mirror of
https://github.com/e107inc/e107.git
synced 2025-08-01 20:30:39 +02:00
System logging core upgrade - admin section, viewer, user audit functions
This commit is contained in:
15
class2.php
15
class2.php
@@ -11,8 +11,8 @@
|
||||
| GNU General Public License (http://gnu.org).
|
||||
|
|
||||
| $Source: /cvs_backup/e107_0.8/class2.php,v $
|
||||
| $Revision: 1.33 $
|
||||
| $Date: 2007-12-15 09:55:37 $
|
||||
| $Revision: 1.34 $
|
||||
| $Date: 2007-12-15 15:06:40 $
|
||||
| $Author: e107steved $
|
||||
+----------------------------------------------------------------------------+
|
||||
*/
|
||||
@@ -706,7 +706,16 @@ if (isset($_POST['userlogin']) || isset($_POST['userlogin_x'])) {
|
||||
$usr = new userlogin($_POST['username'], $_POST['userpass'], $_POST['autologin']);
|
||||
}
|
||||
|
||||
if (e_QUERY == 'logout') {
|
||||
if (e_QUERY == 'logout')
|
||||
{
|
||||
if (USER)
|
||||
{
|
||||
if (check_class(varset($pref['user_audit_class'],'')))
|
||||
{ // Need to note in user audit trail
|
||||
$admin_log->user_audit(USER_AUDIT_LOGOUT,'');
|
||||
}
|
||||
}
|
||||
|
||||
$ip = $e107->getip();
|
||||
$udata=(USER === TRUE) ? USERID.".".USERNAME : "0";
|
||||
$sql->db_Update("online", "online_user_id = '0', online_pagecount=online_pagecount+1 WHERE online_user_id = '{$udata}' LIMIT 1");
|
||||
|
@@ -11,9 +11,9 @@
|
||||
| GNU General Public License (http://gnu.org).
|
||||
|
|
||||
| $Source: /cvs_backup/e107_0.8/e107_admin/ad_links.php,v $
|
||||
| $Revision: 1.2 $
|
||||
| $Date: 2006-12-07 15:41:49 $
|
||||
| $Author: sweetas $
|
||||
| $Revision: 1.3 $
|
||||
| $Date: 2007-12-15 15:06:40 $
|
||||
| $Author: e107steved $
|
||||
+----------------------------------------------------------------------------+
|
||||
*/
|
||||
|
||||
@@ -386,6 +386,7 @@ $e_icon_array = array(
|
||||
'poll' => E_32_POLLS,
|
||||
'prefs' => E_32_PREFS,
|
||||
'search' => E_32_SEARCH,
|
||||
'syslogs' => E_32_ADMINLOG,
|
||||
'theme_manage' => E_32_THEMEMANAGER,
|
||||
'maintain' => E_32_MAINTAIN,
|
||||
'upload' => E_32_UPLOADS,
|
||||
@@ -426,6 +427,11 @@ attribute 2 = title
|
||||
attribute 3 = description
|
||||
attribute 4 = perms
|
||||
attribute 5 = category
|
||||
1 - settings
|
||||
2 - users
|
||||
3 - content
|
||||
4 - tools
|
||||
5 - plugins
|
||||
attribute 6 = 16 x 16 image
|
||||
attribute 7 = 32 x 32 image
|
||||
*/
|
||||
@@ -452,14 +458,15 @@ $array_functions = array(
|
||||
18 => array(e_ADMIN."phpinfo.php", ADLAN_68, ADLAN_69, "0", 4, E_16_PHP, E_32_PHP),
|
||||
19 => array(e_ADMIN."prefs.php", ADLAN_4, ADLAN_5, "1", 1, E_16_PREFS, E_32_PREFS),
|
||||
20 => array(e_ADMIN."search.php", ADLAN_142, ADLAN_143, "X", 1, E_16_SEARCH, E_32_SEARCH),
|
||||
21 => array(e_ADMIN."theme.php", ADLAN_140, ADLAN_141, "1", 4, E_16_THEMEMANAGER, E_32_THEMEMANAGER),
|
||||
