author | Dan |
Sun, 28 Mar 2010 21:49:26 -0400 | |
changeset 1226 | de56132c008d |
parent 1175 | 1e2c9819ede3 |
child 1227 | bdac73ed481e |
permissions | -rw-r--r-- |
109
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
1 |
<?php |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
2 |
|
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
3 |
/* |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
4 |
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between |
1081
745200a9cc2a
Fixed some upgrade bugs; added support for choosing one's own date/time formats; rebrand as 1.1.7
Dan
parents:
1013
diff
changeset
|
5 |
* Copyright (C) 2006-2009 Dan Fuhry |
109
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
6 |
* |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
7 |
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
8 |
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
9 |
* |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
10 |
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
11 |
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details. |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
12 |
*/ |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
13 |
|
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
14 |
function page_Admin_SecurityLog() |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
15 |
{ |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
16 |
global $db, $session, $paths, $template, $plugins; // Common objects |
358
b25d34fbc7ab
Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents:
345
diff
changeset
|
17 |
global $lang; |
109
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
18 |
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN ) |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
19 |
{ |
358
b25d34fbc7ab
Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents:
345
diff
changeset
|
20 |
$login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true); |
b25d34fbc7ab
Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents:
345
diff
changeset
|
21 |
echo '<h3>' . $lang->get('adm_err_not_auth_title') . '</h3>'; |
b25d34fbc7ab
Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents:
345
diff
changeset
|
22 |
echo '<p>' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '</p>'; |
109
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
23 |
return; |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
24 |
} |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
25 |
|
140
40f7fa5fd061
Revamped the administrator's user CP, big time. The admin module now uses a smart form and enables all profile fields, including users_extra, to be changed. Passwords are encrypted when sent. The whole CP has been split off into a different file to accomodate the large amount of code.
Dan
parents:
128
diff
changeset
|
26 |
// if ( defined('ENANO_DEMO_MODE') && substr($_SERVER['REMOTE_ADDR'], 0, 8) != '192.168.' ) |
40f7fa5fd061
Revamped the administrator's user CP, big time. The admin module now uses a smart form and enables all profile fields, including users_extra, to be changed. Passwords are encrypted when sent. The whole CP has been split off into a different file to accomodate the large amount of code.
Dan
parents:
128
diff
changeset
|
27 |
// { |
40f7fa5fd061
Revamped the administrator's user CP, big time. The admin module now uses a smart form and enables all profile fields, including users_extra, to be changed. Passwords are encrypted when sent. The whole CP has been split off into a different file to accomodate the large amount of code.
Dan
parents:
128
diff
changeset
|
28 |
// die('Security log is disabled in demo mode.'); |
40f7fa5fd061
Revamped the administrator's user CP, big time. The admin module now uses a smart form and enables all profile fields, including users_extra, to be changed. Passwords are encrypted when sent. The whole CP has been split off into a different file to accomodate the large amount of code.
Dan
parents:
128
diff
changeset
|
29 |
// } |
109
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
30 |
|
358
b25d34fbc7ab
Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents:
345
diff
changeset
|
31 |
echo '<h3>' . $lang->get('acpsl_heading_main') . '</h3>'; |
109
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
32 |
|
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
33 |
// Not calling the real fetcher because we have to paginate the results |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
34 |
$offset = ( isset($_GET['offset']) ) ? intval($_GET['offset']) : 0; |
1146 | 35 |
$q = $db->sql_query('SELECT COUNT(time_id) as num FROM '.table_prefix.'logs WHERE log_type=\'security\' GROUP BY log_id, time_id, log_type, action ORDER BY time_id DESC, action ASC;'); |
109
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
36 |
if ( !$q ) |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
37 |
$db->_die(); |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
38 |
$row = $db->fetchrow(); |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
39 |
$db->free_result(); |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
40 |
$count = intval($row['num']); |
1175
1e2c9819ede3
Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
parents:
1146
diff
changeset
|
41 |
|
1e2c9819ede3
Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
parents:
1146
diff
changeset
|
42 |
$l = 'SELECT action,date_string,author,author_uid,u.username,edit_summary,time_id,page_text FROM '.table_prefix."logs AS l\n" |
1e2c9819ede3
Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
parents:
1146
diff
changeset
|
43 |
. " LEFT JOIN " . table_prefix . "users AS u\n" |
1e2c9819ede3
Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
parents:
1146
diff
changeset
|
44 |
. " ON ( u.user_id = l.author_uid OR u.user_id IS NULL )\n" |
1e2c9819ede3
Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
parents:
1146
diff
changeset
|
45 |
. " WHERE log_type='security'\n" |
1e2c9819ede3
Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
