From dc7343ed3ca4eeb47006b39da86b74a737394509 Mon Sep 17 00:00:00 2001 From: Cameron Date: Tue, 15 Mar 2016 10:45:33 -0700 Subject: [PATCH 1/7] Support for e_DEBUG_NOTIFY flag. --- e107_handlers/notify_class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/e107_handlers/notify_class.php b/e107_handlers/notify_class.php index df221c4e2..5b14eddac 100644 --- a/e107_handlers/notify_class.php +++ b/e107_handlers/notify_class.php @@ -216,7 +216,7 @@ class notify } - if(E107_DEBUG_LEVEL > 0) + if(E107_DEBUG_LEVEL > 0 || deftrue('e_DEBUG_NOTIFY')) { $data = array('id'=>$id, 'subject'=>$subject, 'recipients'=> $recipients, 'prefs'=>$this->notify_prefs['event'][$id], 'message'=>$message); From 5348c0222381d3e834892df4c858a435f1398d88 Mon Sep 17 00:00:00 2001 From: Cameron Date: Tue, 15 Mar 2016 23:37:38 -0700 Subject: [PATCH 2/7] Corrected layout of Theme XML generator. Default news template cleanup. Clickable URL fix for when   is present. --- e107_admin/theme.php | 22 ++++++----- e107_plugins/news/templates/news_template.php | 39 ++++++++++++------- 2 files changed, 38 insertions(+), 23 deletions(-) diff --git a/e107_admin/theme.php b/e107_admin/theme.php index 74c6831eb..421fb01cd 100644 --- a/e107_admin/theme.php +++ b/e107_admin/theme.php @@ -398,7 +398,7 @@ class theme_builder { $nm = $key.'-'.$type; $name = "xml[$nm]"; - $size = (count($val)==1) ? 'span7' : 'span2'; + $size = (count($val)==1) ? 'col-md-7' : 'col-md-2'; $text .= "
".$this->xmlInput($name, $key."-". $type, vartrue($defaults[$nm]))."
"; } @@ -588,7 +588,8 @@ TEMPLATE; $size = 30; $help = ''; - + $sizex = ''; + switch ($info) { @@ -601,7 +602,7 @@ TEMPLATE; case 'main-lang': $help = TPVLAN_CONV_4; $required = false; - $placeholder= " "; + $placeholder= "LAN equivalent"; $pattern = "[A-Z0-9_]*"; break; @@ -644,7 +645,7 @@ TEMPLATE; case 'summary-summary': $help = TPVLAN_CONV_10; $required = true; - $size = 100; + $size = 200; $placeholder= " "; $pattern = "[A-Za-z,() \.0-9]*"; break; @@ -681,7 +682,8 @@ TEMPLATE; $req = ($required == true) ? "&required=1" : ""; $placeholder = (varset($placeholder)) ? $placeholder : $type; $pat = ($pattern) ? "&pattern=".$pattern : ""; - + $text = ''; + switch ($type) { @@ -695,9 +697,9 @@ TEMPLATE; $file = str_replace(e_THEME.$this->themeName."/",'',$path); $text .= "
"; $text .= "
"; - $text .= "
".$frm->checkbox($name.'['.$key.'][file]',$file, false, array('label'=>$file))." + $text .= "
".$frm->checkbox($name.'['.$key.'][file]',$file, false, array('label'=>$file))."
".TPVLAN_CONV_14."
"; - $text .= "
".$frm->text($name.'['.$key.'][name]', $default, $size, 'placeholder='.$file . $req. $pat)." + $text .= "
".$frm->text($name.'['.$key.'][name]', $default, $size, 'placeholder='.$file . $req. $pat)."
".TPVLAN_CONV_15."
"; // $text .= "
".$frm->checkbox('css['.$key.'][file]',$file, false, array('label'=>$file))."
"; // $text .= "
".$frm->text('css['.$key.'][name]', $default, $size, 'placeholder='.$placeholder . $req. $pat)."
"; @@ -711,11 +713,11 @@ TEMPLATE; case 'date': - $text = $frm->datepicker($name, time(), 'format=yyyy-mm-dd'.$req); + $text = $frm->datepicker($name, time(), 'format=yyyy-mm-dd'.$req.'&size=block-level'); break; case 'description': - $text = $frm->textarea($name,$default, 3, 100, $req); // pattern not supported. + $text = $frm->textarea($name,$default, 3, 100, $req,'&size=block-level'); // pattern not supported. break; @@ -733,7 +735,7 @@ TEMPLATE; default: - $text = $frm->text($name, $default, $size, 'placeholder='.$placeholder . $req. $pat); + $text = $frm->text($name, $default, $size, 'placeholder='.$placeholder . $req. $pat.'&size=block-level'); break; } diff --git a/e107_plugins/news/templates/news_template.php b/e107_plugins/news/templates/news_template.php index 17cbb2ef4..e3cc1e7ff 100644 --- a/e107_plugins/news/templates/news_template.php +++ b/e107_plugins/news/templates/news_template.php @@ -80,25 +80,30 @@ $NEWS_TEMPLATE['default']['item'] = ' '; */ +$NEWS_WRAPPER['default']['item']['NEWSIMAGE: item=1'] = '{---}'; + $NEWS_TEMPLATE['default']['item'] = ' - {SETIMAGE: w=900&h=300} + {SETIMAGE: w=400&h=400}

