mirror of
https://github.com/e107inc/e107.git
synced 2025-01-29 10:38:08 +01:00
Issue #1378 Fix for XUP avatar check. User audit log for login and logout now functioning correctly. Admin log no longer adds a log when deleting a log!
This commit is contained in:
Cameron
parent
01d1c6560c
commit
1202c72390
@ -1064,9 +1064,9 @@ if (($_SERVER['QUERY_STRING'] == 'logout')/* || (($pref['user_tracking'] == 'ses
|
||||
{
|
||||
if (USER)
|
||||
{
|
||||
if (check_class(varset($pref['user_audit_class'],'')))
|
||||
{ // Need to note in user audit trail
|
||||
$admin_log->user_audit(USER_AUDIT_LOGOUT, '');
|
||||
if (check_class(varset($pref['user_audit_class'],''))) // Need to note in user audit trail
|
||||
{
|
||||
e107::getLog()->user_audit(USER_AUDIT_LOGOUT, '', USERID, USERNAME);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -445,7 +445,8 @@ class admin_log_form_ui extends e_admin_form_ui
|
||||
// define('USER_AUDIT_TEMP_ACCOUNT', 24); // User temporary account
|
||||
|
||||
|
||||
$audit_checkboxes = array(USER_AUDIT_SIGNUP => RL_LAN_071, USER_AUDIT_EMAILACK => RL_LAN_072, USER_AUDIT_LOGIN => RL_LAN_073, // USER_AUDIT_LOGOUT => RL_LAN_074, // Logout is lumped in with login
|
||||
$audit_checkboxes = array(USER_AUDIT_SIGNUP => RL_LAN_071, USER_AUDIT_EMAILACK => RL_LAN_072,
|
||||
USER_AUDIT_LOGIN => LAN_AUDIT_LOG_013, USER_AUDIT_LOGOUT => LAN_AUDIT_LOG_014, // Logout is lumped in with login
|
||||
USER_AUDIT_NEW_DN => RL_LAN_075, USER_AUDIT_NEW_PW => RL_LAN_076, USER_AUDIT_PW_RES => RL_LAN_078, USER_AUDIT_NEW_EML => RL_LAN_077, USER_AUDIT_NEW_SET => RL_LAN_079,
|
||||
USER_AUDIT_ADD_ADMIN => RL_LAN_080, USER_AUDIT_MAIL_BOUNCE => RL_LAN_081, USER_AUDIT_BANNED => RL_LAN_082, USER_AUDIT_BOUNCE_RESET => RL_LAN_083,
|
||||
USER_AUDIT_TEMP_ACCOUNT => RL_LAN_084);
|
||||
@ -713,7 +714,7 @@ class audit_log_ui extends e_admin_ui
|
||||
protected $fields = array (
|
||||
'checkboxes' => array ( 'title' => '', 'type' => null, 'data' => null, 'width' => '5%', 'thclass' => 'center', 'forced' => '1', 'class' => 'center', 'toggle' => 'e-multiselect', ),
|
||||
'dblog_id' => array ( 'title' => LAN_ID, 'data' => 'int', 'width' => '5%', 'help' => '', 'readParms' => '', 'writeParms' => '', 'class' => 'left', 'thclass' => 'left', ),
|
||||
'dblog_datestamp' => array ( 'title' => LAN_DATESTAMP, 'type' => 'datestamp', 'data' => 'int', 'width' => 'auto', 'filter' => true, 'help' => '', 'readParms' => '', 'writeParms' => '', 'class' => 'left', 'thclass' => 'left', ),
|
||||
'dblog_datestamp' => array ( 'title' => LAN_DATESTAMP, 'type' => 'datestamp', 'data' => 'int', 'width' => 'auto', 'filter' => true, 'help' => '', 'readParms' => array('mask'=>'dd MM yyyy hh:ii:ss'), 'writeParms' => '', 'class' => 'left', 'thclass' => 'left', ),
|
||||
'dblog_microtime' => array ( 'title' => 'Microtime', 'type' => 'text', 'data' => 'int', 'width' => 'auto', 'help' => '', 'readParms' => '', 'writeParms' => '', 'class' => 'center', 'thclass' => 'center', ),
|
||||
'dblog_eventcode' => array ( 'title' => 'Eventcode', 'type' => 'method', 'data' => 'str', 'width' => 'auto', 'filter' => true, 'help' => '', 'readParms' => '', 'writeParms' => '', 'class' => 'center', 'thclass' => 'center', ),
|
||||
