plugins/admin/SecurityLog.php
author Dan
Sun, 04 May 2008 21:57:48 -0400
changeset 541 acb7e23b6ffa
parent 536 218a627eb53e
child 659 16b5b89c8055
permissions -rw-r--r--
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
109
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
     1
<?php
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
     2
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
     3
/*
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
     4
 * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
536
218a627eb53e Rebrand as 1.1.4 (Caoineag alpha 4)
Dan
parents: 529
diff changeset
     5
 * Version 1.1.4 (Caoineag alpha 4)
218a627eb53e Rebrand as 1.1.4 (Caoineag alpha 4)
Dan
parents: 529
diff changeset
     6
 * Copyright (C) 2006-2008 Dan Fuhry
109
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
     7
 *
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
     8
 * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
     9
 * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    10
 *
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    11
 * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    12
 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    13
 */
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    14
 
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    15
function page_Admin_SecurityLog()
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    16
{
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    17
  global $db, $session, $paths, $template, $plugins; // Common objects
358
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
    18
  global $lang;
109
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    19
  if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    20
  {
358
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
    21
    $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true);
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
    22
    echo '<h3>' . $lang->get('adm_err_not_auth_title') . '</h3>';
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
    23
    echo '<p>' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '</p>';
109
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    24
    return;
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    25
  }
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    26
  
140
40f7fa5fd061 Revamped the administrator's user CP, big time. The admin module now uses a smart form and enables all profile fields, including users_extra, to be changed. Passwords are encrypted when sent. The whole CP has been split off into a different file to accomodate the large amount of code.
Dan
parents: 128
diff changeset
    27
  // if ( defined('ENANO_DEMO_MODE') && substr($_SERVER['REMOTE_ADDR'], 0, 8) != '192.168.' )
40f7fa5fd061 Revamped the administrator's user CP, big time. The admin module now uses a smart form and enables all profile fields, including users_extra, to be changed. Passwords are encrypted when sent. The whole CP has been split off into a different file to accomodate the large amount of code.
Dan
parents: 128
diff changeset
    28
  // {
40f7fa5fd061 Revamped the administrator's user CP, big time. The admin module now uses a smart form and enables all profile fields, including users_extra, to be changed. Passwords are encrypted when sent. The whole CP has been split off into a different file to accomodate the large amount of code.
Dan
parents: 128
diff changeset
    29
  //   die('Security log is disabled in demo mode.');
40f7fa5fd061 Revamped the administrator's user CP, big time. The admin module now uses a smart form and enables all profile fields, including users_extra, to be changed. Passwords are encrypted when sent. The whole CP has been split off into a different file to accomodate the large amount of code.
Dan
parents: 128
diff changeset
    30
  // }
109
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    31
  
358
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
    32
  echo '<h3>' . $lang->get('acpsl_heading_main') . '</h3>';
109
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    33
  
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    34
  // Not calling the real fetcher because we have to paginate the results
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    35
  $offset = ( isset($_GET['offset']) ) ? intval($_GET['offset']) : 0;
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    36
  $q = $db->sql_query('SELECT COUNT(time_id) as num FROM '.table_prefix.'logs WHERE log_type=\'security\' ORDER BY time_id DESC, action ASC;');
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    37
  if ( !$q )
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    38
    $db->_die();
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    39
  $row = $db->fetchrow();
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    40
  $db->free_result();
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    41
  $count = intval($row['num']);
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    42
  $q = $db->sql_unbuffered_query('SELECT action,date_string,author,edit_summary,time_id,page_text FROM '.table_prefix.'logs WHERE log_type=\'security\' ORDER BY time_id DESC, action ASC;');
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    43
  if ( !$q )
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    44
    $db->_die();
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    45
   
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    46
  $html = paginate(
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    47
      $q,
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    48
      '{time_id}',
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    49
      $count,
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    50
      makeUrlNS('Special', 'Administration', 'module=' . $paths->nslist['Admin'] . 'SecurityLog&offset=%s'),
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    51
      $offset,
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    52
      50,
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    53
      array('time_id' => 'seclog_format_inner'),
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    54
      '<div class="tblholder" style="/* max-height: 500px; clip: rect(0px,auto,auto,0px); overflow: auto; */"><table border="0" cellspacing="1" cellpadding="4" width="100%">
358
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
    55
       <tr>
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
    56
         <th style="width: 60%;">' . $lang->get('acpsl_col_type') . '</th>
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
    57
         <th>' . $lang->get('acpsl_col_date') . '</th>
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
    58
         <th>' . $lang->get('acpsl_col_username') . '</th>
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
    59
         <th>' . $lang->get('acpsl_col_ip') . '</th>
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
    60
       </tr>',
109
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    61
      '</table></div>'
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    62
    );
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    63
  
