htdocs/auth/iplogs.php
changeset 29 300f673fbbdc
equal deleted inserted replaced
28:a7e537c0b549 29:300f673fbbdc
       
     1 <?php
       
     2 
       
     3 // auth if possible
       
     4 if ( file_exists('./includes/common.php') )
       
     5 {
       
     6   require('includes/common.php');
       
     7   if ( !$session->user_logged_in )
       
     8   {
       
     9     // error out
       
    10     $paths->main_page();
       
    11     die('Not authorized');
       
    12   }
       
    13   $db->close();
       
    14   // unload Enano, we don't need it anymore
       
    15   unset($db, $session, $paths, $template, $plugins);
       
    16 }
       
    17 
       
    18 function parse_wildcard($str)
       
    19 {
       
    20   $append = isset($_POST['match_whole']) ? '' : '%';
       
    21   return $append . mysql_real_escape_string(strtr(str_replace(array('%', '_'), array('\%', '\_'), $str), '*?', '%_')) . $append;
       
    22 }
       
    23 
       
    24 function basenick($nick)
       
    25 {
       
    26   if ( preg_match('/^`/', $nick) )
       
    27   {
       
    28     $nick = substr($nick, 1);
       
    29   }
       
    30   return preg_replace('/(`|\|)(.+?)$/', '', $nick);
       
    31 }
       
    32 
       
    33 function dbdie()
       
    34 {
       
    35   die('MySQL query error: ' . mysql_error());
       
    36 }
       
    37 
       
    38 function tableize_mysql_result($result)
       
    39 {
       
    40   $col_strings = array(
       
    41       'nick' => 'Nickname',
       
    42       'basenick' => 'Basenick',
       
    43       'ip' => 'IP',
       
    44       'hostname' => 'Hostname',
       
    45       'time' => 'Last join',
       
    46       'channel' => 'Channel'
       
    47     );
       
    48   if ( mysql_num_rows($result) < 1 )
       
    49   {
       
    50     echo '<p>No results.</p>';
       
    51     return true;
       
    52   }
       
    53   $row = @mysql_fetch_assoc($result);
       
    54   echo '<table border="1" cellpadding="3"><tr>';
       
    55   foreach ( $row as $col => $_ )
       
    56   {
       
    57     echo "<th>{$col_strings[$col]}</th>";
       
    58   }
       
    59   echo '</tr>';
       
    60   do
       
    61   {
       
    62     echo "<tr>";
       
    63     foreach ( $row as $col => $val )
       
    64     {
       
    65       if ( $col == 'nick' )
       
    66         echo "<td><a href=\"iplogs.php?query_user=" . urlencode($val) . "\">$val</a></td>";
       
    67       else if ( $col == 'ip' )
       
    68         echo "<td><a href=\"iplogs.php?query_ip=" . urlencode($val) . "\">$val</a></td>";
       
    69       else if ( $col == 'time' )
       
    70         echo "<td>" . date('r', intval($val)) . "</td>";
       
    71       else
       
    72         echo "<td>$val</td>";
       
    73     }
       
    74     echo "</tr>";
       
    75   }
       
    76   while ( $row = mysql_fetch_assoc($result) );
       
    77   echo '</table>';
       
    78   return true;
       
    79 }
       
    80 
       
    81 require('../../stats-fe.php');
       
    82 require('../../timezone.php');
       
    83 
       
    84 echo '<h2>' . $nick . ' IP logs</h2>';
       
    85 
       
    86 if ( isset($_POST['submit']) )
       
    87 {
       
    88   $query = 'SELECT nick, basenick, ip, hostname, channel, time FROM ip_log';
       
    89   $where = 'WHERE';
       
    90   if ( !empty($_POST['nick']) )
       
    91   {
       
    92     $query .= " $where ( nick LIKE '" . parse_wildcard($_POST['nick']) . "'";
       
    93     $query .= " OR basenick LIKE '" . parse_wildcard($_POST['nick']) . "' )";
       
    94     $where = 'OR';
       
    95   }
       
    96   if ( !empty($_POST['ip']) )
       
    97   {
       
    98     $query .= " $where ip LIKE '" . parse_wildcard($_POST['ip']) . "'";
       
