plugins/admin/SecurityLog.php
author Dan
Thu, 17 Dec 2009 04:27:50 -0500
changeset 1168 277a9cdead3e
parent 1146 4a90e6e46937
child 1175 1e2c9819ede3
permissions -rw-r--r--
Namespace_Default: added a workaround for an inconsistency in SQL. Basically, if you join the same table multiple times under multiple aliases, COUNT() always uses the first instance. Was affecting the comment counter in the "discussion" button.
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
109
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
     1
<?php
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
     2
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
     3
/*
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
     4
 * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
1081
745200a9cc2a Fixed some upgrade bugs; added support for choosing one's own date/time formats; rebrand as 1.1.7
Dan
parents: 1013
diff changeset
     5
 * Copyright (C) 2006-2009 Dan Fuhry
109
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
     6
 *
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
     7
 * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
     8
 * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
     9
 *
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    10
 * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    11
 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    12
 */
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    13
 
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    14
function page_Admin_SecurityLog()
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    15
{
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    16
  global $db, $session, $paths, $template, $plugins; // Common objects
358
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
    17
  global $lang;
109
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    18
  if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    19
  {
358
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
    20
    $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true);
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
    21
    echo '<h3>' . $lang->get('adm_err_not_auth_title') . '</h3>';
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
    22
    echo '<p>' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '</p>';
109
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    23
    return;
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    24
  }
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    25
  
140
40f7fa5fd061 Revamped the administrator's user CP, big time. The admin module now uses a smart form and enables all profile fields, including users_extra, to be changed. Passwords are encrypted when sent. The whole CP has been split off into a different file to accomodate the large amount of code.
Dan
parents: 128
diff changeset
    26
  // if ( defined('ENANO_DEMO_MODE') && substr($_SERVER['REMOTE_ADDR'], 0, 8) != '192.168.' )
40f7fa5fd061 Revamped the administrator's user CP, big time. The admin module now uses a smart form and enables all profile fields, including users_extra, to be changed. Passwords are encrypted when sent. The whole CP has been split off into a different file to accomodate the large amount of code.
Dan
parents: 128
diff changeset
    27
  // {
40f7fa5fd061 Revamped the administrator's user CP, big time. The admin module now uses a smart form and enables all profile fields, including users_extra, to be changed. Passwords are encrypted when sent. The whole CP has been split off into a different file to accomodate the large amount of code.
Dan
parents: 128
diff changeset
    28
  //   die('Security log is disabled in demo mode.');
40f7fa5fd061 Revamped the administrator's user CP, big time. The admin module now uses a smart form and enables all profile fields, including users_extra, to be changed. Passwords are encrypted when sent. The whole CP has been split off into a different file to accomodate the large amount of code.
Dan
parents: 128
diff changeset
    29
  // }
109
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    30
  
358
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
    31
  echo '<h3>' . $lang->get('acpsl_heading_main') . '</h3>';
109
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    32
  
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    33
  // Not calling the real fetcher because we have to paginate the results
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    34
  $offset = ( isset($_GET['offset']) ) ? intval($_GET['offset']) : 0;
1146
4a90e6e46937 PostgreSQL: fixed Admin:SecurityLog database error
Dan
parents: 1081
diff changeset
    35
  $q = $db->sql_query('SELECT COUNT(time_id) as num FROM '.table_prefix.'logs WHERE log_type=\'security\' GROUP BY log_id, time_id, log_type, action ORDER BY time_id DESC, action ASC;');
109
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    36
  if ( !$q )
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    37
    $db->_die();
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    38
  $row = $db->fetchrow();
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    39
  $db->free_result();
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    40
  $count = intval($row['num']);
1013
8626bb38410f Set a few queries to buffered due to intermediate queries during fetching
Dan
parents: 950
diff changeset
    41
  $q = $db->sql_query('SELECT action,date_string,author,edit_summary,time_id,page_text FROM '.table_prefix.'logs WHERE log_type=\'security\' ORDER BY time_id DESC, action ASC;');
109
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    42
  if ( !$q )
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    43
    $db->_die();
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    44
   