{NEWSTITLELINK}

-

{GLYPH=user}  {NEWSAUTHOR}

-
-
-
{GLYPH=time} {NEWSDATE=short}
-
{GLYPH=tags}  {NEWSTAGS}   {GLYPH=folder-open}  {NEWSCATEGORY}
+ +
+
+
{GLYPH=user}  {NEWSAUTHOR}   {GLYPH=time}  {NEWSDATE=short}
+
{GLYPH=tags}  {NEWSTAGS}   {GLYPH=folder-open}  {NEWSCATEGORY}
-
+
{NEWSIMAGE: item=1} - -
+

{NEWSSUMMARY}

{NEWSVIDEO: item=1} +
{NEWSBODY} +
+
{EXTENDED} +
{NEWSCOMMENTLINK: glyph=comments&class=btn btn-default}{PRINTICON: class=btn btn-default}{PDFICON}{SOCIALSHARE}{ADMINOPTIONS: class=btn btn-default}
@@ -121,7 +126,7 @@ $NEWS_TEMPLATE['view']['item'] = ' {SETIMAGE: w=900&h=600}

{NEWSTITLELINK}

-

{NEWSSUMMARY}

+
{GLYPH=user}  {NEWSAUTHOR}   {GLYPH=time}  {NEWSDATE=short}
@@ -132,7 +137,10 @@ $NEWS_TEMPLATE['view']['item'] = '
{NEWSIMAGE: item=1} +

{NEWSSUMMARY}

+
{NEWSBODY=body} +
{NEWSVIDEO: item=1} {NEWSVIDEO: item=2} @@ -155,7 +163,7 @@ $NEWS_TEMPLATE['view']['item'] = ' {NEWSVIDEO: item=4} {NEWSVIDEO: item=5} -
+
{NEWSBODY=extended}
@@ -171,6 +179,7 @@ $NEWS_TEMPLATE['view']['item'] = ' {NEWSRELATED}
{NEWSNAVLINK} + '; //$NEWS_MENU_TEMPLATE['view']['separator'] = '
'; @@ -201,7 +210,11 @@ $NEWS_TEMPLATE['category']['item'] = ' ### Related 'start' - Options: Core 'single' shortcodes including {SETIMAGE} ### Related 'item' - Options: {RELATED_URL} {RELATED_IMAGE} {RELATED_TITLE} {RELATED_SUMMARY} ### Related 'end' - Options: Options: Core 'single' shortcodes including {SETIMAGE} - +/* $NEWS_TEMPLATE['related']['start'] = "

".defset('LAN_RELATED', 'Related')."

    "; $NEWS_TEMPLATE['related']['item'] = "
  • {RELATED_TITLE}
    • "; -$NEWS_TEMPLATE['related']['end'] = "
"; +$NEWS_TEMPLATE['related']['end'] = "";*/ + +$NEWS_TEMPLATE['related']['start'] = '{SETIMAGE: w=350&h=350&crop=1}