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    64
  echo $html;
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    65
  
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    66
}
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    67
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    68
function get_security_log($num = false)
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    69
{
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    70
  global $db, $session, $paths, $template, $plugins; // Common objects
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    71
  if ( $session->auth_level < USER_LEVEL_ADMIN )
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    72
  {
320
112debff64bd SURPRISE! Preliminary PostgreSQL support added. The required schema file is not present in this commit and will be included at a later date. No installer support is implemented. Also in this commit: several fixes including <!-- SYSMSG ... --> was broken in template compiler; set fixed width on included images to prevent the thumbnail box from getting huge; added a much more friendly interface to AJAX responses that are invalid JSON
Dan
parents: 166
diff changeset
    73
    $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author) VALUES(\'security\',\'seclog_unauth\',' . time() . ',"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '");');
109
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    74
    if ( !$q )
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    75
      $db->_die();
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    76
    die('Security log: unauthorized attempt to fetch. Call has been logged and reported to the administrators.');
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    77
  }
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    78
  
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    79
  $return = '<div class="tblholder" style="/* max-height: 500px; clip: rect(0px,auto,auto,0px); overflow: auto; */"><table border="0" cellspacing="1" cellpadding="4" width="100%">';
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    80
  $cls = 'row2';                                                                                               
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    81
  $return .= '<tr><th style="width: 60%;">Type</th><th>Date</th><th>Username</th><th>IP Address</th></tr>';
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    82
  $hash = sha1(microtime());
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    83
  if ( defined('ENANO_DEMO_MODE') )
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    84
  {
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    85
    require('config.php');
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    86
    $hash = md5($dbpasswd);
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    87
    unset($dbname, $dbhost, $dbuser, $dbpasswd);
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    88
    unset($dbname, $dbhost, $dbuser, $dbpasswd); // PHP5 Zend bug
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    89
  }
140
40f7fa5fd061 Revamped the administrator's user CP, big time. The admin module now uses a smart form and enables all profile fields, including users_extra, to be changed. Passwords are encrypted when sent. The whole CP has been split off into a different file to accomodate the large amount of code.
Dan
parents: 128
diff changeset
    90
  // if ( defined('ENANO_DEMO_MODE') && !isset($_GET[ $hash ]) && substr($_SERVER['REMOTE_ADDR'], 0, 8) != '192.168.' )
40f7fa5fd061 Revamped the administrator's user CP, big time. The admin module now uses a smart form and enables all profile fields, including users_extra, to be changed. Passwords are encrypted when sent. The whole CP has been split off into a different file to accomodate the large amount of code.
Dan
parents: 128
diff changeset
    91
  // {
40f7fa5fd061 Revamped the administrator's user CP, big time. The admin module now uses a smart form and enables all profile fields, including users_extra, to be changed. Passwords are encrypted when sent. The whole CP has been split off into a different file to accomodate the large amount of code.
Dan
parents: 128
diff changeset
    92
  //   $return .= '<tr><td class="row1" colspan="4">Logs are recorded but not displayed for privacy purposes in the demo.</td></tr>';
40f7fa5fd061 Revamped the administrator's user CP, big time. The admin module now uses a smart form and enables all profile fields, including users_extra, to be changed. Passwords are encrypted when sent. The whole CP has been split off into a different file to accomodate the large amount of code.
Dan
parents: 128
diff changeset
    93
  // }
40f7fa5fd061 Revamped the administrator's user CP, big time. The admin module now uses a smart form and enables all profile fields, including users_extra, to be changed. Passwords are encrypted when sent. The whole CP has been split off into a different file to accomodate the large amount of code.
Dan
parents: 128
diff changeset
    94
  // else
40f7fa5fd061 Revamped the administrator's user CP, big time. The admin module now uses a smart form and enables all profile fields, including users_extra, to be changed. Passwords are encrypted when sent. The whole CP has been split off into a different file to accomodate the large amount of code.
Dan
parents: 128
diff changeset
    95
  // {
109
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    96
    if(is_int($num))
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    97
    {
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    98
      $l = 'SELECT action,date_string,author,edit_summary,time_id,page_text FROM '.table_prefix.'logs WHERE log_type=\'security\' ORDER BY time_id DESC, action ASC LIMIT '.$num.';';
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    99
    }
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   100
    else
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   101
    {
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   102
      $l = 'SELECT action,date_string,author,edit_summary,time_id,page_text FROM '.table_prefix.'logs WHERE log_type=\'security\' ORDER BY time_id DESC, action ASC;';
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   103
    }
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   104
    $q = $db->sql_query($l);
413
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 411
diff changeset
   105
    while($r = $db->fetchrow($q))
109
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   106
    {
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   107
      $return .= seclog_format_inner($r);
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   108
    }
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   109
    $db->free_result();
140
40f7fa5fd061 Revamped the administrator's user CP, big time. The admin module now uses a smart form and enables all profile fields, including users_extra, to be changed. Passwords are encrypted when sent. The whole CP has been split off into a different file to accomodate the large amount of code.
Dan
parents: 128
diff changeset
   110
  // }
109
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   111
  $return .= '</table></div>';
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   112
  