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    45
  $html = paginate(
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    46
      $q,
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    47
      '{time_id}',
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    48
      $count,
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    49
      makeUrlNS('Special', 'Administration', 'module=' . $paths->nslist['Admin'] . 'SecurityLog&offset=%s'),
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    50
      $offset,
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    51
      50,
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    52
      array('time_id' => 'seclog_format_inner'),
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    53
      '<div class="tblholder" style="/* max-height: 500px; clip: rect(0px,auto,auto,0px); overflow: auto; */"><table border="0" cellspacing="1" cellpadding="4" width="100%">
358
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
    54
       <tr>
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
    55
         <th style="width: 60%;">' . $lang->get('acpsl_col_type') . '</th>
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
    56
         <th>' . $lang->get('acpsl_col_date') . '</th>
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
    57
         <th>' . $lang->get('acpsl_col_username') . '</th>
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
    58
         <th>' . $lang->get('acpsl_col_ip') . '</th>
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
    59
       </tr>',
109
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    60
      '</table></div>'
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    61
    );
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    62
  
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    63
  echo $html;
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    64
  
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    65
}
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    66
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    67
function get_security_log($num = false)
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    68
{
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    69
  global $db, $session, $paths, $template, $plugins; // Common objects
659
16b5b89c8055 Fixed unlocalized column names in SecurityLog
Dan
parents: 536
diff changeset
    70
  global $lang;
16b5b89c8055 Fixed unlocalized column names in SecurityLog
Dan
parents: 536
diff changeset
    71
  
109
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    72
  if ( $session->auth_level < USER_LEVEL_ADMIN )
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    73
  {
320
112debff64bd SURPRISE! Preliminary PostgreSQL support added. The required schema file is not present in this commit and will be included at a later date. No installer support is implemented. Also in this commit: several fixes including <!-- SYSMSG ... --> was broken in template compiler; set fixed width on included images to prevent the thumbnail box from getting huge; added a much more friendly interface to AJAX responses that are invalid JSON
Dan
parents: 166
diff changeset
    74
    $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author) VALUES(\'security\',\'seclog_unauth\',' . time() . ',"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '");');
109
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    75
    if ( !$q )
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    76
      $db->_die();
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    77
    die('Security log: unauthorized attempt to fetch. Call has been logged and reported to the administrators.');
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    78
  }
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    79
  
