# HG changeset patch # User Dan # Date 1261181209 18000 # Node ID 1e2c9819ede3b88b1570ab2f4c2970d9f3d96e8d # Parent def792dd9b1bf5699c76a7bb05502d9a971b1eda Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6. diff -r def792dd9b1b -r 1e2c9819ede3 ajax.php --- a/ajax.php Fri Dec 18 09:39:18 2009 -0500 +++ b/ajax.php Fri Dec 18 19:06:49 2009 -0500 @@ -248,13 +248,14 @@ else { // Save the draft - $q = $db->sql_query('INSERT INTO ' . table_prefix . 'logs ( log_type, action, page_id, namespace, author, edit_summary, page_text, is_draft, time_id, page_format ) + $q = $db->sql_query('INSERT INTO ' . table_prefix . 'logs ( log_type, action, page_id, namespace, author, author_uid, edit_summary, page_text, is_draft, time_id, page_format ) VALUES ( \'page\', \'edit\', \'' . $db->escape($paths->page_id) . '\', \'' . $db->escape($paths->namespace) . '\', \'' . $db->escape($session->username) . '\', + ' . $session->user_id . ', \'' . $db->escape($request['summary']) . '\', \'' . $db->escape($src) . '\', 1, diff -r def792dd9b1b -r 1e2c9819ede3 includes/dbal.php --- a/includes/dbal.php Fri Dec 18 09:39:18 2009 -0500 +++ b/includes/dbal.php Fri Dec 18 19:06:49 2009 -0500 @@ -411,13 +411,19 @@ { global $session; if ( is_object($session) && defined('ENANO_MAINSTREAM') ) + { $username = $session->username; + $user_id = $session->user_id; + } else + { $username = 'Unavailable'; + $user_id = 1; + } $query = $this->escape($query); - $q = $this->sql_query('INSERT INTO '.table_prefix.'logs(log_type, action, time_id, date_string, page_text, author, edit_summary) - VALUES(\'security\', \'sql_inject\', '.time().', \'\', \''.$query.'\', \''.$username.'\', \''.$_SERVER['REMOTE_ADDR'].'\');'); + $q = $this->sql_query('INSERT INTO '.table_prefix.'logs(log_type, action, time_id, date_string, page_text, author, author_uid, edit_summary) + VALUES(\'security\', \'sql_inject\', '.time().', \'\', \''.$query.'\', \''.$username.'\', ' . $user_id . ', \''.$_SERVER['REMOTE_ADDR'].'\');'); } /** @@ -951,13 +957,20 @@ function report_query($query) { global $session; - if(is_object($session) && defined('ENANO_MAINSTREAM')) + if ( is_object($session) && defined('ENANO_MAINSTREAM') ) + { $username = $session->username; + $user_id = $session->user_id; + } else + { $username = 'Unavailable'; + $user_id = 1; + } + $query = $this->escape($query); - $q = $this->sql_query('INSERT INTO '.table_prefix.'logs(log_type, action, time_id, date_string, page_text, author, edit_summary) - VALUES(\'security\', \'sql_inject\', '.time().', \'\', \''.$query.'\', \''.$username.'\', \''.$_SERVER['REMOTE_ADDR'].'\');'); + $q = $this->sql_query('INSERT INTO '.table_prefix.'logs(log_type, action, time_id, date_string, page_text, author, author_uid, edit_summary) + VALUES(\'security\', \'sql_inject\', '.time().', \'\', \''.$query.'\', \''.$username.'\', ' . $user_id . ', \''.$_SERVER['REMOTE_ADDR'].'\');'); } /** diff -r def792dd9b1b -r 1e2c9819ede3 includes/log.php --- a/includes/log.php Fri Dec 18 09:39:18 2009 -0500 +++ b/includes/log.php Fri Dec 18 19:06:49 2009 -0500 @@ -160,8 +160,10 @@ $limit = ( $page_size > 0 ) ? "\n LIMIT $page_size OFFSET $offset" : ''; else $limit = ( $page_size > 0 ) ? "\n LIMIT $offset, $page_size" : ''; - $columns = ( $just_page_count ) ? 'COUNT(*)' : 'log_id, action, page_id, namespace, CHAR_LENGTH(page_text) AS revision_size, author, time_id, edit_summary, minor_edit'; + $columns = ( $just_page_count ) ? 'COUNT(*)' : 'log_id, action, page_id, namespace, CHAR_LENGTH(page_text) AS revision_size, author, author_uid, u.username, time_id, edit_summary, minor_edit'; $sql = 'SELECT ' . $columns . ' FROM ' . table_prefix . "logs AS l\n" + . " LEFT JOIN " . table_prefix . "users AS u\n" + . " ON ( u.user_id = l.author_uid OR u.user_id IS NULL )\n" . " WHERE log_type = 'page' AND is_draft != 1$where_extra\n" . " GROUP BY log_id, action, page_id, namespace, page_text, author, time_id, edit_summary, minor_edit\n" . " ORDER BY time_id DESC $limit;"; @@ -386,14 +388,15 @@ } // link to userpage - $cls = ( isPage($paths->nslist['User'] . $row['author']) ) ? '' : ' class="wikilink-nonexistent"'; - $rank_info = $session->get_user_rank($row['author']); - $html .= '' . htmlspecialchars($row['author']) . ' '; + $real_username = $row['author_uid'] > 1 && !empty($row['username']) ? $row['username'] : $row['author']; + $cls = ( isPage($paths->nslist['User'] . $real_username) ) ? '' : ' class="wikilink-nonexistent"'; + $rank_info = $session->get_user_rank($row['author_uid']); + $html .= '' . htmlspecialchars($real_username) . ' '; $html .= '('; - $html .= ''; + $html .= ''; $html .= $lang->get('pagetools_rc_btn_pm'); $html .= ', '; - $html .= ''; + $html .= ''; $html .= $lang->get('pagetools_rc_btn_usertalk'); $html .= ''; $html .= ') . . '; diff -r def792dd9b1b -r 1e2c9819ede3 includes/pageprocess.php --- a/includes/pageprocess.php Fri Dec 18 09:39:18 2009 -0500 +++ b/includes/pageprocess.php Fri Dec 18 19:06:49 2009 -0500 @@ -459,8 +459,8 @@ $date_string = enano_date(ED_DATE | ED_TIME); // Insert log entry - $sql = 'INSERT INTO ' . table_prefix . "logs ( time_id, date_string, log_type, action, page_id, namespace, author, page_text, edit_summary, minor_edit, page_format )\n" - . " VALUES ( $time, '$date_string', 'page', 'edit', '{$this->page_id}', '{$this->namespace}', '$author', '$text', '$edit_summary', $minor_edit, '$page_format' );"; + $sql = 'INSERT INTO ' . table_prefix . "logs ( time_id, date_string, log_type, action, page_id, namespace, author, author_uid, page_text, edit_summary, minor_edit, page_format )\n" + . " VALUES ( $time, '$date_string', 'page', 'edit', '{$this->page_id}', '{$this->namespace}', '$author', $session->user_id, '$text', '$edit_summary', $minor_edit, '$page_format' );"; if ( !