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   113
  return $return;
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   114
}
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   115
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   116
function seclog_format_inner($r, $f = false)
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   117
{
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   118
  if ( is_array($f) )
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   119
  {
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   120
    unset($r);
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   121
    $r =& $f;
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   122
  }
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   123
  global $db, $session, $paths, $template, $plugins; // Common objects
358
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
   124
  global $lang;
109
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   125
  $return = '';
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   126
  static $cls = 'row2';
140
40f7fa5fd061 Revamped the administrator's user CP, big time. The admin module now uses a smart form and enables all profile fields, including users_extra, to be changed. Passwords are encrypted when sent. The whole CP has been split off into a different file to accomodate the large amount of code.
Dan
parents: 128
diff changeset
   127
  if ( substr($_SERVER['REMOTE_ADDR'], 0, 8) != '192.168.' && defined('ENANO_DEMO_MODE') )
40f7fa5fd061 Revamped the administrator's user CP, big time. The admin module now uses a smart form and enables all profile fields, including users_extra, to be changed. Passwords are encrypted when sent. The whole CP has been split off into a different file to accomodate the large amount of code.
Dan
parents: 128
diff changeset
   128
  {
40f7fa5fd061 Revamped the administrator's user CP, big time. The admin module now uses a smart form and enables all profile fields, including users_extra, to be changed. Passwords are encrypted when sent. The whole CP has been split off into a different file to accomodate the large amount of code.
Dan
parents: 128
diff changeset
   129
    $r['edit_summary'] = preg_replace('/([0-9])/', 'x', $r['edit_summary']);
40f7fa5fd061 Revamped the administrator's user CP, big time. The admin module now uses a smart form and enables all profile fields, including users_extra, to be changed. Passwords are encrypted when sent. The whole CP has been split off into a different file to accomodate the large amount of code.
Dan
parents: 128
diff changeset
   130
  }
109
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   131
  if ( $r['action'] == 'illegal_page' )
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   132
  {
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   133
    list($illegal_id, $illegal_ns) = unserialize($r['page_text']);
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   134
    $url = makeUrlNS($illegal_ns, $illegal_id, false, true);
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   135
    $title = get_page_title_ns($illegal_id, $illegal_ns);
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   136
    $class = ( isPage($paths->nslist[$illegal_ns] . $illegal_id) ) ? '' : ' class="wikilink-nonexistent"';
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   137
    $illegal_link = '<a href="' . $url . '"' . $class . ' onclick="window.open(this.href); return false;">' . $title . '</a>';
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   138
  }
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   139
  else if ( $r['action'] == 'plugin_enable' || $r['action'] == 'plugin_disable' )
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   140
  {
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   141
    $row['page_text'] = htmlspecialchars($row['page_text']);
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   142
  }
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   143
  $cls = ( $cls == 'row2' ) ? 'row1' : 'row2';
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   144
  $return .= '<tr><td class="'.$cls.'">';
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   145
  switch($r['action'])
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   146
  {
358
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
   147
    case "admin_auth_good" : $return .= $lang->get('acpsl_entry_admin_auth_good'  , array('level' => $session->userlevel_to_string( intval($r['page_text']) ))); break;
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
   148
    case "admin_auth_bad"  : $return .= $lang->get('acpsl_entry_admin_auth_bad'   , array('level' => $session->userlevel_to_string( intval($r['page_text']) ))); break;
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
   149
    case "activ_good"      : $return .= $lang->get('acpsl_entry_activ_good')      ; break;
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
   150
    case "auth_good"       : $return .= $lang->get('acpsl_entry_auth_good')       ; break;
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
   151
    case "activ_bad"       : $return .= $lang->get('acpsl_entry_activ_bad')       ; break;
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
   152
    case "auth_bad"        : $return .= $lang->get('acpsl_entry_auth_bad')        ; break;