YOU MIGHT ALSO LIKE

'; +$NEWS_TEMPLATE['related']['item'] = '
{RELATED_IMAGE}

{RELATED_TITLE}

'; +$NEWS_TEMPLATE['related']['end'] = '
'; \ No newline at end of file From f927e49e22c745a540ed8e99672821b89bb310d1 Mon Sep 17 00:00:00 2001 From: Cameron Date: Wed, 16 Mar 2016 09:21:12 -0700 Subject: [PATCH 3/7] BC Fix for comment avatar size. Regexp for "makeClickable" now handles ' ' before URL correctly. --- e107_handlers/comment_class.php | 6 ++++-- e107_handlers/e_parse_class.php | 2 +- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/e107_handlers/comment_class.php b/e107_handlers/comment_class.php index ec5287690..5222ea101 100644 --- a/e107_handlers/comment_class.php +++ b/e107_handlers/comment_class.php @@ -481,7 +481,9 @@ class comment $COMMENT_TEMPLATE['item'] = str_replace("row", "row-fluid", $COMMENT_TEMPLATE['item']); } - + + e107::getParser()->setThumbSize(100,100); // BC FIx. Set a default image size, in case the template doesn't have one. + if (vartrue($pref['nested_comments'])) { // $width2 = 100 - $width; @@ -1150,7 +1152,7 @@ class comment { $comment = $ns->tablerender(COMLAN_9, $comment, 'comment', true ); } - + diff --git a/e107_handlers/e_parse_class.php b/e107_handlers/e_parse_class.php index 7f5b626ba..d7561078e 100644 --- a/e107_handlers/e_parse_class.php +++ b/e107_handlers/e_parse_class.php @@ -1431,7 +1431,7 @@ class e_parse extends e_parser $linktext = (!empty($textReplace)) ? $textReplace : '\\2'; $external = (!empty($opts['ext'])) ? 'rel="external"' : ''; - $text = preg_replace("#(^|[\s])([\w]+?://(?:[\w-%]+?)(?:\.[\w-%]+?)+.*?)(?=$|[\s[\]<]|\.\s|\.$|,\s|,$)#is", "\\1".$linktext."", $text); + $text = preg_replace("#(^|[\s]| )([\w]+?:\/\/(?:[\w-%]+?)(?:\.[\w-%]+?)+.*?)(?=$|[\s[\]<]|\.\s|\.$|,\s|,$| )#is", "\\1".$linktext."", $text); $text = preg_replace("#(^|[\s])((?:www|ftp)(?:\.[\w-%]+?){2}.*?)(?=$|[\s[\]<]|\.\s|\.$|,\s|,$)#is", "\\1".$linktext."", $text); break; From 01d1c6560cc15c084da9538a11feea281b9b06ea Mon Sep 17 00:00:00 2001 From: Cameron Date: Wed, 16 Mar 2016 12:05:10 -0700 Subject: [PATCH 4/7] XUP: Issue #1378 - Update Username and Avatar if they have changed. --- e107_admin/admin_log.php | 2 +- e107_handlers/admin_log_class.php | 26 +++++++++++++++++---- e107_handlers/user_handler.php | 39 ++++++++++++++++++++++++------- e107_handlers/user_model.php | 36 ++++++++++++++++++++++++---- 4 files changed, 85 insertions(+), 18 deletions(-) diff --git a/e107_admin/admin_log.php b/e107_admin/admin_log.php index f31bb646d..b90a63753 100644 --- a/e107_admin/admin_log.php +++ b/e107_admin/admin_log.php @@ -152,7 +152,7 @@ class admin_log_ui extends e_admin_ui protected $fields = array ( // 'checkboxes' => array ( 'title' => '', 'type' => null, 'data' => null, 'nolist'=>true, 'width' => '5%', 'thclass' => 'center', 'forced' => '1', 'class' => 'center', 'toggle' => 'e-multiselect', ), 'dblog_id' => array ( 'title' => LAN_ID, 'data' => 'int', 'width' => '5%', 'help' => '', 'readParms' => '', 'writeParms' => '', 'class' => 'left', 'thclass' => 'left', ), - 'dblog_datestamp' => array ( 'title' => LAN_DATESTAMP, 'type' => 'datestamp', 'data' => 'int', 'width' => '12%', 'filter' => true, 'help' => '', 'readParms' => '', 'writeParms' => '', 'class' => 'left', 'thclass' => 'left', ), + 'dblog_datestamp' => array ( 'title' => LAN_DATESTAMP, 'type' => 'datestamp', 'data' => 'int', 'width' => '12%', 'filter' => true, 'help' => '', 'readParms' => array('mask'=>'dd MM yyyy hh:ii:ss'), 'writeParms' => '', 'class' => 'left', 'thclass' => 'left', ), // 'dblog_microtime' => array ( 'title' => 'Microtime', 'type' => 'method', 'data' => 'int', 'width' => 'auto', 'help' => '', 'readParms' => '', 'writeParms' => '', 'class' => 'center', 'thclass' => 'center', ), 'dblog_type' => array ( 'title' => RL_LAN_032, 'type' => 'method', 'data' => 'int', 'width' => '5%', 'filter' => true, 'help' => '', 'readParms' => '', 'writeParms' => '', 'class' => 'center', 'thclass' => 'center', ), 'dblog_ip' => array ( 'title' => LAN_IP, 'type' => 'ip', 'data' => 'str', 'width' => 'auto', 'help' => '', 'readParms' => '', 'writeParms' => '', 'class' => 'left', 'thclass' => 'left', ), diff --git a/e107_handlers/admin_log_class.php b/e107_handlers/admin_log_class.php index 6dc8a3693..23829acc8 100644 --- a/e107_handlers/admin_log_class.php +++ b/e107_handlers/admin_log_class.php @@ -143,6 +143,7 @@ class e_admin_log * @param integer $event_type [optional] Log level eg. E_LOG_INFORMATIVE, E_LOG_NOTICE, E_LOG_WARNING, E_LOG_FATAL * @param string $event_code [optional] - eg. 