$db->sql_query($sql) ) { $this->raise_error($db->get_error()); @@ -588,9 +588,9 @@ $db->_die('PageProcessor page creation - text stage'); // Query 3: Log entry - $db->sql_query('INSERT INTO ' . table_prefix."logs(time_id, date_string, log_type, action, author, page_id, namespace)\n" + $db->sql_query('INSERT INTO ' . table_prefix."logs(time_id, date_string, log_type, action, author, author_uid, page_id, namespace)\n" . " VALUES ( " . time() . ", 'DEPRECATED', 'page', 'create', \n" - . " '" . $db->escape($session->username) . "', '" . $db->escape($this->page_id) . "', '" . $this->namespace . "');"); + . " '" . $db->escape($session->username) . "', $session->user_id, '" . $db->escape($this->page_id) . "', '" . $this->namespace . "');"); if ( !$q ) $db->_die('PageProcessor page creation - logging stage'); @@ -1132,7 +1132,7 @@ global $email; // Log it for crying out loud - $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary,page_text) VALUES(\'security\', \'illegal_page\', '.time().', \'DEPRECATED\', \''.$db->escape($session->username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\', \'' . $db->escape(serialize(array($this->page_id, $this->namespace))) . '\')'); + $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,author_uid,edit_summary,page_text) VALUES(\'security\', \'illegal_page\', '.time().', \'DEPRECATED\', \''.$db->escape($session->username).'\', ' . $session->user_id . ', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\', \'' . $db->escape(serialize(array($this->page_id, $this->namespace))) . '\')'); $ob = ''; //$template->tpl_strings['PAGE_NAME'] = 'Access denied'; diff -r def792dd9b1b -r 1e2c9819ede3 includes/pageutils.php --- a/includes/pageutils.php Fri Dec 18 09:39:18 2009 -0500 +++ b/includes/pageutils.php Fri Dec 18 19:06:49 2009 -0500 @@ -204,7 +204,7 @@ $qa = $db->sql_query('INSERT INTO ' . table_prefix.'pages(name,urlname,namespace,visible,protected,delvote_ips) VALUES(\'' . $db->escape($name) . '\', \'' . $db->escape($page_id) . '\', \'' . $namespace . '\', '. ( $visible ? '1' : '0' ) .', ' . $prot . ', \'' . $db->escape(serialize($ips)) . '\');'); $qb = $db->sql_query('INSERT INTO ' . table_prefix.'page_text(page_id,namespace) VALUES(\'' . $db->escape($page_id) . '\', \'' . $namespace . '\');'); - $qc = $db->sql_query('INSERT INTO ' . table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace) VALUES('.time().', \'DEPRECATED\', \'page\', \'create\', \'' . $session->username . '\', \'' . $db->escape($page_id) . '\', \'' . $namespace . '\');'); + $qc = $db->sql_query('INSERT INTO ' . table_prefix.'logs(time_id,date_string,log_type,action,author,author_uid,page_id,namespace) VALUES('.time().', \'DEPRECATED\', \'page\', \'create\', \'' . $session->username . '\', ' . $session->user_id . ', \'' . $db->escape($page_id) . '\', \'' . $namespace . '\');'); if($qa && $qb && $qc) return 'good'; @@ -269,7 +269,11 @@ $wiki = ( ( $cdata['wiki_mode'] == 2 && getConfig('wiki_mode') == '1') || $cdata['wiki_mode'] == 1) ? true : false; $prot = ( ( $cdata['protected'] == 2 && $session->user_logged_in && $session->reg_time + 60*60*24*4 < time() ) || $cdata['protected'] == 1) ? true : false; - $q = 'SELECT log_id,time_id,date_string,page_id,namespace,author,edit_summary,minor_edit FROM ' . table_prefix.'logs WHERE log_type=\'page\' AND action=\'edit\' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND is_draft != 1 ORDER BY time_id DESC;'; + $q = 'SELECT log_id,time_id,date_string,page_id,namespace,author,author_uid,u.username,edit_summary,minor_edit FROM ' . table_prefix . "logs AS l\n" + . " LEFT JOIN " . table_prefix . "users AS u\n" + . " ON ( u.user_id = l.author_uid OR u.user_id IS NULL )\n" + . " WHERE log_type='page' AND action='edit' AND page_id='$page_id' AND namespace='$namespace' AND is_draft != 1 ORDER BY time_id DESC;"; + if ( !($q = $db->sql_query($q)) ) $db->_die('The history data for the page "' . $paths->cpage['name'] . '" could not be selected.'); @@ -334,7 +338,9 @@ echo '' . enano_date(ED_DATE | ED_TIME, intval($r['time_id'])) . ''."\n"; // User - if ( $session->get_permissions('mod_misc') && is_valid_ip($r['author']) ) + $real_username = $r['author_uid'] > 1 && !empty($r['username']) ? $r['username'] : $r['author']; + $rank_info = $session->get_user_rank($r['author_uid']); + if ( $session->get_permissions('mod_misc') && is_valid_ip($r['author']) && $r['author_uid'] == 1 ) { $rc = ' style="cursor: pointer;" title="' . $lang->get('history_tip_rdns') . '" onclick="ajaxReverseDNS(this, \'' . $r['author'] . '\');"'; } @@ -342,12 +348,12 @@ { $rc = ''; } - echo 'nslist['User'] . sanitize_page_id($r['author'])) ) + echo 'nslist['User'] . sanitize_page_id($real_username)) ) { echo 'class="wikilink-nonexistent"'; } - echo '>' . $r['author'] . ''."\n"; + echo 'style="' . $rank_info['rank_style'] . '">' . htmlspecialchars($real_username) . ''."\n"; // Edit summary if ( $r['edit_summary'] == 'Automatic backup created when logs were purged' ) @@ -377,7 +383,12 @@ } $db->free_result(); echo '

