    if ( !$q )
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    77
      $db->_die();
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    78
    die('Security log: unauthorized attempt to fetch. Call has been logged and reported to the administrators.');
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    79
  }
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    80
  
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    81
  $return = '<div class="tblholder" style="/* max-height: 500px; clip: rect(0px,auto,auto,0px); overflow: auto; */"><table border="0" cellspacing="1" cellpadding="4" width="100%">';
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    82
  $cls = 'row2';                                                                                               
659
16b5b89c8055 Fixed unlocalized column names in SecurityLog
Dan
parents: 536
diff changeset
    83
  $return .= '<tr><th style="width: 60%;">' . $lang->get('acpsl_col_type') . '</th><th>' . $lang->get('acpsl_col_date') . '</th><th>' . $lang->get('acpsl_col_username') . '</th><th>' . $lang->get('acpsl_col_ip') . '</th></tr>';
109
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    84
  $hash = sha1(microtime());
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    85
  if ( defined('ENANO_DEMO_MODE') )
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    86
  {
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    87
    require('config.php');
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    88
    $hash = md5($dbpasswd);
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    89
    unset($dbname, $dbhost, $dbuser, $dbpasswd);
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    90
    unset($dbname, $dbhost, $dbuser, $dbpasswd); // PHP5 Zend bug
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    91
  }
140
40f7fa5fd061 Revamped the administrator's user CP, big time. The admin module now uses a smart form and enables all profile fields, including users_extra, to be changed. Passwords are encrypted when sent. The whole CP has been split off into a different file to accomodate the large amount of code.
Dan
parents: 128
diff changeset
    92
  // if ( defined('ENANO_DEMO_MODE') && !isset($_GET[ $hash ]) && substr($_SERVER['REMOTE_ADDR'], 0, 8) != '192.168.' )
40f7fa5fd061 Revamped the administrator's user CP, big time. The admin module now uses a smart form and enables all profile fields, including users_extra, to be changed. Passwords are encrypted when sent. The whole CP has been split off into a different file to accomodate the large amount of code.
Dan
parents: 128
diff changeset
    93
  // {
40f7fa5fd061 Revamped the administrator's user CP, big time. The admin module now uses a smart form and enables all profile fields, including users_extra, to be changed. Passwords are encrypted when sent. The whole CP has been split off into a different file to accomodate the large amount of code.
Dan
parents: 128
diff changeset
    94
  //   $return .= '<tr><td class="row1" colspan="4">Logs are recorded but not displayed for privacy purposes in the demo.</td></tr>';
40f7fa5fd061 Revamped the administrator's user CP, big time. The admin module now uses a smart form and enables all profile fields, including users_extra, to be changed. Passwords are encrypted when sent. The whole CP has been split off into a different file to accomodate the large amount of code.
Dan
parents: 128
diff changeset
    95
  // }
40f7fa5fd061 Revamped the administrator's user CP, big time. The admin module now uses a smart form and enables all profile fields, including users_extra, to be changed. Passwords are encrypted when sent. The whole CP has been split off into a different file to accomodate the large amount of code.
Dan
parents: 128
diff changeset
    96
  // else
40f7fa5fd061 Revamped the administrator's user CP, big time. The admin module now uses a smart form and enables all profile fields, including users_extra, to be changed. Passwords are encrypted when sent. The whole CP has been split off into a different file to accomodate the large amount of code.
Dan
parents: 128
diff changeset
    97
  // {
109
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    98
    if(is_int($num))
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    99
    {
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   100
      $l = 'SELECT action,date_string,author,edit_summary,time_id,page_text FROM '.table_prefix.'logs WHERE log_type=\'security\' ORDER BY time_id DESC, action ASC LIMIT '.$num.';';
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   101
    }
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   102
    else
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   103
    {
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   104
      $l = 'SELECT action,date_string,author,edit_summary,time_id,page_text FROM '.table_prefix.'logs WHERE log_type=\'security\' ORDER BY time_id DESC, action ASC;';
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   105
    }
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   106
    $q = $db->sql_query($l);
413
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 411
diff changeset
   107
    while($r = $db->fetchrow($q))
109
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   108
    {
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   109
      $return .= seclog_format_inner($r);
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   110
    }
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   111
    $db->free_result();
140
40f7fa5fd061 Revamped the administrator's user CP, big time. The admin module now uses a smart form and enables all profile fields, including users_extra, to be changed. Passwords are encrypted when sent. The whole CP has been split off into a different file to accomodate the large amount of code.
