diff -r de56132c008d -r bdac73ed481e plugins/admin/SecurityLog.php
--- a/plugins/admin/SecurityLog.php Sun Mar 28 21:49:26 2010 -0400
+++ b/plugins/admin/SecurityLog.php Sun Mar 28 23:10:46 2010 -0400
@@ -13,182 +13,182 @@
function page_Admin_SecurityLog()
{
- global $db, $session, $paths, $template, $plugins; // Common objects
- global $lang;
- if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
- {
- $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true);
- echo '
' . $lang->get('adm_err_not_auth_title') . '
';
- echo '' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '
';
- return;
- }
-
- // if ( defined('ENANO_DEMO_MODE') && substr($_SERVER['REMOTE_ADDR'], 0, 8) != '192.168.' )
- // {
- // die('Security log is disabled in demo mode.');
- // }
-
- echo '' . $lang->get('acpsl_heading_main') . '
';
-
- // Not calling the real fetcher because we have to paginate the results
- $offset = ( isset($_GET['offset']) ) ? intval($_GET['offset']) : 0;
- $q = $db->sql_query('SELECT COUNT(time_id) as num FROM '.table_prefix.'logs WHERE log_type=\'security\' GROUP BY log_id, time_id, log_type, action ORDER BY time_id DESC, action ASC;');
- if ( !$q )
- $db->_die();
- $row = $db->fetchrow();
- $db->free_result();
- $count = intval($row['num']);
+ global $db, $session, $paths, $template, $plugins; // Common objects
+ global $lang;
+ if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ {
+ $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true);
+ echo '' . $lang->get('adm_err_not_auth_title') . '
';
+ echo '' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '
';
+ return;
+ }
+
+ // if ( defined('ENANO_DEMO_MODE') && substr($_SERVER['REMOTE_ADDR'], 0, 8) != '192.168.' )
+ // {
+ // die('Security log is disabled in demo mode.');
+ // }
+
+ echo '' . $lang->get('acpsl_heading_main') . '
';
+
+ // Not calling the real fetcher because we have to paginate the results
+ $offset = ( isset($_GET['offset']) ) ? intval($_GET['offset']) : 0;
+ $q = $db->sql_query('SELECT COUNT(time_id) as num FROM '.table_prefix.'logs WHERE log_type=\'security\' GROUP BY log_id, time_id, log_type, action ORDER BY time_id DESC, action ASC;');
+ if ( !$q )
+ $db->_die();
+ $row = $db->fetchrow();
+ $db->free_result();
+ $count = intval($row['num']);
- $l = 'SELECT action,date_string,author,author_uid,u.username,edit_summary,time_id,page_text FROM '.table_prefix."logs AS l\n"
- . " LEFT JOIN " . table_prefix . "users AS u\n"
- . " ON ( u.user_id = l.author_uid OR u.user_id IS NULL )\n"
- . " WHERE log_type='security'\n"
- . " ORDER BY time_id DESC, action ASC;";
-
- $q = $db->sql_query($l);
- if ( !$q )
- $db->_die();
-
- $html = paginate(
- $q,
- '{time_id}',
- $count,
- makeUrlNS('Special', 'Administration', 'module=' . $paths->nslist['Admin'] . 'SecurityLog&offset=%s'),
- $offset,
- 50,
- array('time_id' => 'seclog_format_inner'),
- '
-
- ' . $lang->get('acpsl_col_type') . ' |
- ' . $lang->get('acpsl_col_date') . ' |
- ' . $lang->get('acpsl_col_username') . ' |
- ' . $lang->get('acpsl_col_ip') . ' |
-
',
- '
'
- );
-
- echo $html;
-
+ $l = 'SELECT action,date_string,author,author_uid,u.username,edit_summary,time_id,page_text FROM '.table_prefix."logs AS l\n"
+ . " LEFT JOIN " . table_prefix . "users AS u\n"
+ . " ON ( u.user_id = l.author_uid OR u.user_id IS NULL )\n"
