Added some more hooks to the page editing pipeline. It should now be possible to add controls to the page editor, send the data from them out to the server, and process them on the server side.
<?php
/*
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
* Copyright (C) 2006-2009 Dan Fuhry
*
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
*/
function page_Admin_SecurityLog()
{
global $db, $session, $paths, $template, $plugins; // Common objects
global $lang;
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
{
$login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true);
echo '<h3>' . $lang->get('adm_err_not_auth_title') . '</h3>';
echo '<p>' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '</p>';
return;
}
// if ( defined('ENANO_DEMO_MODE') && substr($_SERVER['REMOTE_ADDR'], 0, 8) != '192.168.' )
// {
// die('Security log is disabled in demo mode.');
// }
echo '<h3>' . $lang->get('acpsl_heading_main') . '</h3>';
// Not calling the real fetcher because we have to paginate the results
$offset = ( isset($_GET['offset']) ) ? intval($_GET['offset']) : 0;
$q = $db->sql_query('SELECT COUNT(time_id) as num FROM '.table_prefix.'logs WHERE log_type=\'security\' GROUP BY log_id, time_id, log_type, action ORDER BY time_id DESC, action ASC;');
if ( !$q )
$db->_die();
$row = $db->fetchrow();
$db->free_result();
$count = intval($row['num']);
$l = 'SELECT action,date_string,author,author_uid,u.username,edit_summary,time_id,page_text FROM '.table_prefix."logs AS l\n"
. " LEFT JOIN " . table_prefix . "users AS u\n"
. " ON ( u.user_id = l.author_uid OR u.user_id IS NULL )\n"
. " WHERE log_type='security'\n"
. " ORDER BY time_id DESC, action ASC;";
$q = $db->sql_query($l);
if ( !$q )
$db->_die();
$html = paginate(
$q,
'{time_id}',
$count,
makeUrlNS('Special', 'Administration', 'module=' . $paths->nslist['Admin'] . 'SecurityLog&offset=%s'),
$offset,
50,
array('time_id' => 'seclog_format_inner'),
'<div class="tblholder" style="/* max-height: 500px; clip: rect(0px,auto,auto,0px); overflow: auto; */"><table border="0" cellspacing="1" cellpadding="4" width="100%">
<tr>
<th style="width: 60%;">' . $lang->get('acpsl_col_type') . '</th>
<th>' . $lang->get('acpsl_col_date') . '</th>
<th>' . $lang->get('acpsl_col_username') . '</th>
<th>' . $lang->get('acpsl_col_ip') . '</th>
</tr>',
'</table></div>'
);
echo $html;
}
function get_security_log($num = false)
{
global $db, $session, $paths, $template, $plugins; // Common objects
global $lang;
if ( $session->auth_level < USER_LEVEL_ADMIN )
{
$q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,author_uid) VALUES(\'security\',\'seclog_unauth\',' . time() . ', \'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\', \'' . $db->escape($session->username) . '\', ' . $session->user_id . ');');
if ( !$q )
$db->_die();
die('Security log: unauthorized attempt to fetch. Call has been logged and reported to the administrators.');
}
$return = '<div class="tblholder" style="/* max-height: 500px; clip: rect(0px,auto,auto,0px); overflow: auto; */"><table border="0" cellspacing="1" cellpadding="4" width="100%">';
$cls = 'row2';
$return .= '<tr><th style="width: 60%;">' . $lang->get('acpsl_col_type') . '</th><th>' . $lang->get('acpsl_col_date') . '</th><th>' . $lang->get('acpsl_col_username') . '</th><th>' . $lang->get('acpsl_col_ip') . '</th></tr>';
$hash = sha1(microtime());
if ( defined('ENANO_DEMO_MODE') )
{
require('config.php');
$hash = md5($dbpasswd);
unset($dbname, $dbhost, $dbuser, $dbpasswd);
unset($dbname, $dbhost, $dbuser, $dbpasswd); // PHP5 Zend bug
}
// if ( defined('ENANO_DEMO_MODE') && !isset($_GET[ $hash ]) && substr($_SERVER['REMOTE_ADDR'], 0, 8) != '192.168.' )
// {
// $return .= '<tr><td class="row1" colspan="4">Logs are recorded but not displayed for privacy purposes in the demo.</td></tr>';
// }
// else
// {
$limit_clause = is_int($num) ? " LIMIT $num" : '';
$l = 'SELECT action,date_string,author,author_uid,u.username,edit_summary,time_id,page_text FROM '.table_prefix."logs AS l\n"
. " LEFT JOIN " . table_prefix . "users AS u\n"
. " ON ( u.user_id = l.author_uid OR u.user_id IS NULL )\n"
. " WHERE log_type='security'\n"
. " ORDER BY time_id DESC, action ASC{$limit_clause};";
$q = $db->sql_query($l);
while($r = $db->fetchrow($q))
{
$return .= seclog_format_inner($r);
}
$db->free_result();
// }
$return .= '</table></div>';
return $return;
}
function seclog_format_inner($r, $f = false)
{
if ( is_array($f) )
{
unset($r);
$r =& $f;
}
global $db, $session, $paths, $template, $plugins; // Common objects
global $lang;
$return = '';
static $cls = 'row2';