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    80
  $return = '<div class="tblholder" style="/* max-height: 500px; clip: rect(0px,auto,auto,0px); overflow: auto; */"><table border="0" cellspacing="1" cellpadding="4" width="100%">';
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    81
  $cls = 'row2';                                                                                               
659
16b5b89c8055 Fixed unlocalized column names in SecurityLog
Dan
parents: 536
diff changeset
    82
  $return .= '<tr><th style="width: 60%;">' . $lang->get('acpsl_col_type') . '</th><th>' . $lang->get('acpsl_col_date') . '</th><th>' . $lang->get('acpsl_col_username') . '</th><th>' . $lang->get('acpsl_col_ip') . '</th></tr>';
109
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    83
  $hash = sha1(microtime());
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    84
  if ( defined('ENANO_DEMO_MODE') )
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    85
  {
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    86
    require('config.php');
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    87
    $hash = md5($dbpasswd);
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    88
    unset($dbname, $dbhost, $dbuser, $dbpasswd);
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    89
    unset($dbname, $dbhost, $dbuser, $dbpasswd); // PHP5 Zend bug
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    90
  }
140
40f7fa5fd061 Revamped the administrator's user CP, big time. The admin module now uses a smart form and enables all profile fields, including users_extra, to be changed. Passwords are encrypted when sent. The whole CP has been split off into a different file to accomodate the large amount of code.
Dan
parents: 128
diff changeset
    91
  // if ( defined('ENANO_DEMO_MODE') && !isset($_GET[ $hash ]) && substr($_SERVER['REMOTE_ADDR'], 0, 8) != '192.168.' )
40f7fa5fd061 Revamped the administrator's user CP, big time. The admin module now uses a smart form and enables all profile fields, including users_extra, to be changed. Passwords are encrypted when sent. The whole CP has been split off into a different file to accomodate the large amount of code.
Dan
parents: 128
diff changeset
    92
  // {
40f7fa5fd061 Revamped the administrator's user CP, big time. The admin module now uses a smart form and enables all profile fields, including users_extra, to be changed. Passwords are encrypted when sent. The whole CP has been split off into a different file to accomodate the large amount of code.
Dan
parents: 128
diff changeset
    93
  //   $return .= '<tr><td class="row1" colspan="4">Logs are recorded but not displayed for privacy purposes in the demo.</td></tr>';
40f7fa5fd061 Revamped the administrator's user CP, big time. The admin module now uses a smart form and enables all profile fields, including users_extra, to be changed. Passwords are encrypted when sent. The whole CP has been split off into a different file to accomodate the large amount of code.
Dan
parents: 128
diff changeset
    94
  // }
40f7fa5fd061 Revamped the administrator's user CP, big time. The admin module now uses a smart form and enables all profile fields, including users_extra, to be changed. Passwords are encrypted when sent. The whole CP has been split off into a different file to accomodate the large amount of code.
Dan
parents: 128
diff changeset
    95
  // else
40f7fa5fd061 Revamped the administrator's user CP, big time. The admin module now uses a smart form and enables all profile fields, including users_extra, to be changed. Passwords are encrypted when sent. The whole CP has been split off into a different file to accomodate the large amount of code.
Dan
parents: 128
diff changeset
    96
  // {
109
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    97
    if(is_int($num))
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    98
    {
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
    99
      $l = 'SELECT action,date_string,author,edit_summary,time_id,page_text FROM '.table_prefix.'logs WHERE log_type=\'security\' ORDER BY time_id DESC, action ASC LIMIT '.$num.';';
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   100
    }
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   101
    else
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   102
    {
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   103
      $l = 'SELECT action,date_string,author,edit_summary,time_id,page_text FROM '.table_prefix.'logs WHERE log_type=\'security\' ORDER BY time_id DESC, action ASC;';
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   104
    }
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   105
    $q = $db->sql_query($l);
413
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 411
diff changeset
   106
    while($r = $db->fetchrow($q))
109
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   107
    {
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   108
      $return .= seclog_format_inner($r);
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   109
    }
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   110
    $db->free_result();
140
40f7fa5fd061 Revamped the administrator's user CP, big time. The admin module now uses a smart form and enables all profile fields, including users_extra, to be changed. Passwords are encrypted when sent. The whole CP has been split off into a different file to accomodate the large amount of code.
Dan
parents: 128
diff changeset
   111
  // }
109
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   112
  $return .= '</table></div>';
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   113
  