parents:
1146
diff
changeset
|
46 |
. " ORDER BY time_id DESC, action ASC;"; |
1e2c9819ede3
Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
parents:
1146
diff
changeset
|
47 |
|
1e2c9819ede3
Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
parents:
1146
diff
changeset
|
48 |
$q = $db->sql_query($l); |
109
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
49 |
if ( !$q ) |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
50 |
$db->_die(); |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
51 |
|
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
52 |
$html = paginate( |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
53 |
$q, |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
54 |
'{time_id}', |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
55 |
$count, |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
56 |
makeUrlNS('Special', 'Administration', 'module=' . $paths->nslist['Admin'] . 'SecurityLog&offset=%s'), |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
57 |
$offset, |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
58 |
50, |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
59 |
array('time_id' => 'seclog_format_inner'), |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
60 |
'<div class="tblholder" style="/* max-height: 500px; clip: rect(0px,auto,auto,0px); overflow: auto; */"><table border="0" cellspacing="1" cellpadding="4" width="100%"> |
358
b25d34fbc7ab
Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents:
345
diff
changeset
|
61 |
<tr> |
b25d34fbc7ab
Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents:
345
diff
changeset
|
62 |
<th style="width: 60%;">' . $lang->get('acpsl_col_type') . '</th> |
b25d34fbc7ab
Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents:
345
diff
changeset
|
63 |
<th>' . $lang->get('acpsl_col_date') . '</th> |
b25d34fbc7ab
Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents:
345
diff
changeset
|
64 |
<th>' . $lang->get('acpsl_col_username') . '</th> |
b25d34fbc7ab
Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents:
345
diff
changeset
|
65 |
<th>' . $lang->get('acpsl_col_ip') . '</th> |
b25d34fbc7ab
Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents:
345
diff
changeset
|
66 |
</tr>', |
109
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
67 |
'</table></div>' |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
68 |
); |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
69 |
|
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
70 |
echo $html; |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
71 |
|
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
72 |
} |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
73 |
|
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
74 |
function get_security_log($num = false) |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
75 |
{ |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
76 |
global $db, $session, $paths, $template, $plugins; // Common objects |
659 | 77 |
global $lang; |
78 |
||
109
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
79 |
if ( $session->auth_level < USER_LEVEL_ADMIN ) |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
80 |
{ |
1175
1e2c9819ede3
Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
parents:
1146
diff
changeset
|
81 |
$q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,author_uid) VALUES(\'security\',\'seclog_unauth\',' . time() . ', \'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\', \'' . $db->escape($session->username) . '\', ' . $session->user_id . ');'); |
109
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
82 |
if ( !$q ) |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
83 |
$db->_die(); |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
84 |
die('Security log: unauthorized attempt to fetch. Call has been logged and reported to the administrators.'); |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
85 |
} |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
86 |
|
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
87 |
$return = '<div class="tblholder" style="/* max-height: 500px; clip: rect(0px,auto,auto,0px); overflow: auto; */"><table border="0" cellspacing="1" cellpadding="4" width="100%">'; |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
88 |
$cls = 'row2'; |
659 | 89 |
$return .= '<tr><th style="width: 60%;">' . $lang->get('acpsl_col_type') . '</th><th>' . $lang->get('acpsl_col_date') . '</th><th>' . $lang->get('acpsl_col_username') . '</th><th>' . $lang->get('acpsl_col_ip') . '</th></tr>'; |
109
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
90 |
$hash = sha1(microtime()); |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
91 |
if ( defined('ENANO_DEMO_MODE') ) |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
92 |
{ |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
93 |
require('config.php'); |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
94 |
$hash = md5($dbpasswd); |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
95 |
unset($dbname, $dbhost, $dbuser, $dbpasswd); |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
96 |
unset($dbname, $dbhost, $dbuser, $dbpasswd); // PHP5 Zend bug |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
97 |
} |
140
40f7fa5fd061
Revamped the administrator's user CP, big time. The admin module now uses a smart form and enables all profile fields, including users_extra, to be changed. Passwords are encrypted when sent. The whole CP has been split off into a different file to accomodate the large amount of code.
Dan
parents:
128
diff
changeset
|
98 |
// if ( defined('ENANO_DEMO_MODE') && !isset($_GET[ $hash ]) && substr($_SERVER['REMOTE_ADDR'], 0, 8) != '192.168.' ) |
40f7fa5fd061
Revamped the administrator's user CP, big time. The admin module now uses a smart form and enables all profile fields, including users_extra, to be changed. Passwords are encrypted when sent. The whole CP has been split off into a different file to accomodate the large amount of code.