Dan
parents: 128
diff changeset
   112
  // }
109
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   113
  $return .= '</table></div>';
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   114
  
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   115
  return $return;
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   116
}
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   117
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   118
function seclog_format_inner($r, $f = false)
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   119
{
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   120
  if ( is_array($f) )
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   121
  {
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   122
    unset($r);
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   123
    $r =& $f;
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   124
  }
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   125
  global $db, $session, $paths, $template, $plugins; // Common objects
358
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
   126
  global $lang;
109
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   127
  $return = '';
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   128
  static $cls = 'row2';
140
40f7fa5fd061 Revamped the administrator's user CP, big time. The admin module now uses a smart form and enables all profile fields, including users_extra, to be changed. Passwords are encrypted when sent. The whole CP has been split off into a different file to accomodate the large amount of code.
Dan
parents: 128
diff changeset
   129
  if ( substr($_SERVER['REMOTE_ADDR'], 0, 8) != '192.168.' && defined('ENANO_DEMO_MODE') )
40f7fa5fd061 Revamped the administrator's user CP, big time. The admin module now uses a smart form and enables all profile fields, including users_extra, to be changed. Passwords are encrypted when sent. The whole CP has been split off into a different file to accomodate the large amount of code.
Dan
parents: 128
diff changeset
   130
  {
40f7fa5fd061 Revamped the administrator's user CP, big time. The admin module now uses a smart form and enables all profile fields, including users_extra, to be changed. Passwords are encrypted when sent. The whole CP has been split off into a different file to accomodate the large amount of code.
Dan
parents: 128
diff changeset
   131
    $r['edit_summary'] = preg_replace('/([0-9])/', 'x', $r['edit_summary']);
40f7fa5fd061 Revamped the administrator's user CP, big time. The admin module now uses a smart form and enables all profile fields, including users_extra, to be changed. Passwords are encrypted when sent. The whole CP has been split off into a different file to accomodate the large amount of code.
Dan
parents: 128
diff changeset
   132
  }
109
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   133
  if ( $r['action'] == 'illegal_page' )
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   134
  {
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   135
    list($illegal_id, $illegal_ns) = unserialize($r['page_text']);
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   136
    $url = makeUrlNS($illegal_ns, $illegal_id, false, true);
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   137
    $title = get_page_title_ns($illegal_id, $illegal_ns);
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   138
    $class = ( isPage($paths->nslist[$illegal_ns] . $illegal_id) ) ? '' : ' class="wikilink-nonexistent"';
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   139
    $illegal_link = '<a href="' . $url . '"' . $class . ' onclick="window.open(this.href); return false;">' . $title . '</a>';
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   140
  }
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   141
  else if ( $r['action'] == 'plugin_enable' || $r['action'] == 'plugin_disable' )
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   142
  {
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   143
    $row['page_text'] = htmlspecialchars($row['page_text']);
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   144
  }
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   145
  $cls = ( $cls == 'row2' ) ? 'row1' : 'row2';
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   146
  $return .= '<tr><td class="'.$cls.'">';
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   147
  switch($r['action'])
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   148
  {
358
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
   149
    case "admin_auth_good" : $return .= $lang->get('acpsl_entry_admin_auth_good'  , array('level' => $session->userlevel_to_string( intval($r['page_text']) ))); break;
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
   150
    case "admin_auth_bad"  : $return .= $lang->get('acpsl_entry_admin_auth_bad'   , array('level' => $session->userlevel_to_string( intval($r['page_text']) ))); break;
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
   151
    case "activ_good"      : $return .= $lang->get('acpsl_entry_activ_good')      ; break;
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
   152
    case "auth_good"       : $return .= $lang->get('acpsl_entry_auth_good')       ; break;
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
   153
    case "activ_bad"       : $return .= $lang->get('acpsl_entry_activ_bad')       ; break;