'BOUNCE' * @param integer $target [optional] LOG_TO_ADMIN, LOG_TO_AUDIT, LOG_TO_ROLLING + * @param array $user - user to attribute the log to. array('user_id'=>2, 'user_name'=>'whoever'); * @return e_admin_log * * Alternative admin log entry point - compatible with legacy calls, and a bit simpler to use than the generic entry point. @@ -157,7 +158,7 @@ class e_admin_log * */ - public function add($event_title, $event_detail, $event_type = E_LOG_INFORMATIVE , $event_code = '', $target = LOG_TO_ADMIN ) + public function add($event_title, $event_detail, $event_type = E_LOG_INFORMATIVE , $event_code = '', $target = LOG_TO_ADMIN, $userData=null ) { if ($event_code == '') { @@ -203,7 +204,7 @@ class e_admin_log } - $this->e_log_event($event_type, -1, $event_code, $event_title, $event_detail, FALSE, $target); + $this->e_log_event($event_type, -1, $event_code, $event_title, $event_detail, FALSE, $target, $userData); return $this; } @@ -231,12 +232,13 @@ class e_admin_log * LOG_TO_ADMIN - admin log * LOG_TO_AUDIT - audit log * LOG_TO_ROLLING - rolling log - * + * @param array $userData - attribute user to log entry. array('user_id'=>2, 'user_name'=>'whatever'); * @return none * @todo - check microtime() call + * @deprecated - use add() method instead. */ - public function e_log_event($importance, $source_call, $eventcode = "GEN", $event_title = "Untitled", $explain = "", $finished = FALSE, $target_logs = LOG_TO_AUDIT ) + public function e_log_event($importance, $source_call, $eventcode = "GEN", $event_title = "Untitled", $explain = "", $finished = FALSE, $target_logs = LOG_TO_AUDIT, $userData=null ) { $e107 = e107::getInstance(); $pref = e107::getPref(); @@ -256,10 +258,26 @@ class e_admin_log //--------------------------------------- // Calculations common to all logs //--------------------------------------- + $userid = deftrue('USER') ? USERID : 0; $userstring = deftrue('USER') ? USERNAME : 'LAN_ANONYMOUS'; $userIP = e107::getIPHandler()->getIP(FALSE); + if(!empty($userData['user_id'])) + { + $userid = $userData['user_id']; + } + + if(!empty($userData['user_name'])) + { + $userstring = $userData['user_name']; + } + + if(!empty($userData['user_ip'])) + { + $userIP = $userData['user_ip']; + } + $importance = $tp->toDB($importance, true, false, 'no_html'); $eventcode = $tp->toDB($eventcode, true, false, 'no_html'); diff --git a/e107_handlers/user_handler.php b/e107_handlers/user_handler.php index 58f86e08a..98aca3f0a 100644 --- a/e107_handlers/user_handler.php +++ b/e107_handlers/user_handler.php @@ -947,7 +947,13 @@ class e_user_provider } } } - + + private function log($class,$method,$line) + { + // e107::getLog()->add('XUP Debug', ($class.':'.$method.'-'.$line), E_LOG_INFORMATIVE, "XUP_DEBUG"); + } + + public function setBackUrl($url) { # system/xup/endpoint by default @@ -956,6 +962,7 @@ class e_user_provider public function getProvider() { + // $this->log(__CLASS__, __METHOD__, __LINE__); return $this->_provider; } @@ -975,6 +982,7 @@ class e_user_provider public function userId() { + if($this->adapter && $this->adapter->getUserProfile()->identifier) { return $this->getProvider().'_'.$this->adapter->getUserProfile()->identifier; @@ -1009,7 +1017,8 @@ class e_user_provider $redirectUrl = e107::getUrl()->create($redirectUrl); } } - + + if(e107::getUser()->isUser()) { if($redirectUrl) @@ -1022,14 +1031,17 @@ class e_user_provider $this->adapter = $this->hybridauth->authenticate($this->getProvider()); $profile = $this->adapter->getUserProfile(); - + + $this->log(__CLASS__, __METHOD__, __LINE__); // returned back, if success... if($profile->identifier) { + $sql = e107::getDb(); $userMethods = e107::getUserSession(); $plainPwd = $userMethods->generateRandomString('************'); // auto plain passwords + // TODO - auto login name, shouldn't be used if system set to user_email login... $userdata['user_loginname'] = $this->getProvider().$userMethods->generateUserLogin(e107::getPref('predefinedLoginName', '_..#..#..#')); @@ -1064,11 +1076,14 @@ class e_user_provider // user_name, user_xup, user_email and user_loginname shouldn't match $insert = (!empty($userdata['user_email'])) ? "OR user_email='".$userdata['user_email']."' " : ""; + + $this->log(__CLASS__, __METHOD__, __LINE__); - if($sql->count("user", "(*)", "user_xup='".$sql->escape($this->userId())."' ".$insert." OR user_loginname='{$userdata['user_loginname']}' OR user_name='{$userdata['user_name']}'")) + if($uid = $sql->retrieve("user", "user_id", "user_xup='".$sql->escape($this->userId())."' ".