+ . " WHERE log_type='security'\n"
+ . " ORDER BY time_id DESC, action ASC;";
+
+ $q = $db->sql_query($l);
+ if ( !$q )
+ $db->_die();
+
+ $html = paginate(
+ $q,
+ '{time_id}',
+ $count,
+ makeUrlNS('Special', 'Administration', 'module=' . $paths->nslist['Admin'] . 'SecurityLog&offset=%s'),
+ $offset,
+ 50,
+ array('time_id' => 'seclog_format_inner'),
+ '
+
+ ' . $lang->get('acpsl_col_type') . ' |
+ ' . $lang->get('acpsl_col_date') . ' |
+ ' . $lang->get('acpsl_col_username') . ' |
+ ' . $lang->get('acpsl_col_ip') . ' |
+
',
+ '
'
+ );
+
+ echo $html;
+
}
function get_security_log($num = false)
{
- global $db, $session, $paths, $template, $plugins; // Common objects
- global $lang;
-
- if ( $session->auth_level < USER_LEVEL_ADMIN )
- {
- $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,author_uid) VALUES(\'security\',\'seclog_unauth\',' . time() . ', \'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\', \'' . $db->escape($session->username) . '\', ' . $session->user_id . ');');
- if ( !$q )
- $db->_die();
- die('Security log: unauthorized attempt to fetch. Call has been logged and reported to the administrators.');
- }
-
- $return = '';
- $cls = 'row2';
- $return .= '' . $lang->get('acpsl_col_type') . ' | ' . $lang->get('acpsl_col_date') . ' | ' . $lang->get('acpsl_col_username') . ' | ' . $lang->get('acpsl_col_ip') . ' |
';
- $hash = sha1(microtime());
- if ( defined('ENANO_DEMO_MODE') )
- {
- require('config.php');
- $hash = md5($dbpasswd);
- unset($dbname, $dbhost, $dbuser, $dbpasswd);
- unset($dbname, $dbhost, $dbuser, $dbpasswd); // PHP5 Zend bug
- }
- // if ( defined('ENANO_DEMO_MODE') && !isset($_GET[ $hash ]) && substr($_SERVER['REMOTE_ADDR'], 0, 8) != '192.168.' )
- // {
- // $return .= 'Logs are recorded but not displayed for privacy purposes in the demo. |
';
- // }
- // else
- // {
- $limit_clause = is_int($num) ? " LIMIT $num" : '';
- $l = 'SELECT action,date_string,author,author_uid,u.username,edit_summary,time_id,page_text FROM '.table_prefix."logs AS l\n"
- . " LEFT JOIN " . table_prefix . "users AS u\n"
- . " ON ( u.user_id = l.author_uid OR u.user_id IS NULL )\n"
- . " WHERE log_type='security'\n"
- . " ORDER BY time_id DESC, action ASC{$limit_clause};";
-
- $q = $db->sql_query($l);
- while($r = $db->fetchrow($q))
- {
- $return .= seclog_format_inner($r);
- }
- $db->free_result();
- // }
- $return .= '
';
-
- return $return;
+ global $db, $session, $paths, $template, $plugins; // Common objects
+ global $lang;
+
+ if ( $session->auth_level < USER_LEVEL_ADMIN )
+ {
+ $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,author_uid) VALUES(\'security\',\'seclog_unauth\',' . time() . ', \'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\', \'' . $db->escape($session->username) . '\', ' . $session->user_id . ');');
+ if ( !$q )
+ $db->_die();
+ die('Security log: unauthorized attempt to fetch. Call has been logged and reported to the administrators.');
+ }
+
+ $return = '';
+ $cls = 'row2';
+ $return .= '' . $lang->get('acpsl_col_type') . ' | ' . $lang->get('acpsl_col_date') . ' | ' . $lang->get('acpsl_col_username') . ' | ' . $lang->get('acpsl_col_ip') . ' |
';
+ $hash = sha1(microtime());
+ if ( defined('ENANO_DEMO_MODE') )
+ {
+ require('config.php');
+ $hash = md5($dbpasswd);
+ unset($dbname, $dbhost, $dbuser, $dbpasswd);