if ( substr($_SERVER['REMOTE_ADDR'], 0, 8) != '192.168.' && defined('ENANO_DEMO_MODE') )
{
$r['edit_summary'] = preg_replace('/([0-9])/', 'x', $r['edit_summary']);
}
if ( $r['action'] == 'illegal_page' )
{
list($illegal_id, $illegal_ns) = unserialize($r['page_text']);
$url = makeUrlNS($illegal_ns, $illegal_id, false, true);
$title = get_page_title_ns($illegal_id, $illegal_ns);
$class = ( isPage($paths->nslist[$illegal_ns] . $illegal_id) ) ? '' : ' class="wikilink-nonexistent"';
$illegal_link = '<a href="' . $url . '"' . $class . ' onclick="window.open(this.href); return false;">' . $title . '</a>';
}
else if ( $r['action'] == 'plugin_enable' || $r['action'] == 'plugin_disable' )
{
$r['page_text'] = htmlspecialchars($r['page_text']);
}
$cls = ( $cls == 'row2' ) ? 'row1' : 'row2';
$return .= '<tr><td class="'.$cls.'">';
switch($r['action'])
{
case "admin_auth_good" : $return .= $lang->get('acpsl_entry_admin_auth_good' , array('level' => $session->userlevel_to_string( intval($r['page_text']) ))); break;
case "admin_auth_bad" : $return .= $lang->get('acpsl_entry_admin_auth_bad' , array('level' => $session->userlevel_to_string( intval($r['page_text']) ))); break;
case "activ_good" : $return .= $lang->get('acpsl_entry_activ_good') ; break;
case "auth_good" : $return .= $lang->get('acpsl_entry_auth_good') ; break;
case "activ_bad" : $return .= $lang->get('acpsl_entry_activ_bad') ; break;
case "auth_bad" : $return .= $lang->get('acpsl_entry_auth_bad') ; break;
case "sql_inject" : $return .= $lang->get('acpsl_entry_sql_inject' , array('query' => htmlspecialchars($r['page_text']))); break;
case "db_backup" : $return .= $lang->get('acpsl_entry_db_backup' , array('tables' => $r['page_text'])) ; break;
case "install_enano" : $return .= $lang->get('acpsl_entry_install_enano' , array('version' => $r['page_text'])); break; // version is in $r['page_text']
case "upgrade_enano" : $return .= $lang->get('acpsl_entry_upgrade_enano' , array('version' => $r['page_text'])); break; // version is in $r['page_text']
case "illegal_page" : $return .= $lang->get('acpsl_entry_illegal_page' , array('illegal_link' => $illegal_link)) ; break;
case "upload_enable" : $return .= $lang->get('acpsl_entry_upload_enable') ; break;
case "upload_disable" : $return .= $lang->get('acpsl_entry_upload_disable') ; break;
case "magick_enable" : $return .= $lang->get('acpsl_entry_magick_enable') ; break;
case "magick_disable" : $return .= $lang->get('acpsl_entry_magick_disable') ; break;
case "filehist_enable" : $return .= $lang->get('acpsl_entry_filehist_enable') ; break;
case "filehist_disable": $return .= $lang->get('acpsl_entry_filehist_disable'); break;
case "magick_path" : $return .= $lang->get('acpsl_entry_magick_path') ; break;
case "plugin_disable" : $return .= $lang->get('acpsl_entry_plugin_disable' , array('plugin' => $r['page_text'])); break;
case "plugin_enable" : $return .= $lang->get('acpsl_entry_plugin_enable' , array('plugin' => $r['page_text'])); break;
case "plugin_install" : $return .= $lang->get('acpsl_entry_plugin_install' , array('plugin' => $r['page_text'])); break;
case "plugin_uninstall": $return .= $lang->get('acpsl_entry_plugin_uninstall' , array('plugin' => $r['page_text'])); break;
case "plugin_upgrade" : $return .= $lang->get('acpsl_entry_plugin_upgrade' , array('plugin' => $r['page_text'])); break;
case "seclog_unauth" : $return .= $lang->get('acpsl_entry_seclog_unauth') ; break;
case "u_from_admin" : $return .= $lang->get('acpsl_entry_u_from_admin' , array('username' => $r['page_text'])); break;
case "u_from_mod" : $return .= $lang->get('acpsl_entry_u_from_mod' , array('username' => $r['page_text'])); break;
case "u_to_admin" : $return .= $lang->get('acpsl_entry_u_to_admin' , array('username' => $r['page_text'])); break;
case "u_to_mod" : $return .= $lang->get('acpsl_entry_u_to_mod' , array('username' => $r['page_text'])); break;
case "view_comment_ip" : $return .= $lang->get('acpsl_entry_view_comment_ip' , array('username' => htmlspecialchars($r['page_text']))); break;
}
$author_bit = '<span style="';
$rank_info = $session->get_user_rank($r['author_uid']);
$author_bit .= $rank_info['rank_style'];
$author_bit .= '">';
$author_bit .= $r['author_uid'] > 1 && !empty($r['username']) ? htmlspecialchars($r['username']) : htmlspecialchars($r['author']);
$author_bit .= '</span>';
$return .= '</td><td class="'.$cls.'">'.enano_date(ED_DATE | ED_TIME, $r['time_id']).'</td><td class="'.$cls.'">'.$author_bit.'</td><td class="'.$cls.'" style="cursor: pointer;" onclick="ajaxReverseDNS(this);" title="' . $lang->get('acpsl_tip_reverse_dns') . '">'.$r['edit_summary'].'</td></tr>';
return $return;
}
?>