$insert." OR user_loginname='{$userdata['user_loginname']}' OR user_name='{$userdata['user_name']}'")) { // $this->login($redirectUrl); // auto-login e107::getUser()->loginProvider($this->userId()); + if($redirectUrl) { e107::getRedirect()->redirect($redirectUrl); @@ -1080,7 +1095,8 @@ class e_user_provider if(empty($userdata['user_email']) && e107::getPref('disable_emailcheck', 0)==0) // Allow it if set-up that way. { - throw new Exception( "Signup failed! Can't access user email - registration without an email is impossible.".print_a($userdata,true), 4); // TODO lan + // Twitter will not provide email addresses. + // throw new Exception( "Signup failed! Can't access user email - registration without an email is impossible.".print_a($userdata,true), 4); // TODO lan } // other fields @@ -1108,9 +1124,11 @@ class e_user_provider // user model error if($user->hasError()) { + e107::getLog()->add('XUP Signup Failure', $userdata, E_LOG_WARNING, "XUP_SIGNUP"); throw new Exception($user->renderMessages(), 5); } + ### Successful signup! //$user->set('provider', $this->getProvider()); $userdata = $user->getData(); @@ -1125,7 +1143,7 @@ class e_user_provider if(true === $ret) return $this; // send email - if($emailAfterSuccess) + if($emailAfterSuccess && !empty($userdata['user_email'])) { $user->set('user_password', $plainPwd)->email('signup'); } @@ -1146,6 +1164,8 @@ class e_user_provider return true; } + $this->log(__CLASS__, __METHOD__, __LINE__); + return false; } @@ -1153,6 +1173,7 @@ class e_user_provider public function login($redirectUrl = true) { + if(!e107::getPref('social_login_active', false)) { throw new Exception( "Signup failed! This feature is disabled.", 100); // TODO lan @@ -1174,7 +1195,8 @@ class e_user_provider $redirectUrl = e107::getUrl()->create($redirectUrl); } } - + + if(e107::getUser()->isUser()) { if($redirectUrl) @@ -1186,7 +1208,8 @@ class e_user_provider $this->adapter = $this->hybridauth->authenticate($this->getProvider()); $check = e107::getUser()->setProvider($this)->loginProvider($this->userId(), false); - + + if($redirectUrl) { e107::getRedirect()->redirect($redirectUrl); diff --git a/e107_handlers/user_model.php b/e107_handlers/user_model.php index 2d9bd8035..b9d627520 100644 --- a/e107_handlers/user_model.php +++ b/e107_handlers/user_model.php @@ -1557,7 +1557,9 @@ class e_user extends e_user_model $userlogin = new userlogin(); $userlogin->login($xup, '', 'provider', false, true); - $userdata = $userlogin->getUserData(); + $userdata = $userlogin->getUserData(); + + e107::getLog()->add('XUP Debug', (__CLASS__.':'.__METHOD__.'-'.__LINE__), E_LOG_INFORMATIVE, "XUP_DEBUG"); $this->setSessionData(true)->setData($userdata); @@ -1681,21 +1683,45 @@ class e_user extends e_user_model // query DB $sql = e107::getDb(); $where = array(); + $userdata = array(); + foreach ($connected as $providerId) { $adapter = Hybrid_Auth::getAdapter($providerId); if(!$adapter->getUserProfile()->identifier) continue; - - $id = $providerId.'_'.$adapter->getUserProfile()->identifier; + + $profile = $adapter->getUserProfile(); + + $userdata['user_name'] = $sql->escape($profile->displayName); + $userdata['user_image'] = $profile->photoURL; // avatar + + $id = $providerId.'_'.$profile->identifier; $where[] = "user_xup='".$sql->escape($id)."'"; } + + $where = implode(' OR ', $where); - if($sql->db_Select('user', 'user_id, user_password, user_xup', $where)) + if($sql->select('user', 'user_id, user_password, user_xup', $where)) { - $user = $sql->db_Fetch(); + + $user = $sql->fetch(); e107::getUserSession()->makeUserCookie($user); $this->setSessionData(); + + // Update display name or avatar image if they have changed. + if(($userdata['user_name'] != $user['user_name']) || ($userdata['user_image'] != $user['user_image'])) + { + + if($sql->update('user', "user_name='".$userdata['user_name']."', user_image='".$userdata['user_image']."' WHERE user_id=".$user['user_id']." LIMIT 1")!