' . $lang->get('history_heading_other') . '

'; - $sql = 'SELECT log_id,time_id,action,date_string,page_id,namespace,author,edit_summary,minor_edit FROM ' . table_prefix.'logs WHERE log_type=\'page\' AND action!=\'edit\' AND page_id=\'' . $paths->page_id . '\' AND namespace=\'' . $paths->namespace . '\' ORDER BY time_id DESC;'; + + $sql = 'SELECT log_id,action,time_id,date_string,page_id,namespace,author,author_uid,u.username,edit_summary,minor_edit FROM ' . table_prefix . "logs AS l\n" + . " LEFT JOIN " . table_prefix . "users AS u\n" + . " ON ( u.user_id = l.author_uid OR u.user_id IS NULL )\n" + . " WHERE log_type='page' AND action!='edit' AND page_id='$page_id' AND namespace='$namespace' AND is_draft != 1 ORDER BY time_id DESC;"; + if ( !( $q = $db->sql_query($sql)) ) { $db->_die('The history data for the page "' . htmlspecialchars($paths->cpage['name']) . '" could not be selected.'); @@ -410,9 +421,22 @@ echo '' . enano_date(ED_DATE | ED_TIME, intval($r['time_id'])) . ''; // User - echo 'nslist['User'] . sanitize_page_id($r['author']))) echo 'class="wikilink-nonexistent"'; - echo '>' . $r['author'] . ''; + $real_username = $r['author_uid'] > 1 && !empty($r['username']) ? $r['username'] : $r['author']; + $rank_info = $session->get_user_rank($r['author_uid']); + if ( $session->get_permissions('mod_misc') && is_valid_ip($r['author']) && $r['author_uid'] == 1 ) + { + $rc = ' style="cursor: pointer;" title="' . $lang->get('history_tip_rdns') . '" onclick="ajaxReverseDNS(this, \'' . $r['author'] . '\');"'; + } + else + { + $rc = ''; + } + echo 'nslist['User'] . sanitize_page_id($real_username)) ) + { + echo 'class="wikilink-nonexistent"'; + } + echo 'style="' . $rank_info['rank_style'] . '">' . htmlspecialchars($real_username) . ''."\n"; // Minor edit @@ -1071,7 +1095,7 @@ return $lang->get('etc_access_denied_need_reauth'); } - $e = $db->sql_query('INSERT INTO ' . table_prefix.'logs(time_id,date_string,log_type,action,page_id,namespace,author,edit_summary) VALUES('.time().', \''.enano_date(ED_DATE | ED_TIME).'\', \'page\', \'delete\', \'' . $page_id . '\', \'' . $namespace . '\', \'' . $session->username . '\', \'' . $db->escape(htmlspecialchars($reason)) . '\')'); + $e = $db->sql_query('INSERT INTO ' . table_prefix.'logs(time_id,date_string,log_type,action,page_id,namespace,author,author_uid,edit_summary) VALUES('.time().', \''.enano_date(ED_DATE | ED_TIME).'\', \'page\', \'delete\', \'' . $page_id . '\', \'' . $namespace . '\', \'' . $session->username . '\', ' . $session->user_id . ', \'' . $db->escape(htmlspecialchars($reason)) . '\')'); if(!$e) $db->_die('The page log entry could not be inserted.'); $e = $db->sql_query('DELETE FROM ' . table_prefix.'categories WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\''); if(!$e) $db->_die('The page categorization entries could not be deleted.'); diff -r def792dd9b1b -r 1e2c9819ede3 includes/sessions.php --- a/includes/sessions.php Fri Dec 18 09:39:18 2009 -0500 +++ b/includes/sessions.php Fri Dec 18 19:06:49 2009 -0500 @@ -2248,7 +2248,7 @@ function admin_activation_request($u) { global $db; - $this->sql('INSERT INTO '.table_prefix.'logs(log_type, action, time_id, date_string, author, edit_summary) VALUES(\'admin\', \'activ_req\', '.time().', \''.enano_date(ED_DATE | ED_TIME).'\', \''.$this->username.'\', \''.$db->escape($u).'\');'); + $this->sql('INSERT INTO '.table_prefix.'logs(log_type, action, time_id, date_string, author, author_uid, edit_summary) VALUES(\'admin\', \'activ_req\', '.time().', \''.enano_date(ED_DATE | ED_TIME).'\', \''.$this->username.'\', ' . $session->user_id . ', \''.$db->escape($u).'\');'); } /** @@ -2260,15 +2260,16 @@ function activate_account($user, $key) { global $db, $session, $paths, $template, $plugins; // Common objects - $this->sql('UPDATE '.table_prefix.'users SET account_active=1 WHERE username=\''.$db->escape($user).'\' AND activation_key=\''.$db->escape($key).'\';'); - $r = mysql_affected_rows(); - if ( $r > 0 ) + $q = $this->sql('SELECT 1 FROM ' . table_prefix . 'users WHERE username = \''.$db->escape($user).'\' AND activation_key = \''.$db->escape($key).'\''); + if ( $db->numrows() > 0 ) { - $e = $this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary) VALUES(\'security\', \'activ_good\', '.time().', \''.enano_date(ED_DATE | ED_TIME).'\', \''.$db->escape($user).'\', \''.$_SERVER['REMOTE_ADDR'].'\')'); + $new_key = md5(AESCrypt::randkey()); + $this->sql('UPDATE ' . table_prefix . 'users SET account_active = 1, activation_key = \'' . $new_key . '\' WHERE username=\''.$db->escape($user).'\' AND activation_key=\''.$db->escape($key).'\';'); + $this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary) VALUES(\'security\', \'activ_good\', '.time().', \''.enano_date(ED_DATE | ED_TIME).'\', \''.$db->escape($user).'\', \''.$_SERVER['REMOTE_ADDR'].'\')'); } else { - $e = $this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary) VALUES(\'security\', \'activ_bad\', '.time().', \''.enano_date(ED_DATE | ED_TIME).'\', \''.$db->escape($user).'\', \''.$_SERVER['REMOTE_ADDR'].'\')'); + $this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary) VALUES(\'security\', \'activ_bad\', '.time().', \''.enano_date(ED_DATE | ED_TIME).'\', \''.$db->escape($user).'\', \''.$_SERVER['REMOTE_ADDR'].'\')'); } return $r; } diff -r def792dd9b1b -r 1e2c9819ede3 install/includes/payload.php --- a/install/includes/payload.php Fri Dec 18 09:39:18 2009 -0500 +++ b/install/includes/payload.php Fri Dec 18 19:06:49 2009 -0500 @@ -427,7 +427,7 @@ global $db, $session, $paths, $template, $plugins; // Common objects global $installer_version; - $q = $db->sql_query('INSERT INTO ' . table_prefix . 'logs(log_type,action,time_id,date_string,author,page_text,edit_summary) VALUES(\'security\', \'install_enano\', ' . time() . ', \'' . enano_date(ED_DATE | ED_TIME) . '\', \'' . $db->escape($_POST['username']) . '\', \'' . $db->escape(enano_version()) . '\', \'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\');'); + $q = $db->sql_query('INSERT INTO ' . table_prefix . 'logs(log_type,action,time_id,date_string,author,author_uid,page_text,edit_summary) VALUES(\'security\', \'install_enano\', ' . time() . ', \'' . enano_date(ED_DATE | ED_TIME) . '\', \'' . $db->escape($_POST['username']) . '\', 2, \'' . $db->escape(enano_version()) . '\', \'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\');'); if ( !$q ) { echo '