+ unset($dbname, $dbhost, $dbuser, $dbpasswd); // PHP5 Zend bug
+ }
+ // if ( defined('ENANO_DEMO_MODE') && !isset($_GET[ $hash ]) && substr($_SERVER['REMOTE_ADDR'], 0, 8) != '192.168.' )
+ // {
+ // $return .= 'Logs are recorded but not displayed for privacy purposes in the demo. |
';
+ // }
+ // else
+ // {
+ $limit_clause = is_int($num) ? " LIMIT $num" : '';
+ $l = 'SELECT action,date_string,author,author_uid,u.username,edit_summary,time_id,page_text FROM '.table_prefix."logs AS l\n"
+ . " LEFT JOIN " . table_prefix . "users AS u\n"
+ . " ON ( u.user_id = l.author_uid OR u.user_id IS NULL )\n"
+ . " WHERE log_type='security'\n"
+ . " ORDER BY time_id DESC, action ASC{$limit_clause};";
+
+ $q = $db->sql_query($l);
+ while($r = $db->fetchrow($q))
+ {
+ $return .= seclog_format_inner($r);
+ }
+ $db->free_result();
+ // }
+ $return .= '
';
+
+ return $return;
}
function seclog_format_inner($r, $f = false)
{
- if ( is_array($f) )
- {
- unset($r);
- $r =& $f;
- }
- global $db, $session, $paths, $template, $plugins; // Common objects
- global $lang;
- $return = '';
- static $cls = 'row2';
- if ( substr($_SERVER['REMOTE_ADDR'], 0, 8) != '192.168.' && defined('ENANO_DEMO_MODE') )
- {
- $r['edit_summary'] = preg_replace('/([0-9])/', 'x', $r['edit_summary']);
- }
- if ( $r['action'] == 'illegal_page' )
- {
- list($illegal_id, $illegal_ns) = unserialize($r['page_text']);
- $url = makeUrlNS($illegal_ns, $illegal_id, false, true);
- $title = get_page_title_ns($illegal_id, $illegal_ns);
- $class = ( isPage($paths->nslist[$illegal_ns] . $illegal_id) ) ? '' : ' class="wikilink-nonexistent"';
- $illegal_link = '' . $title . '';
- }
- else if ( $r['action'] == 'plugin_enable' || $r['action'] == 'plugin_disable' )
- {
- $r['page_text'] = htmlspecialchars($r['page_text']);
- }
- $cls = ( $cls == 'row2' ) ? 'row1' : 'row2';
- $return .= '';
- switch($r['action'])
- {
- case "admin_auth_good" : $return .= $lang->get('acpsl_entry_admin_auth_good' , array('level' => $session->userlevel_to_string( intval($r['page_text']) ))); break;
- case "admin_auth_bad" : $return .= $lang->get('acpsl_entry_admin_auth_bad' , array('level' => $session->userlevel_to_string( intval($r['page_text']) ))); break;
- case "activ_good" : $return .= $lang->get('acpsl_entry_activ_good') ; break;
- case "auth_good" : $return .= $lang->get('acpsl_entry_auth_good') ; break;
- case "activ_bad" : $return .= $lang->get('acpsl_entry_activ_bad') ; break;
- case "auth_bad" : $return .= $lang->get('acpsl_entry_auth_bad') ; break;
- case "sql_inject" : $return .= $lang->get('acpsl_entry_sql_inject' , array('query' => htmlspecialchars($r['page_text']))); break;
- case "db_backup" : $return .= $lang->get('acpsl_entry_db_backup' , array('tables' => $r['page_text'])) ; break;
- case "install_enano" : $return .= $lang->get('acpsl_entry_install_enano' , array('version' => $r['page_text'])); break; // version is in $r['page_text']
- case "upgrade_enano" : $return .= $lang->get('acpsl_entry_upgrade_enano' , array('version' => $r['page_text'])); break; // version is in $r['page_text']
- case "illegal_page" : $return .= $lang->get('acpsl_entry_illegal_page' , array('illegal_link' => $illegal_link)) ; break;
- case "upload_enable" : $return .= $lang->get('acpsl_entry_upload_enable') ; break;