==false) + { + e107::getLog()->add('User Profile Updated', $userdata, E_LOG_INFORMATIVE, "XUP_LOGIN", LOG_TO_ADMIN, array('user_id'=>$user['user_id'],'user_name'=>$user['user_name'])); + } + else + { + e107::getLog()->add('User Profile Update Failed', $userdata, E_LOG_WARNING, "XUP_LOGIN", LOG_TO_ADMIN, array('user_id'=>$user['user_id'],'user_name'=>$user['user_name'])); + } + } } return $this; From 1202c72390103cd1061cfb50dbc5ed78ea9e0d67 Mon Sep 17 00:00:00 2001 From: Cameron Date: Wed, 16 Mar 2016 13:53:57 -0700 Subject: [PATCH 5/7] Issue #1378 Fix for XUP avatar check. User audit log for login and logout now functioning correctly. Admin log no longer adds a log when deleting a log! --- class2.php | 6 +- e107_admin/admin_log.php | 7 ++- e107_handlers/admin_log_class.php | 60 +++++++++++++++---- e107_handlers/login.php | 7 ++- e107_handlers/model_class.php | 22 ++++--- e107_handlers/user_handler.php | 2 +- e107_handlers/user_model.php | 6 +- .../English/admin/lan_admin_log.php | 1 + 8 files changed, 81 insertions(+), 30 deletions(-) diff --git a/class2.php b/class2.php index 32a2605aa..68b236839 100644 --- a/class2.php +++ b/class2.php @@ -1064,9 +1064,9 @@ if (($_SERVER['QUERY_STRING'] == 'logout')/* || (($pref['user_tracking'] == 'ses { if (USER) { - if (check_class(varset($pref['user_audit_class'],''))) - { // Need to note in user audit trail - $admin_log->user_audit(USER_AUDIT_LOGOUT, ''); + if (check_class(varset($pref['user_audit_class'],''))) // Need to note in user audit trail + { + e107::getLog()->user_audit(USER_AUDIT_LOGOUT, '', USERID, USERNAME); } } diff --git a/e107_admin/admin_log.php b/e107_admin/admin_log.php index b90a63753..d0a43dcd7 100644 --- a/e107_admin/admin_log.php +++ b/e107_admin/admin_log.php @@ -445,7 +445,8 @@ class admin_log_form_ui extends e_admin_form_ui // define('USER_AUDIT_TEMP_ACCOUNT', 24); // User temporary account - $audit_checkboxes = array(USER_AUDIT_SIGNUP => RL_LAN_071, USER_AUDIT_EMAILACK => RL_LAN_072, USER_AUDIT_LOGIN => RL_LAN_073, // USER_AUDIT_LOGOUT => RL_LAN_074, // Logout is lumped in with login + $audit_checkboxes = array(USER_AUDIT_SIGNUP => RL_LAN_071, USER_AUDIT_EMAILACK => RL_LAN_072, + USER_AUDIT_LOGIN => LAN_AUDIT_LOG_013, USER_AUDIT_LOGOUT => LAN_AUDIT_LOG_014, // Logout is lumped in with login USER_AUDIT_NEW_DN => RL_LAN_075, USER_AUDIT_NEW_PW => RL_LAN_076, USER_AUDIT_PW_RES => RL_LAN_078, USER_AUDIT_NEW_EML => RL_LAN_077, USER_AUDIT_NEW_SET => RL_LAN_079, USER_AUDIT_ADD_ADMIN => RL_LAN_080, USER_AUDIT_MAIL_BOUNCE => RL_LAN_081, USER_AUDIT_BANNED => RL_LAN_082, USER_AUDIT_BOUNCE_RESET => RL_LAN_083, USER_AUDIT_TEMP_ACCOUNT => RL_LAN_084); @@ -713,7 +714,7 @@ class audit_log_ui extends e_admin_ui protected $fields = array ( 'checkboxes' => array ( 'title' => '', 'type' => null, 'data' => null, 'width' => '5%', 'thclass' => 'center', 'forced' => '1', 'class' => 'center', 'toggle' => 'e-multiselect', ), 'dblog_id' => array ( 'title' => LAN_ID, 'data' => 'int', 'width' => '5%', 'help' => '', 'readParms' => '', 'writeParms' => '', 'class' => 'left', 'thclass' => 'left', ), - 'dblog_datestamp' => array ( 'title' => LAN_DATESTAMP, 'type' => 'datestamp', 'data' => 'int', 'width' => 'auto', 'filter' => true, 'help' => '', 'readParms' => '', 'writeParms' => '', 'class' => 'left', 'thclass' => 'left', ), + 'dblog_datestamp' => array ( 'title' => LAN_DATESTAMP, 'type' => 'datestamp', 'data' => 'int', 'width' => 'auto', 'filter' => true, 'help' => '', 'readParms' => array('mask'=>'dd MM yyyy hh:ii:ss'), 'writeParms' => '', 'class' => 'left', 'thclass' => 'left', ), 'dblog_microtime' => array ( 'title' => 'Microtime', 'type' => 'text', 'data' => 'int', 'width' => 'auto', 'help' => '', 'readParms' => '', 'writeParms' => '', 'class' => 'center', 'thclass' => 'center', ), 'dblog_eventcode' => array ( 'title' => 'Eventcode', 'type' => 'method', 'data' => 'str', 'width' => 'auto', 'filter' => true, 'help' => '', 'readParms' => '', 'writeParms' => '', 'class' => 'center', 'thclass' => 'center', ), 'dblog_user_id' => array ( 'title' => LAN_USER, 'type' => 'user', 'data' => 'int', 'width' => '5%', 'help' => '', 'readParms' => '', 'writeParms' => '', 'class' => 'left', 'thclass' => 'left', ), @@ -766,7 +767,7 @@ class dblog_ui extends e_admin_ui protected $fields = array ( 'checkboxes' => array ( 'title' => '', 'type' => null, 'data' => null, 'width' => '5%', 'thclass' => 'center', 'forced' => '1', 'class' => 'center', 'toggle' => 'e-multiselect', ), // 'dblog_id' => array ( 'title' => LAN_ID, 'data' => 'int', 'width' => '5%', 'help' => '', 'readParms' => '', 'writeParms' => '', 'class' => 'left', 'thclass' => 'left', ), - 'dblog_datestamp' => array ( 'title' => LAN_DATESTAMP, 'type' => 'datestamp', 'data' => 'int', 'width' => 'auto', 'filter' => true, 'help' => '', 'readParms' => '', 'writeParms' => '', 'class' => 'left', 'thclass' => 'left', ), + 'dblog_datestamp' => array ( 'title' => LAN_DATESTAMP, 'type' => 'datestamp', 'data' => 'int', 'width' => 'auto', 'filter' => true, 'help' => '', 'readParms' => array('mask'=>'dd MM yyyy hh:ii:ss'), 'writeParms' => '', 'class' => 'left', 'thclass' => 'left', ), 'dblog_microtime' => array ( 'title' => 'Microtime', 