    99     $where = 'OR';
       
   100   }
       
   101   if ( !empty($_POST['host']) )
       
   102   {
       
   103     $query .= " $where hostname LIKE '" . parse_wildcard($_POST['host']) . "'";
       
   104     $where = 'OR';
       
   105   }
       
   106   if ( !empty($_POST['channel']) && $_POST['channel'] != '#' )
       
   107   {
       
   108     $query .= " $where channel LIKE '" . parse_wildcard($_POST['channel']) . "'";
       
   109     $where = 'OR';
       
   110   }
       
   111   
       
   112   $query .= ';';
       
   113   
       
   114   if ( $result = eb_mysql_query($query) )
       
   115   {
       
   116     $num_results = mysql_num_rows($result);
       
   117     $str = ( $num_results == 1 ) ? "1 result" : "$num_results results";
       
   118     tableize_mysql_result($result);
       
   119   }
       
   120 }
       
   121 
       
   122 if ( isset($_GET['query_user']) )
       
   123 {
       
   124   $nick =& $_GET['query_user'];
       
   125   echo '<h3>' . htmlspecialchars($nick) . '</h3>';
       
   126   echo '<p>Basenick: ' . htmlspecialchars(basenick($nick)) . '</p>';
       
   127   
       
   128   echo '<h4>IP addresses this user has been seen from</h4>';
       
   129   $nick = mysql_real_escape_string($nick);
       
   130   $basenick = mysql_real_escape_string(basenick($nick));
       
   131   $q = eb_mysql_query("SELECT DISTINCT ip, hostname FROM ip_log WHERE nick = '$nick' OR basenick = '$basenick';");
       
   132   if ( !$q )
       
   133     dbdie();
       
   134   tableize_mysql_result($q);
       
   135   
       
   136   echo '<h4>Channels this user has been seen in</h4>';
       
   137   $q = eb_mysql_query("SELECT DISTINCT nick, channel, time FROM ip_log WHERE nick = '$nick' OR basenick = '$basenick';");
       
   138   if ( !$q )
       
   139     dbdie();
       
   140   tableize_mysql_result($q);
       
   141 }
       
   142 
       
   143 if ( isset($_GET['query_ip']) )
       
   144 {
       
   145   $ip =& $_GET['query_ip'];
       
   146   echo '<h3>' . htmlspecialchars($ip) . '</h3>';
       
   147   $ip = mysql_real_escape_string($ip);
       
   148   
       
   149   echo '<h4>Users seen from this IP address</h4>';
       
   150   $q = eb_mysql_query("SELECT DISTINCT nick, channel, time FROM ip_log WHERE ip = '$ip';");
       
   151   if ( !$q )
       
   152     dbdie();
       
   153   tableize_mysql_result($q);
       
   154 }
       
   155 
       
   156 // FORM
       
   157 ?>
       
   158 <form action="iplogs.php" method="post">
       
   159   <h3>Search database</h3>
       
   160   <p><small>Enter data in one or more fields. You can use an asterisk (*) anywhere to match multiple characters or a question mark (?) to match a single character.</small></p>
       
   161   <table border="0">
       
   162     <tr>
       
   163       <td>Nickname</td>
       
   164       <td><input type="text" name="nick" size="30" /></td>
       
   165     </tr>
       
   166     <tr>
       
   167       <td>IP address</td>
       
   168       <td><input type="text" name="ip" size="30" /></td>
       
   169     </tr>
       
   170     <tr>
       
   171       <td>Hostname</td>
       
   172       <td><input type="text" name="host" size="30" /></td>
       
   173     </tr>
       
   174     <tr>
       
   175       <td>Channel</td>
       
   176       <td><input type="host" name="channel" size="30" value="#" /></td>
       
   177     </tr>
       
   178     <tr>
       
   179       <td colspan="2">
       
   180         <label><input type="checkbox" name="match_whole" /> Exact matches</label>
       
   181       </td>
       
   182     </tr>
       
   183     <tr>
       
   184       <td colspan="2" style="text-align: center;">
       
   185         <input type="submit" name="submit" />
       
   186       </td>
       
   187     </tr>
       
   188   </table>
       
   189 </form>