# HG changeset patch # User Dan # Date 1261181209 18000 # Node ID 1e2c9819ede3b88b1570ab2f4c2970d9f3d96e8d # Parent def792dd9b1bf5699c76a7bb05502d9a971b1eda Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6. diff -r def792dd9b1b -r 1e2c9819ede3 ajax.php --- a/ajax.php Fri Dec 18 09:39:18 2009 -0500 +++ b/ajax.php Fri Dec 18 19:06:49 2009 -0500 @@ -248,13 +248,14 @@ else { // Save the draft - $q = $db->sql_query('INSERT INTO ' . table_prefix . 'logs ( log_type, action, page_id, namespace, author, edit_summary, page_text, is_draft, time_id, page_format ) + $q = $db->sql_query('INSERT INTO ' . table_prefix . 'logs ( log_type, action, page_id, namespace, author, author_uid, edit_summary, page_text, is_draft, time_id, page_format ) VALUES ( \'page\', \'edit\', \'' . $db->escape($paths->page_id) . '\', \'' . $db->escape($paths->namespace) . '\', \'' . $db->escape($session->username) . '\', + ' . $session->user_id . ', \'' . $db->escape($request['summary']) . '\', \'' . $db->escape($src) . '\', 1, diff -r def792dd9b1b -r 1e2c9819ede3 includes/dbal.php --- a/includes/dbal.php Fri Dec 18 09:39:18 2009 -0500 +++ b/includes/dbal.php Fri Dec 18 19:06:49 2009 -0500 @@ -411,13 +411,19 @@ { global $session; if ( is_object($session) && defined('ENANO_MAINSTREAM') ) + { $username = $session->username; + $user_id = $session->user_id; + } else + { $username = 'Unavailable'; + $user_id = 1; + } $query = $this->escape($query); - $q = $this->sql_query('INSERT INTO '.table_prefix.'logs(log_type, action, time_id, date_string, page_text, author, edit_summary) - VALUES(\'security\', \'sql_inject\', '.time().', \'\', \''.$query.'\', \''.$username.'\', \''.$_SERVER['REMOTE_ADDR'].'\');'); + $q = $this->sql_query('INSERT INTO '.table_prefix.'logs(log_type, action, time_id, date_string, page_text, author, author_uid, edit_summary) + VALUES(\'security\', \'sql_inject\', '.time().', \'\', \''.$query.'\', \''.$username.'\', ' . $user_id . ', \''.$_SERVER['REMOTE_ADDR'].'\');'); } /** @@ -951,13 +957,20 @@ function report_query($query) { global $session; - if(is_object($session) && defined('ENANO_MAINSTREAM')) + if ( is_object($session) && defined('ENANO_MAINSTREAM') ) + { $username = $session->username; + $user_id = $session->user_id; + } else + { $username = 'Unavailable'; + $user_id = 1; + } + $query = $this->escape($query); - $q = $this->sql_query('INSERT INTO '.table_prefix.'logs(log_type, action, time_id, date_string, page_text, author, edit_summary) - VALUES(\'security\', \'sql_inject\', '.time().', \'\', \''.$query.'\', \''.$username.'\', \''.$_SERVER['REMOTE_ADDR'].'\');'); + $q = $this->sql_query('INSERT INTO '.table_prefix.'logs(log_type, action, time_id, date_string, page_text, author, author_uid, edit_summary) + VALUES(\'security\', \'sql_inject\', '.time().', \'\', \''.$query.'\', \''.$username.'\', ' . $user_id . ', \''.$_SERVER['REMOTE_ADDR'].'\');'); } /** diff -r def792dd9b1b -r 1e2c9819ede3 includes/log.php --- a/includes/log.php Fri Dec 18 09:39:18 2009 -0500 +++ b/includes/log.php Fri Dec 18 19:06:49 2009 -0500 @@ -160,8 +160,10 @@ $limit = ( $page_size > 0 ) ? "\n LIMIT $page_size OFFSET $offset" : ''; else $limit = ( $page_size > 0 ) ? "\n LIMIT $offset, $page_size" : ''; - $columns = ( $just_page_count ) ? 'COUNT(*)' : 'log_id, action, page_id, namespace, CHAR_LENGTH(page_text) AS revision_size, author, time_id, edit_summary, minor_edit'; + $columns = ( $just_page_count ) ? 