MySQL return: ' . $db->sql_error() . '

'; @@ -564,8 +564,8 @@ { global $db, $session, $paths, $template, $plugins; // Common objects // log the upgrade - $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,page_text,edit_summary) VALUES' - . '(\'security\', \'upgrade_enano\', ' . time() . ', \'[DEPRECATED]\', \'' . $db->escape($session->username) . '\', \'' . $db->escape(installer_enano_version()) . '\', \'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\');'); + $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,author_uid,page_text,edit_summary) VALUES' + . '(\'security\', \'upgrade_enano\', ' . time() . ', \'[DEPRECATED]\', \'' . $db->escape($session->username) . '\', ' . $session->user_id . ', \'' . $db->escape(installer_enano_version()) . '\', \'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\');'); if ( !$q ) { $db->_die(); diff -r def792dd9b1b -r 1e2c9819ede3 install/schemas/mysql_stage2.sql --- a/install/schemas/mysql_stage2.sql Fri Dec 18 09:39:18 2009 -0500 +++ b/install/schemas/mysql_stage2.sql Fri Dec 18 19:06:49 2009 -0500 @@ -41,6 +41,7 @@ page_text text, char_tag varchar(40), author varchar(63), + author_uid mediumint(8) NOT NULL DEFAULT 1, edit_summary text, minor_edit tinyint(1), page_format varchar(16) NOT NULL DEFAULT 'wikitext', diff -r def792dd9b1b -r 1e2c9819ede3 install/schemas/postgresql_stage2.sql --- a/install/schemas/postgresql_stage2.sql Fri Dec 18 09:39:18 2009 -0500 +++ b/install/schemas/postgresql_stage2.sql Fri Dec 18 19:06:49 2009 -0500 @@ -41,6 +41,7 @@ page_text text, char_tag varchar(40), author varchar(63), + author_uid int NOT NULL DEFAULT 1, edit_summary text, minor_edit smallint, page_format varchar(16) NOT NULL DEFAULT 'wikitext', diff -r def792dd9b1b -r 1e2c9819ede3 install/schemas/upgrade/1.1.6-1.1.7-mysql.sql --- a/install/schemas/upgrade/1.1.6-1.1.7-mysql.sql Fri Dec 18 09:39:18 2009 -0500 +++ b/install/schemas/upgrade/1.1.6-1.1.7-mysql.sql Fri Dec 18 19:06:49 2009 -0500 @@ -1,4 +1,5 @@ ALTER TABLE {{TABLE_PREFIX}}users_extra ADD COLUMN date_format varchar(32) NOT NULL DEFAULT 'F d, Y'; ALTER TABLE {{TABLE_PREFIX}}users_extra ADD COLUMN time_format varchar(32) NOT NULL DEFAULT 'G:i'; ALTER TABLE {{TABLE_PREFIX}}lockout ADD COLUMN username varchar(255) NOT NULL DEFAULT ''; - +ALTER TABLE {{TABLE_PREFIX}}logs ADD COLUMN author_uid mediumint(8) NOT NULL DEFAULT 1; +UPDATE {{TABLE_PREFIX}}logs SET author_uid = 1; diff -r def792dd9b1b -r 1e2c9819ede3 install/schemas/upgrade/1.1.6-1.1.7-postgresql.sql --- a/install/schemas/upgrade/1.1.6-1.1.7-postgresql.sql Fri Dec 18 09:39:18 2009 -0500 +++ b/install/schemas/upgrade/1.1.6-1.1.7-postgresql.sql Fri Dec 18 19:06:49 2009 -0500 @@ -1,4 +1,5 @@ ALTER TABLE {{TABLE_PREFIX}}users_extra ADD COLUMN date_format varchar(32) NOT NULL DEFAULT 'F d, Y'; ALTER TABLE {{TABLE_PREFIX}}users_extra ADD COLUMN time_format varchar(32) NOT NULL DEFAULT 'G:i'; ALTER TABLE {{TABLE_PREFIX}}lockout ADD COLUMN username varchar(255) NOT NULL DEFAULT ''; - +ALTER TABLE {{TABLE_PREFIX}}logs ADD COLUMN author_uid int NOT NULL DEFAULT 1; +UPDATE {{TABLE_PREFIX}}logs SET author_uid = 1; diff -r def792dd9b1b -r 1e2c9819ede3 plugins/SpecialAdmin.php --- a/plugins/SpecialAdmin.php Fri Dec 18 09:39:18 2009 -0500 +++ b/plugins/SpecialAdmin.php Fri Dec 18 19:06:49 2009 -0500 @@ -1060,28 +1060,28 @@ { if(isset($_POST['enable_uploads']) && getConfig('enable_uploads') != '1') { - $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author) VALUES(\'security\',\'upload_enable\',' . time() . ',\'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\',\'' . $db->escape($session->username) . '\');'); + $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,author_uid) VALUES(\'security\',\'upload_enable\',' . time() . ',\'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\',\'' . $db->escape($session->username) . '\', ' . $session->user_id . ');'); if ( !