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
   153
    case "sql_inject"      : $return .= $lang->get('acpsl_entry_sql_inject'       , array('query' => htmlspecialchars($r['page_text']))); break;
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
   154
    case "db_backup"       : $return .= $lang->get('acpsl_entry_db_backup'        , array('tables' => $r['page_text']))       ; break;
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
   155
    case "install_enano"   : $return .= $lang->get('acpsl_entry_install_enano'    , array('version' => $r['page_text'])); break; // version is in $r['page_text']
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
   156
    case "upgrade_enano"   : $return .= $lang->get('acpsl_entry_upgrade_enano'    , array('version' => $r['page_text'])); break; // version is in $r['page_text']
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
   157
    case "illegal_page"    : $return .= $lang->get('acpsl_entry_illegal_page'     , array('illegal_link' => $illegal_link))    ; break;
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
   158
    case "upload_enable"   : $return .= $lang->get('acpsl_entry_upload_enable')   ; break;
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
   159
    case "upload_disable"  : $return .= $lang->get('acpsl_entry_upload_disable')  ; break;
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
   160
    case "magick_enable"   : $return .= $lang->get('acpsl_entry_magick_enable')   ; break;
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
   161
    case "magick_disable"  : $return .= $lang->get('acpsl_entry_magick_disable')  ; break;
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
   162
    case "filehist_enable" : $return .= $lang->get('acpsl_entry_filehist_enable') ; break;
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
   163
    case "filehist_disable": $return .= $lang->get('acpsl_entry_filehist_disable'); break;
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
   164
    case "magick_path"     : $return .= $lang->get('acpsl_entry_magick_path')     ; break;
359
e0787bb6285b Implemented IP logging for comments and registration
Dan
parents: 358
diff changeset
   165
    case "plugin_disable"  : $return .= $lang->get('acpsl_entry_plugin_disable'   , array('plugin' => $r['page_text'])); break;
e0787bb6285b Implemented IP logging for comments and registration
Dan
parents: 358
diff changeset
   166
    case "plugin_enable"   : $return .= $lang->get('acpsl_entry_plugin_enable'    , array('plugin' => $r['page_text'])); break;
529
7803c9db3506 Implemented security logging for plugin management
Dan
parents: 504
diff changeset
   167
    case "plugin_install"  : $return .= $lang->get('acpsl_entry_plugin_install'   , array('plugin' => $r['page_text'])); break;
7803c9db3506 Implemented security logging for plugin management
Dan
parents: 504
diff changeset
   168
    case "plugin_uninstall": $return .= $lang->get('acpsl_entry_plugin_uninstall' , array('plugin' => $r['page_text'])); break;
7803c9db3506 Implemented security logging for plugin management
Dan
parents: 504
diff changeset
   169
    case "plugin_upgrade"  : $return .= $lang->get('acpsl_entry_plugin_upgrade'   , array('plugin' => $r['page_text'])); break;
358
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
   170
    case "seclog_unauth"   : $return .= $lang->get('acpsl_entry_seclog_unauth')   ; break;
359
e0787bb6285b Implemented IP logging for comments and registration
Dan
parents: 358
diff changeset
   171
    case "u_from_admin"    : $return .= $lang->get('acpsl_entry_u_from_admin'     , array('username' => $r['page_text'])); break;
e0787bb6285b Implemented IP logging for comments and registration
Dan
parents: 358
diff changeset
   172
    case "u_from_mod"      : $return .= $lang->get('acpsl_entry_u_from_mod'       , array('username' => $r['page_text'])); break;
e0787bb6285b Implemented IP logging for comments and registration
Dan
parents: 358
diff changeset
   173
    case "u_to_admin"      : $return .= $lang->get('acpsl_entry_u_to_admin'       , array('username' => $r['page_text'])); break;
e0787bb6285b Implemented IP logging for comments and registration
Dan
parents: 358
diff changeset
   174
    case "u_to_mod"        : $return .= $lang->get('acpsl_entry_u_to_mod'         , array('username' => $r['page_text'])); break;
e0787bb6285b Implemented IP logging for comments and registration
Dan
parents: 358
diff changeset
   175
    case "view_comment_ip" : $return .= $lang->get('acpsl_entry_view_comment_ip'  , array('username' => htmlspecialchars($r['page_text']))); break;
109
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   176
  }
358
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
   177
  $return .= '</td><td class="'.$cls.'">'.enano_date('d M Y h:i a', $r['time_id']).'</td><td class="'.$cls.'">'.$r['author'].'</td><td class="'.$cls.'" style="cursor: pointer;" onclick="ajaxReverseDNS(this);" title="' . $lang->get('acpsl_tip_reverse_dns') . '">'.$r['edit_summary'].'</td></tr>';
109
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   178
  return $return;
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   179
}
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   180
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   181
?>