'COUNT(*)' : 'log_id, action, page_id, namespace, CHAR_LENGTH(page_text) AS revision_size, author, author_uid, u.username, time_id, edit_summary, minor_edit'; $sql = 'SELECT ' . $columns . ' FROM ' . table_prefix . "logs AS l\n" + . " LEFT JOIN " . table_prefix . "users AS u\n" + . " ON ( u.user_id = l.author_uid OR u.user_id IS NULL )\n" . " WHERE log_type = 'page' AND is_draft != 1$where_extra\n" . " GROUP BY log_id, action, page_id, namespace, page_text, author, time_id, edit_summary, minor_edit\n" . " ORDER BY time_id DESC $limit;"; @@ -386,14 +388,15 @@ } // link to userpage - $cls = ( isPage($paths->nslist['User'] . $row['author']) ) ? '' : ' class="wikilink-nonexistent"'; - $rank_info = $session->get_user_rank($row['author']); - $html .= '' . htmlspecialchars($row['author']) . ' '; + $real_username = $row['author_uid'] > 1 && !empty($row['username']) ? $row['username'] : $row['author']; + $cls = ( isPage($paths->nslist['User'] . $real_username) ) ? '' : ' class="wikilink-nonexistent"'; + $rank_info = $session->get_user_rank($row['author_uid']); + $html .= '' . htmlspecialchars($real_username) . ' '; $html .= '('; - $html .= ''; + $html .= ''; $html .= $lang->get('pagetools_rc_btn_pm'); $html .= ', '; - $html .= ''; + $html .= ''; $html .= $lang->get('pagetools_rc_btn_usertalk'); $html .= ''; $html .= ') . . '; diff -r def792dd9b1b -r 1e2c9819ede3 includes/pageprocess.php --- a/includes/pageprocess.php Fri Dec 18 09:39:18 2009 -0500 +++ b/includes/pageprocess.php Fri Dec 18 19:06:49 2009 -0500 @@ -459,8 +459,8 @@ $date_string = enano_date(ED_DATE | ED_TIME); // Insert log entry - $sql = 'INSERT INTO ' . table_prefix . "logs ( time_id, date_string, log_type, action, page_id, namespace, author, page_text, edit_summary, minor_edit, page_format )\n" - . " VALUES ( $time, '$date_string', 'page', 'edit', '{$this->page_id}', '{$this->namespace}', '$author', '$text', '$edit_summary', $minor_edit, '$page_format' );"; + $sql = 'INSERT INTO ' . table_prefix . "logs ( time_id, date_string, log_type, action, page_id, namespace, author, author_uid, page_text, edit_summary, minor_edit, page_format )\n" + . " VALUES ( $time, '$date_string', 'page', 'edit', '{$this->page_id}', '{$this->namespace}', '$author', $session->user_id, '$text', '$edit_summary', $minor_edit, '$page_format' );"; if ( !$db->sql_query($sql) ) { $this->raise_error($db->get_error()); @@ -588,9 +588,9 @@ $db->_die('PageProcessor page creation - text stage'); // Query 3: Log entry - $db->sql_query('INSERT INTO ' . table_prefix."logs(time_id, date_string, log_type, action, author, page_id, namespace)\n" + $db->sql_query('INSERT INTO ' . table_prefix."logs(time_id, date_string, log_type, action, author, author_uid, page_id, namespace)\n" . " VALUES ( " . time() . ", 'DEPRECATED', 'page', 'create', \n" - . " '" . $db->escape($session->username) . "', '" . $db->escape($this->page_id) . "', '" . $this->namespace . "');"); + . " '" . $db->escape($session->username) . "', $session->user_id, '" . $db->escape($this->page_id) . "', '" . $this->namespace . "');"); if ( !$q ) $db->_die('PageProcessor page creation - logging stage'); @@ -1132,7 +1132,7 @@ global $email; // Log it for crying out loud - $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary,page_text) VALUES(\'security\', \'illegal_page\', '.time().', \'DEPRECATED\', \''.$db->escape($session->username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\', \'' . $db->escape(serialize(array($this->page_id, $this->namespace))) . '\')'); + $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,author_uid,edit_summary,page_text) VALUES(\'security\', \'illegal_page\', '.time().', \'DEPRECATED\', \''.$db->escape($session->username).'