plugins/SpecialAdmin.php
changeset 20 40105681f495
parent 19 5d003b6c9e89
child 22 d0314575e2f0
equal deleted inserted replaced
19:5d003b6c9e89 20:40105681f495
   105   // Security log
   105   // Security log
   106   echo '<h3>Security log</h3>';
   106   echo '<h3>Security log</h3>';
   107   echo '<div class="tblholder" style="/* max-height: 500px; clip: rect(0px,auto,auto,0px); overflow: auto; */"><table border="0" cellspacing="1" cellpadding="4" width="100%">';
   107   echo '<div class="tblholder" style="/* max-height: 500px; clip: rect(0px,auto,auto,0px); overflow: auto; */"><table border="0" cellspacing="1" cellpadding="4" width="100%">';
   108   $cls = 'row2';                                                                                               
   108   $cls = 'row2';                                                                                               
   109   echo '<tr><th style="width: 60%;">Type</th><th>Date</th><th>Username</th><th>IP Address</th></tr>';
   109   echo '<tr><th style="width: 60%;">Type</th><th>Date</th><th>Username</th><th>IP Address</th></tr>';
   110   if(isset($_GET['fulllog']))
   110   require('config.php');
   111   {
   111   $hash = md5($dbpasswd);
   112     $l = 'SELECT action,date_string,author,edit_summary,time_id,page_text FROM '.table_prefix.'logs WHERE log_type=\'security\' ORDER BY time_id DESC, action ASC;';
   112   unset($dbname, $dbhost, $dbuser, $dbpasswd);
       
   113   unset($dbname, $dbhost, $dbuser, $dbpasswd); // PHP5 Zend bug
       
   114   if ( defined('ENANO_DEMO_MODE') && !isset($_GET[ $hash ]) )
       
   115   {
       
   116     echo '<tr><td class="row1" colspan="4">Logs are recorded but not displayed for privacy purposes in the demo.</td></tr>';
   113   }
   117   }
   114   else
   118   else
   115   {
   119   {
   116     $l = 'SELECT action,date_string,author,edit_summary,time_id,page_text FROM '.table_prefix.'logs WHERE log_type=\'security\' ORDER BY time_id DESC, action ASC LIMIT 5';
   120     if(isset($_GET['fulllog']))
   117   }
   121     {
   118   $q = $db->sql_query($l);
   122       $l = 'SELECT action,date_string,author,edit_summary,time_id,page_text FROM '.table_prefix.'logs WHERE log_type=\'security\' ORDER BY time_id DESC, action ASC;';
   119   while($r = $db->fetchrow())
   123     }
   120   {
   124     else
   121     if($cls == 'row2') $cls = 'row1';
   125     {
   122     else $cls = 'row2';
   126       $l = 'SELECT action,date_string,author,edit_summary,time_id,page_text FROM '.table_prefix.'logs WHERE log_type=\'security\' ORDER BY time_id DESC, action ASC LIMIT 5';
   123     echo '<tr><td class="'.$cls.'">';
   127     }
   124     switch($r['action']) {
   128     $q = $db->sql_query($l);
   125       case "admin_auth_good": echo 'Successful elevated authentication'; if ( !empty($r['page_text']) ) { $level = $session->userlevel_to_string( intval($r['page_text']) ); echo "<br /><small>Authentication level: $level</small>"; } break;
   129     while($r = $db->fetchrow())
   126       case "admin_auth_bad":  echo 'Failed elevated authentication'; if ( !empty($r['page_text']) ) { $level = $session->userlevel_to_string( intval($r['page_text']) ); echo "<br /><small>Attempted auth level: $level</small>"; } break;
   130     {
   127       case "activ_good": echo 'Successful account activation'; break;
   131       if($cls == 'row2') $cls = 'row1';
   128       case "auth_good": echo 'Successful regular user logon'; break;
   132       else $cls = 'row2';
   129       case "activ_bad": echo 'Failed account activation'; break;
   133       echo '<tr><td class="'.$cls.'">';
   130       case "auth_bad": echo 'Failed regular user logon'; break;
   134       switch($r['action']) {
   131       case "sql_inject": echo 'SQL injection attempt<div style="max-width: 90%; clip: rect(0px,auto,auto,0px); overflow: auto; display: block; font-size: smaller;">Offending query: ' . htmlspecialchars($r['page_text']) . '</div>'; break;
   135         case "admin_auth_good": echo 'Successful elevated authentication'; if ( !empty($r['page_text']) ) { $level = $session->userlevel_to_string( intval($r['page_text']) ); echo "<br /><small>Authentication level: $level</small>"; } break;
   132       case "db_backup": echo 'Database backup created<br /><small>Tables: ' . $r['page_text'] . '</small>'; break;
   136         case "admin_auth_bad":  echo 'Failed elevated authentication'; if ( !empty($r['page_text']) ) { $level = $session->userlevel_to_string( intval($r['page_text']) ); echo "<br /><small>Attempted auth level: $level</small>"; } break;
   133       case "install_enano": echo "Installed Enano version {$r['page_text']}"; break;
   137         case "activ_good": echo 'Successful account activation'; break;
   134     }
   138         case "auth_good": echo 'Successful regular user logon'; break;
   135     echo '</td><td class="'.$cls.'">'.date('d M Y h:i a', $r['time_id']).'</td><td class="'.$cls.'">'.$r['author'].'</td><td class="'.$cls.'" style="cursor: pointer;" onclick="ajaxReverseDNS(this);" title="Click for reverse DNS info">'.$r['edit_summary'].'</td></tr>';
   139         case "activ_bad": echo 'Failed account activation'; break;
   136   }
   140         case "auth_bad": echo 'Failed regular user logon'; break;
   137   $db->free_result();
   141         case "sql_inject": echo 'SQL injection attempt<div style="max-width: 90%; clip: rect(0px,auto,auto,0px); overflow: auto; display: block; font-size: smaller;">Offending query: ' . htmlspecialchars($r['page_text']) . '</div>'; break;
       
   142         case "db_backup": echo 'Database backup created<br /><small>Tables: ' . $r['page_text'] . '</small>'; break;
       
   143         case "install_enano": echo "Installed Enano version {$r['page_text']}"; break;
       
   144       }
       
   145       echo '</td><td class="'.$cls.'">'.date('d M Y h:i a', $r['time_id']).'</td><td class="'.$cls.'">'.$r['author'].'</td><td class="'.$cls.'" style="cursor: pointer;" onclick="ajaxReverseDNS(this);" title="Click for reverse DNS info">'.$r['edit_summary'].'</td></tr>';
       
   146     }
       
   147     $db->free_result();
       
   148   }
   138   echo '</table></div>';
   149   echo '</table></div>';
   139   if(!isset($_GET['fulllog'])) echo '<p><a href="#" onclick="ajaxPage(\''.$paths->nslist['Admin'].'Home&amp;fulllog\'); return false;">Full security log</a></p>';
   150   if(!isset($_GET['fulllog'])) echo '<p><a href="#" onclick="ajaxPage(\''.$paths->nslist['Admin'].'Home&amp;fulllog\'); return false;">Full security log</a></p>';
   140   
   151   
   141 }
   152 }
   142 
   153