'type' => 'method', 'data' => 'int', 'width' => 'auto', 'help' => '', 'readParms' => '', 'writeParms' => '', 'class' => 'center', 'thclass' => 'center', ), 'dblog_type' => array ( 'title' => LAN_TYPE, 'type' => 'method', 'data' => 'int', 'width' => 'auto', 'batch' => true, 'filter' => true, 'help' => '', 'readParms' => '', 'writeParms' => '', 'class' => 'left', 'thclass' => 'left', ), 'dblog_eventcode' => array ( 'title' => 'Eventcode', 'type' => 'method', 'data' => 'str', 'width' => 'auto', 'filter' => true, 'help' => '', 'readParms' => '', 'writeParms' => '', 'class' => 'center', 'thclass' => 'center', ), diff --git a/e107_handlers/admin_log_class.php b/e107_handlers/admin_log_class.php index 23829acc8..a7b38b0db 100644 --- a/e107_handlers/admin_log_class.php +++ b/e107_handlers/admin_log_class.php @@ -408,35 +408,71 @@ class e_admin_log */ function user_audit($event_type, $event_data, $id = '', $u_name = '') { - global $e107,$tp; list($time_usec, $time_sec) = explode(" ", microtime()); // Log event time immediately to minimise uncertainty + $time_usec = $time_usec * 1000000; // See whether we should log this $user_logging_opts = e107::getConfig()->get('user_audit_opts'); - if (!isset($user_logging_opts[$event_type])) - return; // Finished if not set to log this event type + if (!isset($user_logging_opts[$event_type])) // Finished if not set to log this event type + { + return; + } - if ($this->rldb == NULL) - $this->rldb = new db; // Better use our own db - don't know what else is going on + if($this->rldb == null) + { + $this->rldb = e107::getDb('rldb'); // Better use our own db - don't know what else is going on + } + + if(!empty($id)) + { + $userid = $id; + } + else + { + $userid = (USER === true) ? USERID : 0; + } + + if(!empty($u_name)) + { + $userstring = $u_name; + } + else + { + $userstring = (USER === true ? USERNAME : "LAN_ANONYMOUS"); + } + + $userIP = e107::getIPHandler()->getIP(false); - if ($id) $userid = $id; - else $userid = (USER === TRUE) ? USERID : 0; - if ($u_name) $userstring = $u_name; - else $userstring = (USER === true ? USERNAME : "LAN_ANONYMOUS"); - $userIP = e107::getIPHandler()->getIP(FALSE); $eventcode = 'USER_'.$event_type; $title = 'LAN_AUDIT_LOG_0'.$event_type; // This creates a string which will be displayed as a constant - $spacer = ''; + /* $spacer = ''; $detail = ''; + foreach ($event_data as $k=>$v) { $detail .= $spacer.$k.'=>'.$v; $spacer = '
'; } - $this->rldb->db_Insert("audit_log", "0, ".intval($time_sec).', '.intval($time_usec).", '{$eventcode}', {$userid}, '{$userstring}', '{$userIP}', '{$title}', '{$detail}' "); + */ + + $insertQry = array( + 'dblog_id' => 0, + 'dblog_datestamp' => intval($time_sec), + 'dblog_microtime' => intval($time_usec), + 'dblog_eventcode' => $eventcode, + 'dblog_user_id' => $userid, + 'dblog_user_name' => $userstring, + 'dblog_ip' => $userIP, + 'dblog_title' => $title, + 'dblog_remarks' => print_r($event_data,true), + ); + + $this->rldb->insert("audit_log", $insertQry); + + // $this->rldb->insert("audit_log", "0, ".intval($time_sec).', '.intval($time_usec).", '{$eventcode}', {$userid}, '{$userstring}', '{$userIP}', '{$title}', '{$detail}' "); } diff --git a/e107_handlers/login.php b/e107_handlers/login.php index 28f230f6c..5350a4892 100644 --- a/e107_handlers/login.php +++ b/e107_handlers/login.php @@ -251,10 +251,11 @@ class userlogin // Problem is that USERCLASS_LIST just contains 'guest' and 'everyone' at this point $class_list = $this->userMethods->addCommonClasses($this->userData, TRUE); - $user_logging_opts = e107::getConfig()->get('user_audit_opts'); - if (isset($user_logging_opts[USER_AUDIT_LOGIN]) && in_array(varset($pref['user_audit_class'],''),$class_list)) + // $user_logging_opts = e107::getConfig()->get('user_audit_opts'); + + if (in_array(varset($pref['user_audit_class'],''), $class_list)) { // Need to note in user audit trail - $this->e107->admin_log->user_audit(USER_AUDIT_LOGIN,'', $user_id,$user_name); + e107::getLog()->user_audit(USER_AUDIT_LOGIN,'', $user_id, $user_name); } $edata_li = array('user_id' => $user_id, 'user_name' => $user_name, 'class_list' => implode(',',$class_list), 'remember_me' => $autologin, 'user_admin'=>$user_admin, 'user_email'=> $user_email); diff --git a/e107_handlers/model_class.php b/e107_handlers/model_class.php index 4d9bba3ec..0aa09acac 100644 --- a/e107_handlers/model_class.php +++ b/e107_handlers/model_class.php @@ -3001,7 +3001,8 @@ class e_admin_model extends e_front_model if(is_numeric($id)) $id = intval($id); else $id = "'".e107::getParser()->toDB($id)."'"; $table = $this->getModelTable(); - $res = $sql->db_Delete($table, $this->getFieldIdName().'