\', ' . $session->user_id . ', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\', \'' . $db->escape(serialize(array($this->page_id, $this->namespace))) . '\')'); $ob = ''; //$template->tpl_strings['PAGE_NAME'] = 'Access denied'; diff -r def792dd9b1b -r 1e2c9819ede3 includes/pageutils.php --- a/includes/pageutils.php Fri Dec 18 09:39:18 2009 -0500 +++ b/includes/pageutils.php Fri Dec 18 19:06:49 2009 -0500 @@ -204,7 +204,7 @@ $qa = $db->sql_query('INSERT INTO ' . table_prefix.'pages(name,urlname,namespace,visible,protected,delvote_ips) VALUES(\'' . $db->escape($name) . '\', \'' . $db->escape($page_id) . '\', \'' . $namespace . '\', '. ( $visible ? '1' : '0' ) .', ' . $prot . ', \'' . $db->escape(serialize($ips)) . '\');'); $qb = $db->sql_query('INSERT INTO ' . table_prefix.'page_text(page_id,namespace) VALUES(\'' . $db->escape($page_id) . '\', \'' . $namespace . '\');'); - $qc = $db->sql_query('INSERT INTO ' . table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace) VALUES('.time().', \'DEPRECATED\', \'page\', \'create\', \'' . $session->username . '\', \'' . $db->escape($page_id) . '\', \'' . $namespace . '\');'); + $qc = $db->sql_query('INSERT INTO ' . table_prefix.'logs(time_id,date_string,log_type,action,author,author_uid,page_id,namespace) VALUES('.time().', \'DEPRECATED\', \'page\', \'create\', \'' . $session->username . '\', ' . $session->user_id . ', \'' . $db->escape($page_id) . '\', \'' . $namespace . '\');'); if($qa && $qb && $qc) return 'good'; @@ -269,7 +269,11 @@ $wiki = ( ( $cdata['wiki_mode'] == 2 && getConfig('wiki_mode') == '1') || $cdata['wiki_mode'] == 1) ? true : false; $prot = ( ( $cdata['protected'] == 2 && $session->user_logged_in && $session->reg_time + 60*60*24*4 < time() ) || $cdata['protected'] == 1) ? true : false; - $q = 'SELECT log_id,time_id,date_string,page_id,namespace,author,edit_summary,minor_edit FROM ' . table_prefix.'logs WHERE log_type=\'page\' AND action=\'edit\' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND is_draft != 1 ORDER BY time_id DESC;'; + $q = 'SELECT log_id,time_id,date_string,page_id,namespace,author,author_uid,u.username,edit_summary,minor_edit FROM ' . table_prefix . "logs AS l\n" + . " LEFT JOIN " . table_prefix . "users AS u\n" + . " ON ( u.user_id = l.author_uid OR u.user_id IS NULL )\n" + . " WHERE log_type='page' AND action='edit' AND page_id='$page_id' AND namespace='$namespace' AND is_draft != 1 ORDER BY time_id DESC;"; + if ( !($q = $db->sql_query($q)) ) $db->_die('The history data for the page "' . $paths->cpage['name'] . '" could not be selected.'); @@ -334,7 +338,9 @@ echo '
MySQL return: ' . $db->sql_error() . '
'; @@ -564,8 +564,8 @@ { global $db, $session, $paths, $template, $plugins; // Common objects // log the upgrade - $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,page_text,edit_summary) VALUES' - . '(\'security\', \'upgrade_enano\', ' . time() . ', \'[DEPRECATED]\', \'' . $db->escape($session->username) . '\', \'' . $db->escape(installer_enano_version()) . '\', \'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\');'); + $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,author_uid,page_text,edit_summary) VALUES' + . '(\'security\', \'upgrade_enano\', ' . time() . ', \'[DEPRECATED]\', \'' . $db->escape($session->username) . '\', ' . $session->user_id . ', \'' . $db->escape(installer_enano_version()) . '\', \'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\');'); if ( !