'dblog_user_id' => array ( 'title' => LAN_USER, 'type' => 'user', 'data' => 'int', 'width' => '5%', 'help' => '', 'readParms' => '', 'writeParms' => '', 'class' => 'left', 'thclass' => 'left', ),
|
||||
@ -766,7 +767,7 @@ class dblog_ui extends e_admin_ui
|
||||
protected $fields = array (
|
||||
'checkboxes' => array ( 'title' => '', 'type' => null, 'data' => null, 'width' => '5%', 'thclass' => 'center', 'forced' => '1', 'class' => 'center', 'toggle' => 'e-multiselect', ),
|
||||
// 'dblog_id' => array ( 'title' => LAN_ID, 'data' => 'int', 'width' => '5%', 'help' => '', 'readParms' => '', 'writeParms' => '', 'class' => 'left', 'thclass' => 'left', ),
|
||||
'dblog_datestamp' => array ( 'title' => LAN_DATESTAMP, 'type' => 'datestamp', 'data' => 'int', 'width' => 'auto', 'filter' => true, 'help' => '', 'readParms' => '', 'writeParms' => '', 'class' => 'left', 'thclass' => 'left', ),
|
||||
'dblog_datestamp' => array ( 'title' => LAN_DATESTAMP, 'type' => 'datestamp', 'data' => 'int', 'width' => 'auto', 'filter' => true, 'help' => '', 'readParms' => array('mask'=>'dd MM yyyy hh:ii:ss'), 'writeParms' => '', 'class' => 'left', 'thclass' => 'left', ),
|
||||
'dblog_microtime' => array ( 'title' => 'Microtime', 'type' => 'method', 'data' => 'int', 'width' => 'auto', 'help' => '', 'readParms' => '', 'writeParms' => '', 'class' => 'center', 'thclass' => 'center', ),
|
||||
'dblog_type' => array ( 'title' => LAN_TYPE, 'type' => 'method', 'data' => 'int', 'width' => 'auto', 'batch' => true, 'filter' => true, 'help' => '', 'readParms' => '', 'writeParms' => '', 'class' => 'left', 'thclass' => 'left', ),
|
||||
'dblog_eventcode' => array ( 'title' => 'Eventcode', 'type' => 'method', 'data' => 'str', 'width' => 'auto', 'filter' => true, 'help' => '', 'readParms' => '', 'writeParms' => '', 'class' => 'center', 'thclass' => 'center', ),
|
||||
|
||||
@ -408,35 +408,71 @@ class e_admin_log
|
||||
*/
|
||||
function user_audit($event_type, $event_data, $id = '', $u_name = '')
|
||||
{
|
||||
global $e107,$tp;
|
||||
list($time_usec, $time_sec) = explode(" ", microtime()); // Log event time immediately to minimise uncertainty
|
||||
|
||||
$time_usec = $time_usec * 1000000;
|
||||
|
||||
// See whether we should log this
|
||||
$user_logging_opts = e107::getConfig()->get('user_audit_opts');
|
||||
|
||||
if (!isset($user_logging_opts[$event_type]))
|
||||
return; // Finished if not set to log this event type
|
||||
if (!isset($user_logging_opts[$event_type])) // Finished if not set to log this event type
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
if ($this->rldb == NULL)
|
||||
$this->rldb = new db; // Better use our own db - don't know what else is going on
|
||||
if($this->rldb == null)
|
||||
{
|
||||
$this->rldb = e107::getDb('rldb'); // Better use our own db - don't know what else is going on
|
||||
}
|
||||
|
||||
if(!empty($id))
|
||||
{
|
||||
$userid = $id;
|
||||
}
|
||||
else
|
||||
{
|
||||
$userid = (USER === true) ? USERID : 0;
|
||||
}
|
||||
|
||||
if(!empty($u_name))
|
||||
{
|
||||
$userstring = $u_name;
|
||||
}
|
||||
else
|
||||
{
|
||||
$userstring = (USER === true ? USERNAME : "LAN_ANONYMOUS");
|
||||
}
|
||||
|
||||
$userIP = e107::getIPHandler()->getIP(false);
|
||||
|
||||
if ($id) $userid = $id;
|