- case "upload_disable" : $return .= $lang->get('acpsl_entry_upload_disable') ; break;
- case "magick_enable" : $return .= $lang->get('acpsl_entry_magick_enable') ; break;
- case "magick_disable" : $return .= $lang->get('acpsl_entry_magick_disable') ; break;
- case "filehist_enable" : $return .= $lang->get('acpsl_entry_filehist_enable') ; break;
- case "filehist_disable": $return .= $lang->get('acpsl_entry_filehist_disable'); break;
- case "magick_path" : $return .= $lang->get('acpsl_entry_magick_path') ; break;
- case "plugin_disable" : $return .= $lang->get('acpsl_entry_plugin_disable' , array('plugin' => $r['page_text'])); break;
- case "plugin_enable" : $return .= $lang->get('acpsl_entry_plugin_enable' , array('plugin' => $r['page_text'])); break;
- case "plugin_install" : $return .= $lang->get('acpsl_entry_plugin_install' , array('plugin' => $r['page_text'])); break;
- case "plugin_uninstall": $return .= $lang->get('acpsl_entry_plugin_uninstall' , array('plugin' => $r['page_text'])); break;
- case "plugin_upgrade" : $return .= $lang->get('acpsl_entry_plugin_upgrade' , array('plugin' => $r['page_text'])); break;
- case "seclog_unauth" : $return .= $lang->get('acpsl_entry_seclog_unauth') ; break;
- case "u_from_admin" : $return .= $lang->get('acpsl_entry_u_from_admin' , array('username' => $r['page_text'])); break;
- case "u_from_mod" : $return .= $lang->get('acpsl_entry_u_from_mod' , array('username' => $r['page_text'])); break;
- case "u_to_admin" : $return .= $lang->get('acpsl_entry_u_to_admin' , array('username' => $r['page_text'])); break;
- case "u_to_mod" : $return .= $lang->get('acpsl_entry_u_to_mod' , array('username' => $r['page_text'])); break;
- case "view_comment_ip" : $return .= $lang->get('acpsl_entry_view_comment_ip' , array('username' => htmlspecialchars($r['page_text']))); break;
- }
- $author_bit = '';
- $author_bit .= $r['author_uid'] > 1 && !empty($r['username']) ? htmlspecialchars($r['username']) : htmlspecialchars($r['author']);
- $author_bit .= '';
- $return .= ' | '.enano_date(ED_DATE | ED_TIME, $r['time_id']).' | '.$author_bit.' | '.$r['edit_summary'].' |
';
- return $return;
+ if ( is_array($f) )
+ {
+ unset($r);
+ $r =& $f;
+ }
+ global $db, $session, $paths, $template, $plugins; // Common objects
+ global $lang;
+ $return = '';
+ static $cls = 'row2';
+ if ( substr($_SERVER['REMOTE_ADDR'], 0, 8) != '192.168.' && defined('ENANO_DEMO_MODE') )
+ {
+ $r['edit_summary'] = preg_replace('/([0-9])/', 'x', $r['edit_summary']);
+ }
+ if ( $r['action'] == 'illegal_page' )
+ {
+ list($illegal_id, $illegal_ns) = unserialize($r['page_text']);
+ $url = makeUrlNS($illegal_ns, $illegal_id, false, true);
+ $title = get_page_title_ns($illegal_id, $illegal_ns);
+ $class = ( isPage($paths->nslist[$illegal_ns] . $illegal_id) ) ? '' : ' class="wikilink-nonexistent"';
+ $illegal_link = '' . $title . '';
+ }
+ else if ( $r['action'] == 'plugin_enable' || $r['action'] == 'plugin_disable' )
+ {
+ $r['page_text'] = htmlspecialchars($r['page_text']);
+ }
+ $cls = ( $cls == 'row2' ) ? 'row1' : 'row2';
+ $return .= '';
+ switch($r['action'])
+ {
+ case "admin_auth_good" : $return .= $lang->get('acpsl_entry_admin_auth_good' , array('level' => $session->userlevel_to_string( intval($r['page_text']) ))); break;