$q ) $db->_die(); setConfig('enable_uploads', '1'); } else if ( !isset($_POST['enable_uploads']) && getConfig('enable_uploads') == '1' ) { - $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author) VALUES(\'security\',\'upload_disable\',' . time() . ',\'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\',\'' . $db->escape($session->username) . '\');'); + $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,author_uid) VALUES(\'security\',\'upload_disable\',' . time() . ',\'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\',\'' . $db->escape($session->username) . '\', ' . $session->user_id . ');'); if ( !$q ) $db->_die(); setConfig('enable_uploads', '0'); } if(isset($_POST['enable_imagemagick']) && getConfig('enable_imagemagick') != '1') { - $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author) VALUES(\'security\',\'magick_enable\',' . time() . ',\'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\',\'' . $db->escape($session->username) . '\');'); + $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,author_uid) VALUES(\'security\',\'magick_enable\',' . time() . ',\'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\',\'' . $db->escape($session->username) . '\', ' . $session->user_id . ');'); if ( !$q ) $db->_die(); setConfig('enable_imagemagick', '1'); } else if ( !isset($_POST['enable_imagemagick']) && getConfig('enable_imagemagick') == '1' ) { - $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author) VALUES(\'security\',\'magick_disable\',' . time() . ',\'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\',\'' . $db->escape($session->username) . '\');'); + $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,author_uid) VALUES(\'security\',\'magick_disable\',' . time() . ',\'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\',\'' . $db->escape($session->username) . '\', ' . $session->user_id . ');'); if ( !$q ) $db->_die(); setConfig('enable_imagemagick', '0'); @@ -1096,14 +1096,14 @@ } if(isset($_POST['file_history']) && getConfig('file_history') != '1' ) { - $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author) VALUES(\'security\',\'filehist_enable\',' . time() . ',\'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\',\'' . $db->escape($session->username) . '\');'); + $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,author_uid) VALUES(\'security\',\'filehist_enable\',' . time() . ',\'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\',\'' . $db->escape($session->username) . '\',' . $session->user_id . ');'); if ( !$q ) $db->_die(); setConfig('file_history', '1'); } else if ( !isset($_POST['file_history']) && getConfig('file_history') == '1' ) { - $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author) VALUES(\'security\',\'filehist_disable\',' . time() . ',\'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\',\'' . $db->escape($session->username) . '\');'); + $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,author_uid) VALUES(\'security\',\'filehist_disable\',' . time() . ',\'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\',\'' . $db->escape($session->username) . '\',' . $session->user_id . ');'); if ( !$q ) $db->_die(); setConfig('file_history', '0'); @@ -1115,7 +1115,7 @@ $_POST['imagemagick_path'] = '/usr/bin/convert'; $old = getConfig('imagemagick_path'); $oldnew = "{$old}||{$_POST['imagemagick_path']}"; - $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES(\'security\',\'magick_path\',' . time() . ',\'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\',\'' . $db->escape($session->username) . '\',\'' . $db->escape($oldnew) . '\');'); + $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,author_uid,page_text) VALUES(\'security\',\'magick_path\',' . time() . ',\'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\',\'' . $db->escape($session->username) . '\',' . $session->user_id . ',\'' . $db->escape($oldnew) . '\');'); if ( !$q ) $db->_die(); setConfig('imagemagick_path', $_POST['imagemagick_path']); @@ -1266,191 +1266,6 @@ auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN ) - { - $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true); - echo '

