13 */ |
13 */ |
14 |
14 |
15 function page_Admin_SecurityLog() |
15 function page_Admin_SecurityLog() |
16 { |
16 { |
17 global $db, $session, $paths, $template, $plugins; // Common objects |
17 global $db, $session, $paths, $template, $plugins; // Common objects |
|
18 global $lang; |
18 if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN ) |
19 if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN ) |
19 { |
20 { |
20 echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>'; |
21 $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true); |
|
22 echo '<h3>' . $lang->get('adm_err_not_auth_title') . '</h3>'; |
|
23 echo '<p>' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '</p>'; |
21 return; |
24 return; |
22 } |
25 } |
23 |
26 |
24 // if ( defined('ENANO_DEMO_MODE') && substr($_SERVER['REMOTE_ADDR'], 0, 8) != '192.168.' ) |
27 // if ( defined('ENANO_DEMO_MODE') && substr($_SERVER['REMOTE_ADDR'], 0, 8) != '192.168.' ) |
25 // { |
28 // { |
26 // die('Security log is disabled in demo mode.'); |
29 // die('Security log is disabled in demo mode.'); |
27 // } |
30 // } |
28 |
31 |
29 echo '<h3>System security log</h3>'; |
32 echo '<h3>' . $lang->get('acpsl_heading_main') . '</h3>'; |
30 |
33 |
31 // Not calling the real fetcher because we have to paginate the results |
34 // Not calling the real fetcher because we have to paginate the results |
32 $offset = ( isset($_GET['offset']) ) ? intval($_GET['offset']) : 0; |
35 $offset = ( isset($_GET['offset']) ) ? intval($_GET['offset']) : 0; |
33 $q = $db->sql_query('SELECT COUNT(time_id) as num FROM '.table_prefix.'logs WHERE log_type=\'security\' ORDER BY time_id DESC, action ASC;'); |
36 $q = $db->sql_query('SELECT COUNT(time_id) as num FROM '.table_prefix.'logs WHERE log_type=\'security\' ORDER BY time_id DESC, action ASC;'); |
34 if ( !$q ) |
37 if ( !$q ) |
47 makeUrlNS('Special', 'Administration', 'module=' . $paths->nslist['Admin'] . 'SecurityLog&offset=%s'), |
50 makeUrlNS('Special', 'Administration', 'module=' . $paths->nslist['Admin'] . 'SecurityLog&offset=%s'), |
48 $offset, |
51 $offset, |
49 50, |
52 50, |
50 array('time_id' => 'seclog_format_inner'), |
53 array('time_id' => 'seclog_format_inner'), |
51 '<div class="tblholder" style="/* max-height: 500px; clip: rect(0px,auto,auto,0px); overflow: auto; */"><table border="0" cellspacing="1" cellpadding="4" width="100%"> |
54 '<div class="tblholder" style="/* max-height: 500px; clip: rect(0px,auto,auto,0px); overflow: auto; */"><table border="0" cellspacing="1" cellpadding="4" width="100%"> |
52 <tr><th style="width: 60%;">Type</th><th>Date</th><th>Username</th><th>IP Address</th></tr>', |
55 <tr> |
|
56 <th style="width: 60%;">' . $lang->get('acpsl_col_type') . '</th> |
|
57 <th>' . $lang->get('acpsl_col_date') . '</th> |
|
58 <th>' . $lang->get('acpsl_col_username') . '</th> |
|
59 <th>' . $lang->get('acpsl_col_ip') . '</th> |
|
60 </tr>', |
53 '</table></div>' |
61 '</table></div>' |
54 ); |
62 ); |
55 |
63 |
56 echo $html; |
64 echo $html; |
57 |
65 |
133 } |
142 } |
134 $cls = ( $cls == 'row2' ) ? 'row1' : 'row2'; |
143 $cls = ( $cls == 'row2' ) ? 'row1' : 'row2'; |
135 $return .= '<tr><td class="'.$cls.'">'; |
144 $return .= '<tr><td class="'.$cls.'">'; |
136 switch($r['action']) |
145 switch($r['action']) |
137 { |
146 { |
138 case "admin_auth_good": $return .= 'Successful elevated authentication'; if ( !empty($r['page_text']) ) { $level = $session->userlevel_to_string( intval($r['page_text']) ); $return .= "<br /><small>Authentication level: $level</small>"; } break; |
147 case "admin_auth_good" : $return .= $lang->get('acpsl_entry_admin_auth_good' , array('level' => $session->userlevel_to_string( intval($r['page_text']) ))); break; |
139 case "admin_auth_bad": $return .= 'Failed elevated authentication'; if ( !empty($r['page_text']) ) { $level = $session->userlevel_to_string( intval($r['page_text']) ); $return .= "<br /><small>Attempted auth level: $level</small>"; } break; |
148 case "admin_auth_bad" : $return .= $lang->get('acpsl_entry_admin_auth_bad' , array('level' => $session->userlevel_to_string( intval($r['page_text']) ))); break; |
140 case "activ_good": $return .= 'Successful account activation'; break; |
149 case "activ_good" : $return .= $lang->get('acpsl_entry_activ_good') ; break; |
141 case "auth_good": $return .= 'Successful regular user logon'; break; |
150 case "auth_good" : $return .= $lang->get('acpsl_entry_auth_good') ; break; |
142 case "activ_bad": $return .= 'Failed account activation'; break; |
151 case "activ_bad" : $return .= $lang->get('acpsl_entry_activ_bad') ; break; |
143 case "auth_bad": $return .= 'Failed regular user logon'; break; |
152 case "auth_bad" : $return .= $lang->get('acpsl_entry_auth_bad') ; break; |