||||
else $userid = (USER === TRUE) ? USERID : 0;
|
||||
if ($u_name) $userstring = $u_name;
|
||||
else $userstring = (USER === true ? USERNAME : "LAN_ANONYMOUS");
|
||||
$userIP = e107::getIPHandler()->getIP(FALSE);
|
||||
$eventcode = 'USER_'.$event_type;
|
||||
|
||||
$title = 'LAN_AUDIT_LOG_0'.$event_type; // This creates a string which will be displayed as a constant
|
||||
$spacer = '';
|
||||
/* $spacer = '';
|
||||
$detail = '';
|
||||
|
||||
foreach ($event_data as $k=>$v)
|
||||
{
|
||||
$detail .= $spacer.$k.'=>'.$v;
|
||||
$spacer = '<br />';
|
||||
}
|
||||
$this->rldb->db_Insert("audit_log", "0, ".intval($time_sec).', '.intval($time_usec).", '{$eventcode}', {$userid}, '{$userstring}', '{$userIP}', '{$title}', '{$detail}' ");
|
||||
*/
|
||||
|
||||
$insertQry = array(
|
||||
'dblog_id' => 0,
|
||||
'dblog_datestamp' => intval($time_sec),
|
||||
'dblog_microtime' => intval($time_usec),
|
||||
'dblog_eventcode' => $eventcode,
|
||||
'dblog_user_id' => $userid,
|
||||
'dblog_user_name' => $userstring,
|
||||
'dblog_ip' => $userIP,
|
||||
'dblog_title' => $title,
|
||||
'dblog_remarks' => print_r($event_data,true),
|
||||
);
|
||||
|
||||
$this->rldb->insert("audit_log", $insertQry);
|
||||
|
||||
// $this->rldb->insert("audit_log", "0, ".intval($time_sec).', '.intval($time_usec).", '{$eventcode}', {$userid}, '{$userstring}', '{$userIP}', '{$title}', '{$detail}' ");
|
||||
}
|
||||
|
||||
|
||||
|
||||
@ -251,10 +251,11 @@ class userlogin
|
||||
// Problem is that USERCLASS_LIST just contains 'guest' and 'everyone' at this point
|
||||
$class_list = $this->userMethods->addCommonClasses($this->userData, TRUE);
|
||||
|
||||
$user_logging_opts = e107::getConfig()->get('user_audit_opts');
|
||||
if (isset($user_logging_opts[USER_AUDIT_LOGIN]) && in_array(varset($pref['user_audit_class'],''),$class_list))
|
||||
// $user_logging_opts = e107::getConfig()->get('user_audit_opts');
|
||||
|
||||
if (in_array(varset($pref['user_audit_class'],''), $class_list))
|
||||
{ // Need to note in user audit trail
|
||||
$this->e107->admin_log->user_audit(USER_AUDIT_LOGIN,'', $user_id,$user_name);
|
||||
e107::getLog()->user_audit(USER_AUDIT_LOGIN,'', $user_id, $user_name);
|
||||
}
|
||||
|
||||
$edata_li = array('user_id' => $user_id, 'user_name' => $user_name, 'class_list' => implode(',',$class_list), 'remember_me' => $autologin, 'user_admin'=>$user_admin, 'user_email'=> $user_email);
|
||||
|
||||
@ -3001,7 +3001,8 @@ class e_admin_model extends e_front_model
|
||||
if(is_numeric($id)) $id = intval($id);
|
||||
else $id = "'".e107::getParser()->toDB($id)."'";
|
||||
$table = $this->getModelTable();
|
||||
$res = $sql->db_Delete($table, $this->getFieldIdName().'='.$id);
|
||||
$where = $this->getFieldIdName().'='.$id;
|
||||
$res = $sql->delete($table, $where);
|
||||
$this->_db_qry = $sql->getLastQuery();
|
||||
|
||||
if(!$res)
|
||||
@ -3017,8 +3018,13 @@ class e_admin_model extends e_front_model
|
||||
}
|
||||
else
|
||||
{
|
||||
e107::getAdminLog()->addSuccess($table,false);
|
||||
e107::getAdminLog()->addArray($sqlQry)->save('ADMINUI_03');
|
||||
if($table != 'admin_log')
|
||||
{
|
||||
$logData = array('TABLE'=>$table, 'WHERE'=>$where);
|
||||
e107::getAdminLog()->addSuccess($table,false);