' . $lang->get('adm_err_not_auth_title') . '

'; - echo '

' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '

'; - return; - } - - if(isset($_GET['action'])) - { - if ( !isset($_GET['plugin']) ) - { - echo '
No plugin specified.
'; - } - else if ( !preg_match('/^[A-z0-9_\.-]+\.php$/', $_GET['plugin']) ) - { - echo '
Hacking attempt
'; - } - else - { - $plugin =& $_GET['plugin']; - switch($_GET['action']) - { - case "enable": - $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES(\'security\',\'plugin_enable\',' . time() . ',\'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\',"' . $db->escape($session->username) . '","' . $db->escape($_GET['plugin']) . '");'); - if ( !$q ) - $db->_die(); - setConfig("plugin_$plugin", '1'); - break; - case "disable": - if ( defined('ENANO_DEMO_MODE') && strstr($_GET['plugin'], 'Demo') ) - { - echo('

' . $lang->get('acppl_err_heading') . '

-

' . $lang->get('acppl_err_demo_plugin') . '

'); - break; - } - if ( !in_array($plugin, $plugins->system_plugins) ) - { - $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES(\'security\',\'plugin_disable\',' . time() . ',\'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\',"' . $db->escape($session->username) . '","' . $db->escape($_GET['plugin']) . '");'); - if ( !$q ) - $db->_die(); - setConfig("plugin_$plugin", '0'); - } - else - { - echo '

' . $lang->get('acppl_err_heading') . '

-

' . $lang->get('acppl_err_system_plugin') . '