Dan
parents:
128
diff
changeset
|
99 |
// { |
40f7fa5fd061
Revamped the administrator's user CP, big time. The admin module now uses a smart form and enables all profile fields, including users_extra, to be changed. Passwords are encrypted when sent. The whole CP has been split off into a different file to accomodate the large amount of code.
Dan
parents:
128
diff
changeset
|
100 |
// $return .= '<tr><td class="row1" colspan="4">Logs are recorded but not displayed for privacy purposes in the demo.</td></tr>'; |
40f7fa5fd061
Revamped the administrator's user CP, big time. The admin module now uses a smart form and enables all profile fields, including users_extra, to be changed. Passwords are encrypted when sent. The whole CP has been split off into a different file to accomodate the large amount of code.
Dan
parents:
128
diff
changeset
|
101 |
// } |
40f7fa5fd061
Revamped the administrator's user CP, big time. The admin module now uses a smart form and enables all profile fields, including users_extra, to be changed. Passwords are encrypted when sent. The whole CP has been split off into a different file to accomodate the large amount of code.
Dan
parents:
128
diff
changeset
|
102 |
// else |
40f7fa5fd061
Revamped the administrator's user CP, big time. The admin module now uses a smart form and enables all profile fields, including users_extra, to be changed. Passwords are encrypted when sent. The whole CP has been split off into a different file to accomodate the large amount of code.
Dan
parents:
128
diff
changeset
|
103 |
// { |
1175
1e2c9819ede3
Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
parents:
1146
diff
changeset
|
104 |
$limit_clause = is_int($num) ? " LIMIT $num" : ''; |
1e2c9819ede3
Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
parents:
1146
diff
changeset
|
105 |
$l = 'SELECT action,date_string,author,author_uid,u.username,edit_summary,time_id,page_text FROM '.table_prefix."logs AS l\n" |
1e2c9819ede3
Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
parents:
1146
diff
changeset
|
106 |
. " LEFT JOIN " . table_prefix . "users AS u\n" |
1e2c9819ede3
Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
parents:
1146
diff
changeset
|
107 |
. " ON ( u.user_id = l.author_uid OR u.user_id IS NULL )\n" |
1e2c9819ede3
Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
parents:
1146
diff
changeset
|
108 |
. " WHERE log_type='security'\n" |
1e2c9819ede3
Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
parents:
1146
diff
changeset
|
109 |
. " ORDER BY time_id DESC, action ASC{$limit_clause};"; |
1e2c9819ede3
Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
parents:
1146
diff
changeset
|
110 |
|
109
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
111 |
$q = $db->sql_query($l); |
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents:
411
diff
changeset
|
112 |
while($r = $db->fetchrow($q)) |
109
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
113 |
{ |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
114 |
$return .= seclog_format_inner($r); |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
115 |
} |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
116 |
$db->free_result(); |
140
40f7fa5fd061
Revamped the administrator's user CP, big time. The admin module now uses a smart form and enables all profile fields, including users_extra, to be changed. Passwords are encrypted when sent. The whole CP has been split off into a different file to accomodate the large amount of code.
Dan
parents:
128
diff
changeset
|
117 |
// } |
109
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
118 |
$return .= '</table></div>'; |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
119 |
|
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
120 |
return $return; |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
121 |
} |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
122 |
|
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
123 |
function seclog_format_inner($r, $f = false) |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
124 |
{ |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
125 |
if ( is_array($f) ) |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
126 |
{ |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
127 |
unset($r); |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
128 |
$r =& $f; |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
129 |
} |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
130 |
global $db, $session, $paths, $template, $plugins; // Common objects |
358
b25d34fbc7ab
Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents:
345
diff
changeset
|
131 |
global $lang; |
109
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
132 |
$return = ''; |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
133 |
static $cls = 'row2'; |
140
40f7fa5fd061
Revamped the administrator's user CP, big time. The admin module now uses a smart form and enables all profile fields, including users_extra, to be changed. Passwords are encrypted when sent. The whole CP has been split off into a different file to accomodate the large amount of code.
Dan
parents:
128
diff
changeset
|
134 |
if ( substr($_SERVER['REMOTE_ADDR'], 0, 8) != '192.168.' && defined('ENANO_DEMO_MODE') ) |
40f7fa5fd061
Revamped the administrator's user CP, big time. The admin module now uses a smart form and enables all profile fields, including users_extra, to be changed. Passwords are encrypted when sent. The whole CP has been split off into a different file to accomodate the large amount of code.