144 case "sql_inject": $return .= 'SQL injection attempt<div style="max-width: 90%; clip: rect(0px,auto,auto,0px); overflow: auto; display: block; font-size: smaller;">Offending query: ' . htmlspecialchars($r['page_text']) . '</div>'; break; |
153 case "sql_inject" : $return .= $lang->get('acpsl_entry_sql_inject' , array('query' => htmlspecialchars($r['page_text']))); break; |
145 case "db_backup": $return .= 'Database backup created<br /><small>Tables: ' . $r['page_text'] . '</small>'; break; |
154 case "db_backup" : $return .= $lang->get('acpsl_entry_db_backup' , array('tables' => $r['page_text'])) ; break; |
146 case "install_enano": $return .= "Installed Enano version {$r['page_text']}"; break; |
155 case "install_enano" : $return .= $lang->get('acpsl_entry_install_enano' , array('version' => $r['page_text'])); break; // version is in $r['page_text'] |
147 case "upgrade_enano": $return .= "Upgraded Enano to version {$r['page_text']}"; break; |
156 case "upgrade_enano" : $return .= $lang->get('acpsl_entry_upgrade_enano' , array('version' => $r['page_text'])); break; // version is in $r['page_text'] |
148 case "illegal_page": $return .= "Unauthorized viewing attempt<br /><small>Page: {$illegal_link}</small>"; break; |
157 case "illegal_page" : $return .= $lang->get('acpsl_entry_illegal_page' , array('illegal_link' => $illegal_link)) ; break; |
149 case "upload_enable": $return .= "Enabled file uploads"; break; |
158 case "upload_enable" : $return .= $lang->get('acpsl_entry_upload_enable') ; break; |
150 case "upload_disable": $return .= "Disabled file uploads"; break; |
159 case "upload_disable" : $return .= $lang->get('acpsl_entry_upload_disable') ; break; |
151 case "magick_enable": $return .= "Enabled ImageMagick for uploaded images"; break; |
160 case "magick_enable" : $return .= $lang->get('acpsl_entry_magick_enable') ; break; |
152 case "magick_disable": $return .= "Disabled ImageMagick for uploaded images"; break; |
161 case "magick_disable" : $return .= $lang->get('acpsl_entry_magick_disable') ; break; |
153 case "filehist_enable": $return .= "Enabled revision tracking for uploaded files"; break; |
162 case "filehist_enable" : $return .= $lang->get('acpsl_entry_filehist_enable') ; break; |
154 case "filehist_disable": $return .= "Disabled revision tracking for uploaded files"; break; |
163 case "filehist_disable": $return .= $lang->get('acpsl_entry_filehist_disable'); break; |
155 case "magick_path": $return .= "Changed path to ImageMagick executable"; break; |
164 case "magick_path" : $return .= $lang->get('acpsl_entry_magick_path') ; break; |
156 case "plugin_disable": $return .= "Disabled plugin: {$r['page_text']}"; break; |
165 case "plugin_disable" : $return .= $lang->get('acpsl_entry_plugin_disable' , array('plugin' => $r['page_text'])) ; break; |
157 case "plugin_enable": $return .= "Enabled plugin: {$r['page_text']}"; break; |
166 case "plugin_enable" : $return .= $lang->get('acpsl_entry_plugin_enable' , array('plugin' => $r['page_text'])) ; break; |
158 case "seclog_unauth": $return .= "Unauthorized attempt to call security log fetcher"; break; |
167 case "seclog_unauth" : $return .= $lang->get('acpsl_entry_seclog_unauth') ; break; |
159 case "u_from_admin": $return .= "User {$r['page_text']} demoted from Administrators group"; break; |
168 case "u_from_admin" : $return .= $lang->get('acpsl_entry_u_from_admin' , array('username' => $r['page_text'])) ; break; |
160 case "u_from_mod": $return .= "User {$r['page_text']} demoted from Moderators group"; break; |
169 case "u_from_mod" : $return .= $lang->get('acpsl_entry_u_from_mod' , array('username' => $r['page_text'])) ; break; |
161 case "u_to_admin": $return .= "User {$r['page_text']} added to Administrators group"; break; |
170 case "u_to_admin" : $return .= $lang->get('acpsl_entry_u_to_admin' , array('username' => $r['page_text'])) ; break; |
162 case "u_to_mod": $return .= "User {$r['page_text']} added to Moderators group"; break; |
171 case "u_to_mod" : $return .= $lang->get('acpsl_entry_u_to_mod' , array('username' => $r['page_text'])) ; break; |
163 } |
172 } |
164 $return .= '</td><td class="'.$cls.'">'.enano_date('d M Y h:i a', $r['time_id']).'</td><td class="'.$cls.'">'.$r['author'].'</td><td class="'.$cls.'" style="cursor: pointer;" onclick="ajaxReverseDNS(this);" title="Click for reverse DNS info">'.$r['edit_summary'].'</td></tr>'; |
173 $return .= '</td><td class="'.$cls.'">'.enano_date('d M Y h:i a', $r['time_id']).'</td><td class="'.$cls.'">'.$r['author'].'</td><td class="'.$cls.'" style="cursor: pointer;" onclick="ajaxReverseDNS(this);" title="' . $lang->get('acpsl_tip_reverse_dns') . '">'.$r['edit_summary'].'</td></tr>'; |
165 return $return; |
174 return $return; |
166 } |
175 } |
167 |
176 |
168 ?> |
177 ?> |