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
   154
    case "auth_bad"        : $return .= $lang->get('acpsl_entry_auth_bad')        ; break;
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
   155
    case "sql_inject"      : $return .= $lang->get('acpsl_entry_sql_inject'       , array('query' => htmlspecialchars($r['page_text']))); break;
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
   156
    case "db_backup"       : $return .= $lang->get('acpsl_entry_db_backup'        , array('tables' => $r['page_text']))       ; break;
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
   157
    case "install_enano"   : $return .= $lang->get('acpsl_entry_install_enano'    , array('version' => $r['page_text'])); break; // version is in $r['page_text']
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
   158
    case "upgrade_enano"   : $return .= $lang->get('acpsl_entry_upgrade_enano'    , array('version' => $r['page_text'])); break; // version is in $r['page_text']
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
   159
    case "illegal_page"    : $return .= $lang->get('acpsl_entry_illegal_page'     , array('illegal_link' => $illegal_link))    ; break;
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
   160
    case "upload_enable"   : $return .= $lang->get('acpsl_entry_upload_enable')   ; break;
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
   161
    case "upload_disable"  : $return .= $lang->get('acpsl_entry_upload_disable')  ; break;
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
   162
    case "magick_enable"   : $return .= $lang->get('acpsl_entry_magick_enable')   ; break;
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
   163
    case "magick_disable"  : $return .= $lang->get('acpsl_entry_magick_disable')  ; break;
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
   164
    case "filehist_enable" : $return .= $lang->get('acpsl_entry_filehist_enable') ; break;
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
   165
    case "filehist_disable": $return .= $lang->get('acpsl_entry_filehist_disable'); break;
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
   166
    case "magick_path"     : $return .= $lang->get('acpsl_entry_magick_path')     ; break;
359
e0787bb6285b Implemented IP logging for comments and registration
Dan
parents: 358
diff changeset
   167
    case "plugin_disable"  : $return .= $lang->get('acpsl_entry_plugin_disable'   , array('plugin' => $r['page_text'])); break;
e0787bb6285b Implemented IP logging for comments and registration
Dan
parents: 358
diff changeset
   168
    case "plugin_enable"   : $return .= $lang->get('acpsl_entry_plugin_enable'    , array('plugin' => $r['page_text'])); break;
529
7803c9db3506 Implemented security logging for plugin management
Dan
parents: 504
diff changeset
   169
    case "plugin_install"  : $return .= $lang->get('acpsl_entry_plugin_install'   , array('plugin' => $r['page_text'])); break;
7803c9db3506 Implemented security logging for plugin management
Dan
parents: 504
diff changeset
   170
    case "plugin_uninstall": $return .= $lang->get('acpsl_entry_plugin_uninstall' , array('plugin' => $r['page_text'])); break;
7803c9db3506 Implemented security logging for plugin management
Dan
parents: 504
diff changeset
   171
    case "plugin_upgrade"  : $return .= $lang->get('acpsl_entry_plugin_upgrade'   , array('plugin' => $r['page_text'])); break;
358
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
   172
    case "seclog_unauth"   : $return .= $lang->get('acpsl_entry_seclog_unauth')   ; break;
359
e0787bb6285b Implemented IP logging for comments and registration
Dan
parents: 358
diff changeset
   173
    case "u_from_admin"    : $return .= $lang->get('acpsl_entry_u_from_admin'     , array('username' => $r['page_text'])); break;
e0787bb6285b Implemented IP logging for comments and registration
Dan
parents: 358
diff changeset
   174
    case "u_from_mod"      : $return .= $lang->get('acpsl_entry_u_from_mod'       , array('username' => $r['page_text'])); break;
e0787bb6285b Implemented IP logging for comments and registration
Dan
parents: 358
diff changeset
   175
    case "u_to_admin"      : $return .= $lang->get('acpsl_entry_u_to_admin'       , array('username' => $r['page_text'])); break;
e0787bb6285b Implemented IP logging for comments and registration
Dan
parents: 358
diff changeset
   176
    case "u_to_mod"        : $return .= $lang->get('acpsl_entry_u_to_mod'         , array('username' => $r['page_text'])); break;
e0787bb6285b Implemented IP logging for comments and registration
Dan
parents: 358
diff changeset
   177
    case "view_comment_ip" : $return .= $lang->get('acpsl_entry_view_comment_ip'  , array('username' => htmlspecialchars($r['page_text']))); break;
109
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   178
  }
358
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
   179
  $return .= '</td><td class="'.$cls.'">'.enano_date('d M Y h:i a', $r['time_id']).'</td><td class="'.$cls.'">'.$r['author'].'</td><td class="'.$cls.'" style="cursor: pointer;" onclick="ajaxReverseDNS(this);" title="' . $lang->get('acpsl_tip_reverse_dns') . '">'.$r['edit_summary'].'</td></tr>';
109
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   180
  return $return;
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   181
}
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   182
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   183
?>