Dan
parents:
128
diff
changeset
|
135 |
{ |
40f7fa5fd061
Revamped the administrator's user CP, big time. The admin module now uses a smart form and enables all profile fields, including users_extra, to be changed. Passwords are encrypted when sent. The whole CP has been split off into a different file to accomodate the large amount of code.
Dan
parents:
128
diff
changeset
|
136 |
$r['edit_summary'] = preg_replace('/([0-9])/', 'x', $r['edit_summary']); |
40f7fa5fd061
Revamped the administrator's user CP, big time. The admin module now uses a smart form and enables all profile fields, including users_extra, to be changed. Passwords are encrypted when sent. The whole CP has been split off into a different file to accomodate the large amount of code.
Dan
parents:
128
diff
changeset
|
137 |
} |
109
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
138 |
if ( $r['action'] == 'illegal_page' ) |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
139 |
{ |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
140 |
list($illegal_id, $illegal_ns) = unserialize($r['page_text']); |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
141 |
$url = makeUrlNS($illegal_ns, $illegal_id, false, true); |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
142 |
$title = get_page_title_ns($illegal_id, $illegal_ns); |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
143 |
$class = ( isPage($paths->nslist[$illegal_ns] . $illegal_id) ) ? '' : ' class="wikilink-nonexistent"'; |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
144 |
$illegal_link = '<a href="' . $url . '"' . $class . ' onclick="window.open(this.href); return false;">' . $title . '</a>'; |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
145 |
} |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
146 |
else if ( $r['action'] == 'plugin_enable' || $r['action'] == 'plugin_disable' ) |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
147 |
{ |
950
36289dcb5c8a
Security log: fixed typo in plugin enable/disable display
Dan
parents:
801
diff
changeset
|
148 |
$r['page_text'] = htmlspecialchars($r['page_text']); |
109
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
149 |
} |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
150 |
$cls = ( $cls == 'row2' ) ? 'row1' : 'row2'; |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
151 |
$return .= '<tr><td class="'.$cls.'">'; |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
152 |
switch($r['action']) |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
153 |
{ |
358
b25d34fbc7ab
Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents:
345
diff
changeset
|
154 |
case "admin_auth_good" : $return .= $lang->get('acpsl_entry_admin_auth_good' , array('level' => $session->userlevel_to_string( intval($r['page_text']) ))); break; |
b25d34fbc7ab
Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents:
345
diff
changeset
|
155 |
case "admin_auth_bad" : $return .= $lang->get('acpsl_entry_admin_auth_bad' , array('level' => $session->userlevel_to_string( intval($r['page_text']) ))); break; |
b25d34fbc7ab
Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents:
345
diff
changeset
|
156 |
case "activ_good" : $return .= $lang->get('acpsl_entry_activ_good') ; break; |
b25d34fbc7ab
Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents:
345
diff
changeset
|
157 |
case "auth_good" : $return .= $lang->get('acpsl_entry_auth_good') ; break; |
b25d34fbc7ab
Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents:
345
diff
changeset
|
158 |
case "activ_bad" : $return .= $lang->get('acpsl_entry_activ_bad') ; break; |
b25d34fbc7ab
Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents:
345
diff
changeset
|
159 |
case "auth_bad" : $return .= $lang->get('acpsl_entry_auth_bad') ; break; |
b25d34fbc7ab
Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents:
345
diff
changeset
|
160 |
case "sql_inject" : $return .= $lang->get('acpsl_entry_sql_inject' , array('query' => htmlspecialchars($r['page_text']))); break; |
b25d34fbc7ab
Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents:
345
diff
changeset
|
161 |
case "db_backup" : $return .= $lang->get('acpsl_entry_db_backup' , array('tables' => $r['page_text'])) ; break; |
b25d34fbc7ab
Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents:
345
diff
changeset
|
162 |
case "install_enano" : $return .= $lang->get('acpsl_entry_install_enano' , array('version' => $r['page_text'])); break; // version is in $r['page_text'] |
b25d34fbc7ab
Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents:
345
diff
changeset
|
163 |
case "upgrade_enano" : $return .= $lang->get('acpsl_entry_upgrade_enano' , array('version' => $r['page_text'])); break; // version is in $r['page_text'] |
b25d34fbc7ab
Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents:
345
diff
changeset
|
164 |
case "illegal_page" : $return .= $lang->get('acpsl_entry_illegal_page' , array('illegal_link' => $illegal_link)) ; break; |
b25d34fbc7ab
Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents:
345
diff
changeset
|
165 |
case "upload_enable" : $return .= $lang->get('acpsl_entry_upload_enable') ; break; |
b25d34fbc7ab
Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents:
345
diff
changeset
|
166 |
case "upload_disable" : $return .= $lang->get('acpsl_entry_upload_disable') ; break; |
b25d34fbc7ab
Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents:
345
diff
changeset
|
167 |
case "magick_enable" : $return .= $lang->get('acpsl_entry_magick_enable') ; break; |
b25d34fbc7ab
Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents:
345
diff
changeset
|
168 |
case "magick_disable" : $return .= $lang->get('acpsl_entry_magick_disable') ; break; |
b25d34fbc7ab
Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents:
345
diff
changeset
|
169 |
case "filehist_enable" : $return .= $lang->get('acpsl_entry_filehist_enable') ; break; |
b25d34fbc7ab
Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents:
345
diff
changeset
|
170 |
case "filehist_disable": $return .= $lang->get('acpsl_entry_filehist_disable'); break; |
b25d34fbc7ab
Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents:
345
diff
changeset
|
171 |
case "magick_path" : $return .= $lang->get('acpsl_entry_magick_path') ; break; |
359 | 172 |
case "plugin_disable" : $return .= $lang->get('acpsl_entry_plugin_disable' , array('plugin' => $r['page_text'])); break; |
173 |
case "plugin_enable" : $return .= $lang->get('acpsl_entry_plugin_enable' , array('plugin' => $r['page_text'])); break; |
|
529 | 174 |
case "plugin_install" : $return .= $lang->get('acpsl_entry_plugin_install' , array('plugin' => $r['page_text'])); break; |
175 |
case "plugin_uninstall": $return .= $lang->get('acpsl_entry_plugin_uninstall' , array('plugin' => $r['page_text'])); break; |
|
176 |
case "plugin_upgrade" : $return .= $lang->get('acpsl_entry_plugin_upgrade' , array('plugin' => $r['page_text'])); break; |
|
358
b25d34fbc7ab
Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents:
345
diff
changeset
|
177 |
case "seclog_unauth" : $return .= $lang->get('acpsl_entry_seclog_unauth') ; break; |
359 | 178 |
case "u_from_admin" : $return .= $lang->get('acpsl_entry_u_from_admin' , array('username' => $r['page_text'])); break; |
179 |
case "u_from_mod" : $return .= $lang->get('acpsl_entry_u_from_mod' , array('username' => $r['page_text'])); break; |
|
180 |
case "u_to_admin" : $return .= $lang->get('acpsl_entry_u_to_admin' , array('username' => $r['page_text'])); break; |
|
181 |
case "u_to_mod" : $return .= $lang->get('acpsl_entry_u_to_mod' , array('username' => $r['page_text'])); break; |
|
182 |
case "view_comment_ip" : $return .= $lang->get('acpsl_entry_view_comment_ip' , array('username' => htmlspecialchars($r['page_text']))); break; |
|
109
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
183 |
} |
1175
1e2c9819ede3
Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
parents:
1146
diff
changeset
|
184 |
$author_bit = '<span style="'; |
1e2c9819ede3
Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
parents:
1146
diff
changeset
|
185 |
$rank_info = $session->get_user_rank($r['author_uid']); |
1e2c9819ede3
Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
parents:
1146
diff
changeset
|
186 |
$author_bit .= $rank_info['rank_style']; |
1e2c9819ede3
Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
parents:
1146
diff
changeset
|
187 |
$author_bit .= '">'; |
1e2c9819ede3
Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
parents:
1146
diff
changeset
|
188 |
$author_bit .= $r['author_uid'] > 1 && !empty($r['username']) ? htmlspecialchars($r['username']) : htmlspecialchars($r['author']); |
1e2c9819ede3
Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
parents:
1146
diff
changeset
|
189 |
$author_bit .= '</span>'; |
1e2c9819ede3
Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
parents:
1146
diff
changeset
|
190 |
$return .= '</td><td class="'.$cls.'">'.enano_date(ED_DATE | ED_TIME, $r['time_id']).'</td><td class="'.$cls.'">'.$author_bit.'</td><td class="'.$cls.'" style="cursor: pointer;" onclick="ajaxReverseDNS(this);" title="' . $lang->get('acpsl_tip_reverse_dns') . '">'.$r['edit_summary'].'</td></tr>'; |
109
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
191 |
return $return; |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
192 |
} |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
193 |
|
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff
changeset
|
194 |
?> |