$q ) { $db->_die(); diff -r def792dd9b1b -r 1e2c9819ede3 install/schemas/mysql_stage2.sql --- a/install/schemas/mysql_stage2.sql Fri Dec 18 09:39:18 2009 -0500 +++ b/install/schemas/mysql_stage2.sql Fri Dec 18 19:06:49 2009 -0500 @@ -41,6 +41,7 @@ page_text text, char_tag varchar(40), author varchar(63), + author_uid mediumint(8) NOT NULL DEFAULT 1, edit_summary text, minor_edit tinyint(1), page_format varchar(16) NOT NULL DEFAULT 'wikitext', diff -r def792dd9b1b -r 1e2c9819ede3 install/schemas/postgresql_stage2.sql --- a/install/schemas/postgresql_stage2.sql Fri Dec 18 09:39:18 2009 -0500 +++ b/install/schemas/postgresql_stage2.sql Fri Dec 18 19:06:49 2009 -0500 @@ -41,6 +41,7 @@ page_text text, char_tag varchar(40), author varchar(63), + author_uid int NOT NULL DEFAULT 1, edit_summary text, minor_edit smallint, page_format varchar(16) NOT NULL DEFAULT 'wikitext', diff -r def792dd9b1b -r 1e2c9819ede3 install/schemas/upgrade/1.1.6-1.1.7-mysql.sql --- a/install/schemas/upgrade/1.1.6-1.1.7-mysql.sql Fri Dec 18 09:39:18 2009 -0500 +++ b/install/schemas/upgrade/1.1.6-1.1.7-mysql.sql Fri Dec 18 19:06:49 2009 -0500 @@ -1,4 +1,5 @@ ALTER TABLE {{TABLE_PREFIX}}users_extra ADD COLUMN date_format varchar(32) NOT NULL DEFAULT 'F d, Y'; ALTER TABLE {{TABLE_PREFIX}}users_extra ADD COLUMN time_format varchar(32) NOT NULL DEFAULT 'G:i'; ALTER TABLE {{TABLE_PREFIX}}lockout ADD COLUMN username varchar(255) NOT NULL DEFAULT ''; - +ALTER TABLE {{TABLE_PREFIX}}logs ADD COLUMN author_uid mediumint(8) NOT NULL DEFAULT 1; +UPDATE {{TABLE_PREFIX}}logs SET author_uid = 1; diff -r def792dd9b1b -r 1e2c9819ede3 install/schemas/upgrade/1.1.6-1.1.7-postgresql.sql --- a/install/schemas/upgrade/1.1.6-1.1.7-postgresql.sql Fri Dec 18 09:39:18 2009 -0500 +++ b/install/schemas/upgrade/1.1.6-1.1.7-postgresql.sql Fri Dec 18 19:06:49 2009 -0500 @@ -1,4 +1,5 @@ ALTER TABLE {{TABLE_PREFIX}}users_extra ADD COLUMN date_format varchar(32) NOT NULL DEFAULT 'F d, Y'; ALTER TABLE {{TABLE_PREFIX}}users_extra ADD COLUMN time_format varchar(32) NOT NULL DEFAULT 'G:i'; ALTER TABLE {{TABLE_PREFIX}}lockout ADD COLUMN username varchar(255) NOT NULL DEFAULT ''; - +ALTER TABLE {{TABLE_PREFIX}}logs ADD COLUMN author_uid int NOT NULL DEFAULT 1; +UPDATE {{TABLE_PREFIX}}logs SET author_uid = 1; diff -r def792dd9b1b -r 1e2c9819ede3 plugins/SpecialAdmin.php --- a/plugins/SpecialAdmin.php Fri Dec 18 09:39:18 2009 -0500 +++ b/plugins/SpecialAdmin.php Fri Dec 18 19:06:49 2009 -0500 @@ -1060,28 +1060,28 @@ { if(isset($_POST['enable_uploads']) && getConfig('enable_uploads') != '1') { - $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author) VALUES(\'security\',\'upload_enable\',' . time() . ',\'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\',\'' . $db->escape($session->username) . '\');'); + $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,author_uid) VALUES(\'security\',\'upload_enable\',' . time() . ',\'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\',\'' . $db->escape($session->username) . '\', ' . $session->user_id . ');'); if ( !$q ) $db->_die(); setConfig('enable_uploads', '1'); } else if ( !isset($_POST['enable_uploads']) && getConfig('enable_uploads') == '1' ) { - $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author) VALUES(\'security\',\'upload_disable\',' . time() . ',\'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\',\'' . $db->escape($session->username) . '\');'); + $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,author_uid) VALUES(\'security\',\'upload_disable\',' . time() . ',\'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\',\'' . $db->escape($session->username) . '\', ' . $session->user_id . ');'); if ( !$q ) $db->_die(); setConfig('enable_uploads', '0'); } if(isset($_POST['enable_imagemagick']) && getConfig('enable_imagemagick') != '1') { - $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author) VALUES(\'security\',\'magick_enable\',' . time() . ',\'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\',\'' . $db->escape($session->username) . '\');'); + $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,author_uid) VALUES(\'security\',\'magick_enable\',' . time() . ',\'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\',\'' . $db->escape($session->username) . '\', ' . $session->user_id . ');'); if ( !