'; - } - break; - case "reimport": - $plugin_id = substr($plugin, 0, -4); - if ( isset($plugins->loaded_plugins[$plugin_id]) ) - { - // plugin file is safe, call import - $lang->import_plugin( ENANO_ROOT . "/plugins/$plugin" ); - echo '
' . $lang->get('acppl_msg_reimport_success') . '
'; - } - break; - } - } - } - $dir = './plugins/'; - $plugin_list = Array(); - $system = Array(); - $show_system = ( isset($_GET['show_system']) && $_GET['show_system'] == 'yes' ); - - if (is_dir($dir)) - { - if ($dh = opendir($dir)) - { - while (($file = readdir($dh)) !== false) - { - if(preg_match('#^(.*?)\.php$#is', $file) && $file != 'index.php') - { - unset($thelist); - if ( in_array($file, $plugins->system_plugins) ) - { - if ( !$show_system ) - continue; - $thelist =& $system; - } - else - { - $thelist =& $plugin_list; - } - $f = file_get_contents($dir . $file); - $f = explode("\n", $f); - $f = array_slice($f, 2, 7); - $f[0] = substr($f[0], 13, strlen($f[0])); - $f[1] = substr($f[1], 12, strlen($f[1])); - $f[2] = substr($f[2], 13, strlen($f[2])); - $f[3] = substr($f[3], 8, strlen($f[3])); - $f[4] = substr($f[4], 9, strlen($f[4])); - $f[5] = substr($f[5], 12, strlen($f[5])); - $thelist[$file] = Array(); - $thelist[$file]['name'] = $f[0]; - $thelist[$file]['uri'] = $f[1]; - $thelist[$file]['desc'] = $f[2]; - $thelist[$file]['auth'] = $f[3]; - $thelist[$file]['vers'] = $f[4]; - $thelist[$file]['aweb'] = $f[5]; - - if ( preg_match('/^[a-z0-9]+_[a-z0-9_]+$/', $thelist[$file]['name']) ) - $thelist[$file]['name'] = $lang->get($thelist[$file]['name']); - - if ( preg_match('/^[a-z0-9]+_[a-z0-9_]+$/', $thelist[$file]['desc']) ) - $thelist[$file]['desc'] = $lang->get($thelist[$file]['desc']); - - } - } - closedir($dh); - } - else - { - echo '
' . $lang->get('acppl_err_open_dir') . '
'; - return; - } - } - else - { - echo '
' . $lang->get('acppl_err_missing_dir') . '
'; - return; - } - echo('
- - - - - - - - '); - $plugin_files_1 = array_keys($plugin_list); - $plugin_files_2 = array_keys($system); - $plugin_files = array_values(array_merge($plugin_files_1, $plugin_files_2)); - $cls = 'row2'; - for ( $i = 0; $i < sizeof($plugin_files); $i++ ) - { - $cls = ( $cls == 'row2' ) ? 'row3' : 'row2'; - $this_plugin = ( isset($system[$plugin_files[$i]]) ) ? $system[$plugin_files[$i]] : $plugin_list[$plugin_files[$i]]; - $is_system = ( @$system[$plugin_files[$i]] ); - $bgcolor = ''; - if ( $is_system && $cls == 'row2' ) - $bgcolor = ' style="background-color: #FFD8D8;"'; - else if ( $is_system && $cls == 'row3' ) - $bgcolor = ' style="background-color: #FFD0D0;"'; - echo ' - - - - - - '; - } - $showhide_link = ( $show_system ) ? - '' . $lang->get('acppl_btn_hide_system') . '' : - '' . $lang->get('acppl_btn_show_system') . '' ; - echo ''; - echo '
' . $lang->get('acppl_col_filename') . '' . $lang->get('acppl_col_name') . '' . $lang->get('acppl_col_description') . '' . $lang->get('acppl_col_author') . '' . $lang->get('acppl_col_version') . '
'.$plugin_files[$i].''.$this_plugin['name'].''.$this_plugin['desc'].''.$this_plugin['auth'].''.$this_plugin['vers'].''; - if ( !in_array($plugin_files[$i], $plugins->system_plugins) ) - { - if ( getConfig('plugin_'.$plugin_files[$i]) == '1' ) - { - echo '' . $lang->get('acppl_btn_disable') . ''; - echo ' | '; - echo '' . $lang->get('acppl_btn_reimport') . ''; - } - else - { - echo '' . $lang->get('acppl_btn_enable') . ''; - } - } - else - { - echo $lang->get('acppl_lbl_system_plugin'); - } - echo '
'.$showhide_link.'
'; -} -*/ - function page_Admin_DBBackup() { global $db, $session, $paths, $template, $plugins; // Common objects @@ -1496,7 +1311,7 @@ $tables = array_merge($base, $add); // Log it! - $e = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary,page_text) VALUES(\'security\', \'db_backup\', '.time().', \''.enano_date(ED_DATE | ED_TIME).'\', \''.$db->escape($session->username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\', \'' . $db->escape(implode(', ', $tables)) . '\')'); + $e = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,author_uid,edit_summary,page_text) VALUES(\'security\', \'db_backup\', '.time().', \''.enano_date(ED_DATE | ED_TIME).'\', \''.$db->escape($session->username).'\',' . $session->user_id . ', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\', \'' . $db->escape(implode(', ', $tables)) . '\')'); if ( !$e ) $db->_die(); diff -r def792dd9b1b -r 1e2c9819ede3 plugins/SpecialUpdownload.php --- a/plugins/SpecialUpdownload.php Fri Dec 18 09:39:18 2009 -0500 +++ b/plugins/SpecialUpdownload.php Fri Dec 18 19:06:49 2009 -0500 @@ -128,13 +128,13 @@ if(!$db->sql_query('INSERT INTO '.table_prefix.'files(time_id,page_id,filename,size,mimetype,file_extension,file_key) VALUES('.$utime.', \''.$urln.'\', \''.$filename.'\', '.$flen.', \''.$type.'\', \''.$ext.'\', \''.$key.'\')')) $db->_die('The file data entry could not be inserted.'); if(!isset($_POST['update'])) { - if(!$db->sql_query('INSERT INTO '.table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace) VALUES('.$utime.', \''.enano_date(ED_DATE | ED_TIME).'\', \'page\', \'create\', \''.$session->username.'\', \''.$filename.'\', \''.'File'.'\');')) $db->_die('The page log could not be updated.'); + if(!$db->sql_query('INSERT INTO '.table_prefix.'logs(time_id,date_string,log_type,action,author,author_uid,page_id,namespace) VALUES('.$utime.', \''.enano_date(ED_DATE | ED_TIME).'\', \'page\', \'create\', \''.$session->username.'\',' . $session->user_id . ', \''.$filename.'\', \''.'File'.'\');')) $db->_die('The page log could not be updated.'); if(!$db->sql_query('INSERT INTO '.table_prefix.'pages(name,urlname,namespace,protected,delvotes,delvote_ips) VALUES(\''.$filename.'\', \''.$urln.'\', \'File\', 0, 0, \'\')')) $db->_die('The page listing entry could not be inserted.'); if(!$db->sql_query('INSERT INTO '.table_prefix.'page_text(page_id,namespace,page_text,char_tag) VALUES(\''.$urln.'\', \'File\', \''.$comments.'\', \''.$chartag.'\')')) $db->_die('The page text entry could not be inserted.'); } else { - if(!$db->sql_query('INSERT INTO '.table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace,edit_summary) VALUES('.$utime.', \''.enano_date(ED_DATE | ED_TIME).'\', \'page\', \'reupload\', \''.$session->username.'\', \''.$filename.'\', \''.'File'.'\', \''.$comments.'\');')) $db->_die('The page log could not be updated.'); + if(!$db->sql_query('INSERT INTO '.table_prefix.'logs(time_id,date_string,log_type,action,author,author_uid,page_id,namespace,edit_summary) VALUES('.$utime.', \''.enano_date(ED_DATE | ED_TIME).'\', \'page\', \'reupload\', \''.$session->username.'\',' . $session->user_id . ', \''.$filename.'\', \''.'File'.'\', \''.$comments.'\');')) $db->_die('The page log could not be updated.'); } $cache->purge('page_meta'); die_friendly($lang->get('upload_success_title'), '

' . $lang->get('upload_success_body', array('file_link' => makeUrlNS('File', $filename))) . '