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   114
  return $return;
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   115
}
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   116
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   117
function seclog_format_inner($r, $f = false)
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   118
{
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   119
  if ( is_array($f) )
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   120
  {
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   121
    unset($r);
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   122
    $r =& $f;
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   123
  }
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   124
  global $db, $session, $paths, $template, $plugins; // Common objects
358
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
   125
  global $lang;
109
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   126
  $return = '';
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   127
  static $cls = 'row2';
140
40f7fa5fd061 Revamped the administrator's user CP, big time. The admin module now uses a smart form and enables all profile fields, including users_extra, to be changed. Passwords are encrypted when sent. The whole CP has been split off into a different file to accomodate the large amount of code.
Dan
parents: 128
diff changeset
   128
  if ( substr($_SERVER['REMOTE_ADDR'], 0, 8) != '192.168.' && defined('ENANO_DEMO_MODE') )
40f7fa5fd061 Revamped the administrator's user CP, big time. The admin module now uses a smart form and enables all profile fields, including users_extra, to be changed. Passwords are encrypted when sent. The whole CP has been split off into a different file to accomodate the large amount of code.
Dan
parents: 128
diff changeset
   129
  {
40f7fa5fd061 Revamped the administrator's user CP, big time. The admin module now uses a smart form and enables all profile fields, including users_extra, to be changed. Passwords are encrypted when sent. The whole CP has been split off into a different file to accomodate the large amount of code.
Dan
parents: 128
diff changeset
   130
    $r['edit_summary'] = preg_replace('/([0-9])/', 'x', $r['edit_summary']);
40f7fa5fd061 Revamped the administrator's user CP, big time. The admin module now uses a smart form and enables all profile fields, including users_extra, to be changed. Passwords are encrypted when sent. The whole CP has been split off into a different file to accomodate the large amount of code.
Dan
parents: 128
diff changeset
   131
  }
109
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   132
  if ( $r['action'] == 'illegal_page' )
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   133
  {
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   134
    list($illegal_id, $illegal_ns) = unserialize($r['page_text']);
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   135
    $url = makeUrlNS($illegal_ns, $illegal_id, false, true);
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   136
    $title = get_page_title_ns($illegal_id, $illegal_ns);
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   137
    $class = ( isPage($paths->nslist[$illegal_ns] . $illegal_id) ) ? '' : ' class="wikilink-nonexistent"';
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   138
    $illegal_link = '<a href="' . $url . '"' . $class . ' onclick="window.open(this.href); return false;">' . $title . '</a>';
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   139
  }
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   140
  else if ( $r['action'] == 'plugin_enable' || $r['action'] == 'plugin_disable' )
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   141
  {
950
36289dcb5c8a Security log: fixed typo in plugin enable/disable display
Dan
parents: 801
diff changeset
   142
    $r['page_text'] = htmlspecialchars($r['page_text']);
109
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   143
  }
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   144
  $cls = ( $cls == 'row2' ) ? 'row1' : 'row2';
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   145
  $return .= '<tr><td class="'.$cls.'">';
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   146
  switch($r['action'])
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   147
  {
358
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
   148
    case "admin_auth_good" : $return .= $lang->get('acpsl_entry_admin_auth_good'  , array('level' => $session->userlevel_to_string( intval($r['page_text']) ))); break;
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
   149
    case "admin_auth_bad"  : $return .= $lang->get('acpsl_entry_admin_auth_bad'   , array('level' => $session->userlevel_to_string( intval($r['page_text']) ))); break;
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
   150
    case "activ_good"      : $return .= $lang->get('acpsl_entry_activ_good')      ; break;
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
   151
    case "auth_good"       : $return .= $lang->get('acpsl_entry_auth_good')       ; break;
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
   152
    case "activ_bad"       : $return .= $lang->get('acpsl_entry_activ_bad')       ; break;
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
   153
    case "auth_bad"        : $return .= $lang->get('acpsl_entry_auth_bad')        ; break;
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