$q ) $db->_die(); setConfig('enable_imagemagick', '1'); } else if ( !isset($_POST['enable_imagemagick']) && getConfig('enable_imagemagick') == '1' ) { - $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author) VALUES(\'security\',\'magick_disable\',' . time() . ',\'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\',\'' . $db->escape($session->username) . '\');'); + $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,author_uid) VALUES(\'security\',\'magick_disable\',' . time() . ',\'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\',\'' . $db->escape($session->username) . '\', ' . $session->user_id . ');'); if ( !$q ) $db->_die(); setConfig('enable_imagemagick', '0'); @@ -1096,14 +1096,14 @@ } if(isset($_POST['file_history']) && getConfig('file_history') != '1' ) { - $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author) VALUES(\'security\',\'filehist_enable\',' . time() . ',\'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\',\'' . $db->escape($session->username) . '\');'); + $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,author_uid) VALUES(\'security\',\'filehist_enable\',' . time() . ',\'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\',\'' . $db->escape($session->username) . '\',' . $session->user_id . ');'); if ( !$q ) $db->_die(); setConfig('file_history', '1'); } else if ( !isset($_POST['file_history']) && getConfig('file_history') == '1' ) { - $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author) VALUES(\'security\',\'filehist_disable\',' . time() . ',\'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\',\'' . $db->escape($session->username) . '\');'); + $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,author_uid) VALUES(\'security\',\'filehist_disable\',' . time() . ',\'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\',\'' . $db->escape($session->username) . '\',' . $session->user_id . ');'); if ( !$q ) $db->_die(); setConfig('file_history', '0'); @@ -1115,7 +1115,7 @@ $_POST['imagemagick_path'] = '/usr/bin/convert'; $old = getConfig('imagemagick_path'); $oldnew = "{$old}||{$_POST['imagemagick_path']}"; - $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES(\'security\',\'magick_path\',' . time() . ',\'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\',\'' . $db->escape($session->username) . '\',\'' . $db->escape($oldnew) . '\');'); + $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,author_uid,page_text) VALUES(\'security\',\'magick_path\',' . time() . ',\'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\',\'' . $db->escape($session->username) . '\',' . $session->user_id . ',\'' . $db->escape($oldnew) . '\');'); if ( !$q ) $db->_die(); setConfig('imagemagick_path', $_POST['imagemagick_path']); @@ -1266,191 +1266,6 @@ auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN ) - { - $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true); - echo '' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '
'; - return; - } - - if(isset($_GET['action'])) - { - if ( !isset($_GET['plugin']) ) - { - echo '' . $lang->get('acppl_err_demo_plugin') . '
'); - break; - } - if ( !in_array($plugin, $plugins->system_plugins) ) - { - $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES(\'security\',\'plugin_disable\',' . time() . ',\'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\',"' . $db->escape($session->username) . '","' . $db->escape($_GET['plugin']) . '");'); - if ( !$q ) - $db->_die(); - setConfig("plugin_$plugin", '0'); - } - else - { - echo '' . $lang->get('acppl_err_system_plugin') . '