='.$id); + $where = $this->getFieldIdName().'='.$id; + $res = $sql->delete($table, $where); $this->_db_qry = $sql->getLastQuery(); if(!$res) @@ -3017,8 +3018,13 @@ class e_admin_model extends e_front_model } else { - e107::getAdminLog()->addSuccess($table,false); - e107::getAdminLog()->addArray($sqlQry)->save('ADMINUI_03'); + if($table != 'admin_log') + { + $logData = array('TABLE'=>$table, 'WHERE'=>$where); + e107::getAdminLog()->addSuccess($table,false); + e107::getAdminLog()->addArray($logData)->save('ADMINUI_03'); + } + $this->clearCache(); } return $res; @@ -3595,7 +3601,7 @@ class e_admin_tree_model extends e_front_tree_model $table = $this->getModelTable(); $sqlQry = $this->getFieldIdName().' IN (\''.$idstr.'\')'; - $res = $sql->db_Delete($table, $sqlQry); + $res = $sql->delete($table, $sqlQry); $this->_db_errno = $sql->getLastErrorNumber(); $this->_db_errmsg = $sql->getLastErrorText(); @@ -3627,9 +3633,11 @@ class e_admin_tree_model extends e_front_tree_model } } - $logData = array('TABLE'=>$table, 'WHERE'=>$sqlQry); - e107::getAdminLog()->addArray($logData)->save('ADMINUI_03'); - + if($table != 'admin_log') + { + $logData = array('TABLE'=>$table, 'WHERE'=>$sqlQry); + e107::getAdminLog()->addArray($logData)->save('ADMINUI_03'); + } return $res; } diff --git a/e107_handlers/user_handler.php b/e107_handlers/user_handler.php index 98aca3f0a..7bf50ee4e 100644 --- a/e107_handlers/user_handler.php +++ b/e107_handlers/user_handler.php @@ -878,7 +878,7 @@ Following fields auto-filled in code as required: { // Valid user! if ($row['user_ban'] != $newVal) // We could implement a hierarchy here, so that an important status isn't overridden by a lesser one { // Only update if needed - $db->db_Update('user', '`user_ban` = '.$newVal.', `user_email` = \'\' WHERE `user_id` = '.$row['user_id'].' LIMIT 1'); + $db->update('user', '`user_ban` = '.$newVal.', `user_email` = \'\' WHERE `user_id` = '.$row['user_id'].' LIMIT 1'); // Add to user audit log TODO: Should we log to admin log as well? $adminLog = e107::getAdminLog(); $adminLog->user_audit($logEvent, array('user_ban' => $newVal, 'user_email' => $row['user_email']), $row['user_id'], $row['user_loginname']); diff --git a/e107_handlers/user_model.php b/e107_handlers/user_model.php index b9d627520..392502a48 100644 --- a/e107_handlers/user_model.php +++ b/e107_handlers/user_model.php @@ -1702,7 +1702,7 @@ class e_user extends e_user_model $where = implode(' OR ', $where); - if($sql->select('user', 'user_id, user_password, user_xup', $where)) + if($sql->select('user', 'user_id, user_name, user_image, user_password, user_xup', $where)) { $user = $sql->fetch(); @@ -1722,6 +1722,10 @@ class e_user extends e_user_model e107::getLog()->add('User Profile Update Failed', $userdata, E_LOG_WARNING, "XUP_LOGIN", LOG_TO_ADMIN, array('user_id'=>$user['user_id'],'user_name'=>$user['user_name'])); } } + + unset($user['user_password']); + e107::getLog()->user_audit(USER_AUDIT_LOGIN,'', $user['user_id'], $user['user_name']); + // e107::getLog()->add('XUP Login', $user, E_LOG_INFORMATIVE, "LOGIN", LOG_TO_ROLLING, array('user_id'=>$user['user_id'],'user_name'=>$user['user_name'])); } return $this; diff --git a/e107_languages/English/admin/lan_admin_log.php b/e107_languages/English/admin/lan_admin_log.php index 09ce6e318..4d88c6a95 100644 --- a/e107_languages/English/admin/lan_admin_log.php +++ b/e107_languages/English/admin/lan_admin_log.php @@ -71,6 +71,7 @@ define("RL_LAN_069", "Download Name"); define("RL_LAN_071", "User registration (ignores class setting above)"); define("RL_LAN_072", "Signup email acknowledgement (ignores class setting above)"); define("RL_LAN_073", "Login/Logout"); + define("RL_LAN_075", "Change display name"); define("RL_LAN_076", "Change password"); define("RL_LAN_077", "Change email address"); From 7846015f85711fc27a26f93e4982aacd106584fd Mon Sep 17 00:00:00 2001 From: Cameron Date: Wed, 16 Mar 2016 19:54:10 -0700 Subject: [PATCH 6/7] SubmitNews code cleanup. Admin can now set minimum dimensions for attached images. --- e107_admin/header.php | 28 +- e107_admin/newspost.php | 41 ++- e107_handlers/upload_handler.php | 5 + submitnews.php | 493 +++++++++++++++++++------------ 4 files changed, 354 insertions(+), 213 deletions(-) diff --git a/e107_admin/header.php b/e107_admin/header.php index 317f2810c..f3cdc6b03 100644 --- a/e107_admin/header.php +++ b/e107_admin/header.php @@ -508,17 +508,23 @@ echo getAlert(); return ' -