   154
    case "sql_inject"      : $return .= $lang->get('acpsl_entry_sql_inject'       , array('query' => htmlspecialchars($r['page_text']))); break;
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
   155
    case "db_backup"       : $return .= $lang->get('acpsl_entry_db_backup'        , array('tables' => $r['page_text']))       ; break;
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
   156
    case "install_enano"   : $return .= $lang->get('acpsl_entry_install_enano'    , array('version' => $r['page_text'])); break; // version is in $r['page_text']
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
   157
    case "upgrade_enano"   : $return .= $lang->get('acpsl_entry_upgrade_enano'    , array('version' => $r['page_text'])); break; // version is in $r['page_text']
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
   158
    case "illegal_page"    : $return .= $lang->get('acpsl_entry_illegal_page'     , array('illegal_link' => $illegal_link))    ; break;
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
   159
    case "upload_enable"   : $return .= $lang->get('acpsl_entry_upload_enable')   ; break;
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
   160
    case "upload_disable"  : $return .= $lang->get('acpsl_entry_upload_disable')  ; break;
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
   161
    case "magick_enable"   : $return .= $lang->get('acpsl_entry_magick_enable')   ; break;
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
   162
    case "magick_disable"  : $return .= $lang->get('acpsl_entry_magick_disable')  ; break;
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
   163
    case "filehist_enable" : $return .= $lang->get('acpsl_entry_filehist_enable') ; break;
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
   164
    case "filehist_disable": $return .= $lang->get('acpsl_entry_filehist_disable'); break;
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
   165
    case "magick_path"     : $return .= $lang->get('acpsl_entry_magick_path')     ; break;
359
e0787bb6285b Implemented IP logging for comments and registration
Dan
parents: 358
diff changeset
   166
    case "plugin_disable"  : $return .= $lang->get('acpsl_entry_plugin_disable'   , array('plugin' => $r['page_text'])); break;
e0787bb6285b Implemented IP logging for comments and registration
Dan
parents: 358
diff changeset
   167
    case "plugin_enable"   : $return .= $lang->get('acpsl_entry_plugin_enable'    , array('plugin' => $r['page_text'])); break;
529
7803c9db3506 Implemented security logging for plugin management
Dan
parents: 504
diff changeset
   168
    case "plugin_install"  : $return .= $lang->get('acpsl_entry_plugin_install'   , array('plugin' => $r['page_text'])); break;
7803c9db3506 Implemented security logging for plugin management
Dan
parents: 504
diff changeset
   169
    case "plugin_uninstall": $return .= $lang->get('acpsl_entry_plugin_uninstall' , array('plugin' => $r['page_text'])); break;
7803c9db3506 Implemented security logging for plugin management
Dan
parents: 504
diff changeset
   170
    case "plugin_upgrade"  : $return .= $lang->get('acpsl_entry_plugin_upgrade'   , array('plugin' => $r['page_text'])); break;
358
b25d34fbc7ab Completed l10n on admin panel. Exception is Admin:ThemeManager, which is pending a rewrite.
Dan
parents: 345
diff changeset
   171
    case "seclog_unauth"   : $return .= $lang->get('acpsl_entry_seclog_unauth')   ; break;
359
e0787bb6285b Implemented IP logging for comments and registration
Dan
parents: 358
diff changeset
   172
    case "u_from_admin"    : $return .= $lang->get('acpsl_entry_u_from_admin'     , array('username' => $r['page_text'])); break;
e0787bb6285b Implemented IP logging for comments and registration
Dan
parents: 358
diff changeset
   173
    case "u_from_mod"      : $return .= $lang->get('acpsl_entry_u_from_mod'       , array('username' => $r['page_text'])); break;
e0787bb6285b Implemented IP logging for comments and registration
Dan
parents: 358
diff changeset
   174
    case "u_to_admin"      : $return .= $lang->get('acpsl_entry_u_to_admin'       , array('username' => $r['page_text'])); break;
e0787bb6285b Implemented IP logging for comments and registration
Dan
parents: 358
diff changeset
   175
    case "u_to_mod"        : $return .= $lang->get('acpsl_entry_u_to_mod'         , array('username' => $r['page_text'])); break;
e0787bb6285b Implemented IP logging for comments and registration
Dan
parents: 358
diff changeset
   176
    case "view_comment_ip" : $return .= $lang->get('acpsl_entry_view_comment_ip'  , array('username' => htmlspecialchars($r['page_text']))); break;
109
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   177
  }
1081
745200a9cc2a Fixed some upgrade bugs; added support for choosing one's own date/time formats; rebrand as 1.1.7
Dan
parents: 1013
diff changeset
   178
  $return .= '</td><td class="'.$cls.'">'.enano_date(ED_DATE | ED_TIME, $r['time_id']).'</td><td class="'.$cls.'">'.$r['author'].'</td><td class="'.$cls.'" style="cursor: pointer;" onclick="ajaxReverseDNS(this);" title="' . $lang->get('acpsl_tip_reverse_dns') . '">'.$r['edit_summary'].'</td></tr>';
109
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   179
  return $return;
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   180
}
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   181
93ef7df77847 Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
diff changeset
   182
?>