|
||||
e107::getAdminLog()->addArray($logData)->save('ADMINUI_03');
|
||||
}
|
||||
|
||||
$this->clearCache();
|
||||
}
|
||||
return $res;
|
||||
@ -3595,7 +3601,7 @@ class e_admin_tree_model extends e_front_tree_model
|
||||
$table = $this->getModelTable();
|
||||
$sqlQry = $this->getFieldIdName().' IN (\''.$idstr.'\')';
|
||||
|
||||
$res = $sql->db_Delete($table, $sqlQry);
|
||||
$res = $sql->delete($table, $sqlQry);
|
||||
|
||||
$this->_db_errno = $sql->getLastErrorNumber();
|
||||
$this->_db_errmsg = $sql->getLastErrorText();
|
||||
@ -3627,9 +3633,11 @@ class e_admin_tree_model extends e_front_tree_model
|
||||
}
|
||||
}
|
||||
|
||||
$logData = array('TABLE'=>$table, 'WHERE'=>$sqlQry);
|
||||
e107::getAdminLog()->addArray($logData)->save('ADMINUI_03');
|
||||
|
||||
if($table != 'admin_log')
|
||||
{
|
||||
$logData = array('TABLE'=>$table, 'WHERE'=>$sqlQry);
|
||||
e107::getAdminLog()->addArray($logData)->save('ADMINUI_03');
|
||||
}
|
||||
return $res;
|
||||
}
|
||||
|
||||
|
||||
@ -878,7 +878,7 @@ Following fields auto-filled in code as required:
|
||||
{ // Valid user!
|
||||
if ($row['user_ban'] != $newVal) // We could implement a hierarchy here, so that an important status isn't overridden by a lesser one
|
||||
{ // Only update if needed
|
||||
$db->db_Update('user', '`user_ban` = '.$newVal.', `user_email` = \'\' WHERE `user_id` = '.$row['user_id'].' LIMIT 1');
|
||||
$db->update('user', '`user_ban` = '.$newVal.', `user_email` = \'\' WHERE `user_id` = '.$row['user_id'].' LIMIT 1');
|
||||
// Add to user audit log TODO: Should we log to admin log as well?
|
||||
$adminLog = e107::getAdminLog();
|
||||
$adminLog->user_audit($logEvent, array('user_ban' => $newVal, 'user_email' => $row['user_email']), $row['user_id'], $row['user_loginname']);
|
||||
|
||||
@ -1702,7 +1702,7 @@ class e_user extends e_user_model
|
||||
|
||||
|
||||
$where = implode(' OR ', $where);
|
||||
if($sql->select('user', 'user_id, user_password, user_xup', $where))
|
||||
if($sql->select('user', 'user_id, user_name, user_image, user_password, user_xup', $where))
|
||||
{
|
||||
|
||||
$user = $sql->fetch();
|
||||
@ -1722,6 +1722,10 @@ class e_user extends e_user_model
|
||||
e107::getLog()->add('User Profile Update Failed', $userdata, E_LOG_WARNING, "XUP_LOGIN", LOG_TO_ADMIN, array('user_id'=>$user['user_id'],'user_name'=>$user['user_name']));
|
||||
}
|
||||
}
|
||||
|
||||
unset($user['user_password']);
|
||||
e107::getLog()->user_audit(USER_AUDIT_LOGIN,'', $user['user_id'], $user['user_name']);
|
||||
// e107::getLog()->add('XUP Login', $user, E_LOG_INFORMATIVE, "LOGIN", LOG_TO_ROLLING, array('user_id'=>$user['user_id'],'user_name'=>$user['user_name']));
|
||||
}
|
||||
|
||||
return $this;
|
||||
|
||||
@ -71,6 +71,7 @@ define("RL_LAN_069", "Download Name");
|
||||
define("RL_LAN_071", "User registration (ignores class setting above)");
|
||||
define("RL_LAN_072", "Signup email acknowledgement (ignores class setting above)");
|
||||
define("RL_LAN_073", "Login/Logout");
|
||||
|
||||
define("RL_LAN_075", "Change display name");
|
||||
define("RL_LAN_076", "Change password");
|
||||
define("RL_LAN_077", "Change email address");
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user