'; - } - break; - case "reimport": - $plugin_id = substr($plugin, 0, -4); - if ( isset($plugins->loaded_plugins[$plugin_id]) ) - { - // plugin file is safe, call import - $lang->import_plugin( ENANO_ROOT . "/plugins/$plugin" ); - echo '' . $lang->get('acppl_col_filename') . ' | -' . $lang->get('acppl_col_name') . ' | -' . $lang->get('acppl_col_description') . ' | -' . $lang->get('acppl_col_author') . ' | -' . $lang->get('acppl_col_version') . ' | -- |
---|---|---|---|---|---|
'.$plugin_files[$i].' | -'.$this_plugin['name'].' | -'.$this_plugin['desc'].' | -'.$this_plugin['auth'].' | -'.$this_plugin['vers'].' | -'; - if ( !in_array($plugin_files[$i], $plugins->system_plugins) ) - { - if ( getConfig('plugin_'.$plugin_files[$i]) == '1' ) - { - echo '' . $lang->get('acppl_btn_disable') . ''; - echo ' | '; - echo '' . $lang->get('acppl_btn_reimport') . ''; - } - else - { - echo '' . $lang->get('acppl_btn_enable') . ''; - } - } - else - { - echo $lang->get('acppl_lbl_system_plugin'); - } - echo ' |
'.$showhide_link.' |
' . $lang->get('upload_success_body', array('file_link' => makeUrlNS('File', $filename))) . '
'); diff -r def792dd9b1b -r 1e2c9819ede3 plugins/admin/SecurityLog.php --- a/plugins/admin/SecurityLog.php Fri Dec 18 09:39:18 2009 -0500 +++ b/plugins/admin/SecurityLog.php Fri Dec 18 19:06:49 2009 -0500 @@ -38,7 +38,14 @@ $row = $db->fetchrow(); $db->free_result(); $count = intval($row['num']); - $q = $db->sql_query('SELECT action,date_string,author,edit_summary,time_id,page_text FROM '.table_prefix.'logs WHERE log_type=\'security\' ORDER BY time_id DESC, action ASC;'); + + $l = 'SELECT action,date_string,author,author_uid,u.username,edit_summary,time_id,page_text FROM '.table_prefix."logs AS l\n" + . " LEFT JOIN " . table_prefix . "users AS u\n" + . " ON ( u.user_id = l.author_uid OR u.user_id IS NULL )\n" + . " WHERE log_type='security'\n" + . " ORDER BY time_id DESC, action ASC;"; + + $q = $db->sql_query($l); if ( !$q ) $db->_die(); @@ -71,7 +78,7 @@ if ( $session->auth_level < USER_LEVEL_ADMIN ) { - $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author) VALUES(\'security\',\'seclog_unauth\',' . time() . ',"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '");'); + $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,author_uid) VALUES(\'security\',\'seclog_unauth\',' . time() . ', \'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\', \'' . $db->escape($session->username) . '\', ' . $session->user_id . ');'); if ( !$q ) $db->_die(); die('Security log: unauthorized attempt to fetch. Call has been logged and reported to the administrators.'); @@ -94,14 +101,13 @@ // } // else // { - if(is_int($num)) - { - $l = 'SELECT action,date_string,author,edit_summary,time_id,page_text FROM '.table_prefix.'logs WHERE log_type=\'security\' ORDER BY time_id DESC, action ASC LIMIT '.$num.';'; - } - else - { - $l = 'SELECT action,date_string,author,edit_summary,time_id,page_text FROM '.table_prefix.'logs WHERE log_type=\'security\' ORDER BY time_id DESC, action ASC;'; - } + $limit_clause = is_int($num) ? " LIMIT $num" : ''; + $l = 'SELECT action,date_string,author,author_uid,u.username,edit_summary,time_id,page_text FROM '.table_prefix."logs AS l\n" + . " LEFT JOIN " . table_prefix . "users AS u\n" + . " ON ( u.user_id = l.author_uid OR u.user_id IS NULL )\n" + . " WHERE log_type='security'\n" + . " ORDER BY time_id DESC, action ASC{$limit_clause};"; + $q = $db->sql_query($l); while($r = $db->fetchrow($q)) { @@ -175,7 +181,13 @@ case "u_to_mod" : $return .= $lang->get('acpsl_entry_u_to_mod' , array('username' => $r['page_text'])); break; case "view_comment_ip" : $return .= $lang->get('acpsl_entry_view_comment_ip' , array('username' => htmlspecialchars($r['page_text']))); break; } - $return .= '