'); diff -r def792dd9b1b -r 1e2c9819ede3 plugins/admin/SecurityLog.php --- a/plugins/admin/SecurityLog.php Fri Dec 18 09:39:18 2009 -0500 +++ b/plugins/admin/SecurityLog.php Fri Dec 18 19:06:49 2009 -0500 @@ -38,7 +38,14 @@ $row = $db->fetchrow(); $db->free_result(); $count = intval($row['num']); - $q = $db->sql_query('SELECT action,date_string,author,edit_summary,time_id,page_text FROM '.table_prefix.'logs WHERE log_type=\'security\' ORDER BY time_id DESC, action ASC;'); + + $l = 'SELECT action,date_string,author,author_uid,u.username,edit_summary,time_id,page_text FROM '.table_prefix."logs AS l\n" + . " LEFT JOIN " . table_prefix . "users AS u\n" + . " ON ( u.user_id = l.author_uid OR u.user_id IS NULL )\n" + . " WHERE log_type='security'\n" + . " ORDER BY time_id DESC, action ASC;"; + + $q = $db->sql_query($l); if ( !$q ) $db->_die(); @@ -71,7 +78,7 @@ if ( $session->auth_level < USER_LEVEL_ADMIN ) { - $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author) VALUES(\'security\',\'seclog_unauth\',' . time() . ',"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '");'); + $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,author_uid) VALUES(\'security\',\'seclog_unauth\',' . time() . ', \'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\', \'' . $db->escape($session->username) . '\', ' . $session->user_id . ');'); if ( !$q ) $db->_die(); die('Security log: unauthorized attempt to fetch. Call has been logged and reported to the administrators.'); @@ -94,14 +101,13 @@ // } // else // { - if(is_int($num)) - { - $l = 'SELECT action,date_string,author,edit_summary,time_id,page_text FROM '.table_prefix.'logs WHERE log_type=\'security\' ORDER BY time_id DESC, action ASC LIMIT '.$num.';'; - } - else - { - $l = 'SELECT action,date_string,author,edit_summary,time_id,page_text FROM '.table_prefix.'logs WHERE log_type=\'security\' ORDER BY time_id DESC, action ASC;'; - } + $limit_clause = is_int($num) ? " LIMIT $num" : ''; + $l = 'SELECT action,date_string,author,author_uid,u.username,edit_summary,time_id,page_text FROM '.table_prefix."logs AS l\n" + . " LEFT JOIN " . table_prefix . "users AS u\n" + . " ON ( u.user_id = l.author_uid OR u.user_id IS NULL )\n" + . " WHERE log_type='security'\n" + . " ORDER BY time_id DESC, action ASC{$limit_clause};"; + $q = $db->sql_query($l); while($r = $db->fetchrow($q)) { @@ -175,7 +181,13 @@ case "u_to_mod" : $return .= $lang->get('acpsl_entry_u_to_mod' , array('username' => $r['page_text'])); break; case "view_comment_ip" : $return .= $lang->get('acpsl_entry_view_comment_ip' , array('username' => htmlspecialchars($r['page_text']))); break; } - $return .= ''.enano_date(ED_DATE | ED_TIME, $r['time_id']).''.$r['author'].''.$r['edit_summary'].''; + $author_bit = ''; + $author_bit .= $r['author_uid'] > 1 && !empty($r['username']) ? htmlspecialchars($r['username']) : htmlspecialchars($r['author']); + $author_bit .= ''; + $return .= ''.enano_date(ED_DATE | ED_TIME, $r['time_id']).''.$author_bit.''.$r['edit_summary'].''; return $return; } diff -r def792dd9b1b -r 1e2c9819ede3 plugins/admin/UserManager.php --- a/plugins/admin/UserManager.php Fri Dec 18 09:39:18 2009 -0500 +++ b/plugins/admin/UserManager.php Fri Dec 18 19:06:49 2009 -0500 @@ -273,14 +273,14 @@ // We need to update group memberships if ( $existing_level == USER_LEVEL_ADMIN ) { - $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES(\'security\',\'u_from_admin\',' . time() . ',"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '","' . $db->escape($username) . '");'); + $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,author_uid,page_text) VALUES(\'security\',\'u_from_admin\',' . time() . ', \'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\', ' . $session->user_id . ', \'' . $db->escape($session->username) . '\', \'' . $db->escape($username) . '\');'); if ( !$q ) $db->_die(); $session->remove_user_from_group($user_id, GROUP_ID_ADMIN); } else if ( $existing_level == USER_LEVEL_MOD ) { - $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES(\'security\',\'u_from_mod\',' . time() . ',"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '","' . $db->escape($username) . '");'); + $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,author_uid,page_text) VALUES(\'security\',\'u_from_mod\',' . time() . ', \'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\', ' . $session->user_id . ', \'' . $db->escape($session->username) . '\', \'' . $db->escape($username) . '\');'); if ( !$q ) $db->_die(); $session->remove_user_from_group($user_id, GROUP_ID_MOD); @@ -288,14 +288,14 @@ if ( $user_level == USER_LEVEL_ADMIN ) { - $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES(\'security\',\'u_to_admin\',' . time() . ',"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '","' . $db->escape($username) . '");'); + $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,author_uid,page_text) VALUES(\'security\',\'u_to_admin\',' . time() . ', \'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\', ' . $session->user_id . ', \'' . $db->escape($session->username) . '\', \'' . $db->escape($username) . '\');'); if ( !$q ) $db->_die(); $session->add_user_to_group($user_id, GROUP_ID_ADMIN, false); } else if ( $user_level == USER_LEVEL_MOD ) { - $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES(\'security\',\'u_to_mod\',' . time() . ',"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '","' . $db->escape($username) . '");'); + $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,author_uid,page_text) VALUES(\'security\',\'u_to_mod\',' . time() . ', \'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\', ' . $session->user_id . ', \'' . $db->escape($session->username) . '\', \'' . $db->escape($username) . '\');'); if ( !$q ) $db->_die(); $session->add_user_to_group($user_id, GROUP_ID_MOD, false);