+ case "admin_auth_bad" : $return .= $lang->get('acpsl_entry_admin_auth_bad' , array('level' => $session->userlevel_to_string( intval($r['page_text']) ))); break;
+ case "activ_good" : $return .= $lang->get('acpsl_entry_activ_good') ; break;
+ case "auth_good" : $return .= $lang->get('acpsl_entry_auth_good') ; break;
+ case "activ_bad" : $return .= $lang->get('acpsl_entry_activ_bad') ; break;
+ case "auth_bad" : $return .= $lang->get('acpsl_entry_auth_bad') ; break;
+ case "sql_inject" : $return .= $lang->get('acpsl_entry_sql_inject' , array('query' => htmlspecialchars($r['page_text']))); break;
+ case "db_backup" : $return .= $lang->get('acpsl_entry_db_backup' , array('tables' => $r['page_text'])) ; break;
+ case "install_enano" : $return .= $lang->get('acpsl_entry_install_enano' , array('version' => $r['page_text'])); break; // version is in $r['page_text']
+ case "upgrade_enano" : $return .= $lang->get('acpsl_entry_upgrade_enano' , array('version' => $r['page_text'])); break; // version is in $r['page_text']
+ case "illegal_page" : $return .= $lang->get('acpsl_entry_illegal_page' , array('illegal_link' => $illegal_link)) ; break;
+ case "upload_enable" : $return .= $lang->get('acpsl_entry_upload_enable') ; break;
+ case "upload_disable" : $return .= $lang->get('acpsl_entry_upload_disable') ; break;
+ case "magick_enable" : $return .= $lang->get('acpsl_entry_magick_enable') ; break;
+ case "magick_disable" : $return .= $lang->get('acpsl_entry_magick_disable') ; break;
+ case "filehist_enable" : $return .= $lang->get('acpsl_entry_filehist_enable') ; break;
+ case "filehist_disable": $return .= $lang->get('acpsl_entry_filehist_disable'); break;
+ case "magick_path" : $return .= $lang->get('acpsl_entry_magick_path') ; break;
+ case "plugin_disable" : $return .= $lang->get('acpsl_entry_plugin_disable' , array('plugin' => $r['page_text'])); break;
+ case "plugin_enable" : $return .= $lang->get('acpsl_entry_plugin_enable' , array('plugin' => $r['page_text'])); break;
+ case "plugin_install" : $return .= $lang->get('acpsl_entry_plugin_install' , array('plugin' => $r['page_text'])); break;
+ case "plugin_uninstall": $return .= $lang->get('acpsl_entry_plugin_uninstall' , array('plugin' => $r['page_text'])); break;
+ case "plugin_upgrade" : $return .= $lang->get('acpsl_entry_plugin_upgrade' , array('plugin' => $r['page_text'])); break;
+ case "seclog_unauth" : $return .= $lang->get('acpsl_entry_seclog_unauth') ; break;
+ case "u_from_admin" : $return .= $lang->get('acpsl_entry_u_from_admin' , array('username' => $r['page_text'])); break;
+ case "u_from_mod" : $return .= $lang->get('acpsl_entry_u_from_mod' , array('username' => $r['page_text'])); break;
+ case "u_to_admin" : $return .= $lang->get('acpsl_entry_u_to_admin' , array('username' => $r['page_text'])); break;
+ case "u_to_mod" : $return .= $lang->get('acpsl_entry_u_to_mod' , array('username' => $r['page_text'])); break;
+ case "view_comment_ip" : $return .= $lang->get('acpsl_entry_view_comment_ip' , array('username' => htmlspecialchars($r['page_text']))); break;
+ }
+ $author_bit = '';
+ $author_bit .= $r['author_uid'] > 1 && !empty($r['username']) ? htmlspecialchars($r['username']) : htmlspecialchars($r['author']);
+ $author_bit .= '';
+ $return .= ' | '.enano_date(ED_DATE | ED_TIME, $r['time_id']).' | '.$author_bit.' | '.$r['edit_summary'].' |
';
+ return $return;
}
?>