22 => array(e_ADMIN."upload.php", ADLAN_72, ADLAN_73, "V", 3, E_16_UPLOADS, E_32_UPLOADS),
|
||||
23 => array(e_ADMIN."users.php", ADLAN_36, ADLAN_37, "4", 2, E_16_USER, E_32_USER),
|
||||
24 => array(e_ADMIN."userclass2.php", ADLAN_38, ADLAN_39, "4", 2, E_16_USERCLASS, E_32_USERCLASS),
|
||||
25 => array(e_ADMIN."language.php", ADLAN_132, ADLAN_133, "0", 1, E_16_LANGUAGE, E_32_LANGUAGE),
|
||||
26 => array(e_ADMIN."mailout.php", ADLAN_136, ADLAN_137, "W", 2, E_16_MAIL, E_32_MAIL),
|
||||
27 => array(e_ADMIN."users_extended.php", ADLAN_78, ADLAN_79, "4", 2, E_16_USER_EXTENDED, E_32_USER_EXTENDED),
|
||||
28 => array(e_ADMIN."fileinspector.php", ADLAN_147, ADLAN_148, "Y", 4, E_16_INSPECT, E_32_INSPECT),
|
||||
29 => array(e_ADMIN."notify.php", ADLAN_149, ADLAN_150, "O", 4, E_16_NOTIFY, E_32_NOTIFY)
|
||||
21 => array(e_ADMIN."admin_log.php", ADLAN_155, ADLAN_156, "S", 4, E_16_ADMINLOG, E_32_ADMINLOG),
|
||||
22 => array(e_ADMIN."theme.php", ADLAN_140, ADLAN_141, "1", 4, E_16_THEMEMANAGER, E_32_THEMEMANAGER),
|
||||
23 => array(e_ADMIN."upload.php", ADLAN_72, ADLAN_73, "V", 3, E_16_UPLOADS, E_32_UPLOADS),
|
||||
24 => array(e_ADMIN."users.php", ADLAN_36, ADLAN_37, "4", 2, E_16_USER, E_32_USER),
|
||||
25 => array(e_ADMIN."userclass2.php", ADLAN_38, ADLAN_39, "4", 2, E_16_USERCLASS, E_32_USERCLASS),
|
||||
26 => array(e_ADMIN."language.php", ADLAN_132, ADLAN_133, "0", 1, E_16_LANGUAGE, E_32_LANGUAGE),
|
||||
27 => array(e_ADMIN."mailout.php", ADLAN_136, ADLAN_137, "W", 2, E_16_MAIL, E_32_MAIL),
|
||||
28 => array(e_ADMIN."users_extended.php", ADLAN_78, ADLAN_79, "4", 2, E_16_USER_EXTENDED, E_32_USER_EXTENDED),
|
||||
29 => array(e_ADMIN."fileinspector.php", ADLAN_147, ADLAN_148, "Y", 4, E_16_INSPECT, E_32_INSPECT),
|
||||
30 => array(e_ADMIN."notify.php", ADLAN_149, ADLAN_150, "O", 4, E_16_NOTIFY, E_32_NOTIFY)
|
||||
);
|
||||
?>
|
||||
|
@@ -11,105 +11,706 @@
|
||||
| GNU General Public License (http://gnu.org).
|
||||
|
|
||||
| $Source: /cvs_backup/e107_0.8/e107_admin/admin_log.php,v $
|
||||
| $Revision: 1.2 $
|
||||
| $Date: 2006-12-07 15:41:49 $
|
||||
| $Author: sweetas $
|
||||
| $Revision: 1.3 $
|
||||
| $Date: 2007-12-15 15:06:40 $
|
||||
| $Author: e107steved $
|
||||
|
|
||||
| Preferences:
|
||||
| 'sys_log_perpage' - number of events per page
|
||||
|
|
||||
| 'user_audit_opts' - which user-related events to log
|
||||
| 'user_audit_class' - user class whose actions can be logged
|
||||
|
|
||||
| 'roll_log_days' (default 7) - number of days for which entries retained in rolling log
|
||||
| 'roll_log_active' - set to '1' to enable
|
||||
|
|
||||
|
|
||||
Todo:
|
||||
1. Change userclass dropdown once inherited userclasses in place
|
||||
+----------------------------------------------------------------------------+
|
||||
*/
|
||||
require_once("../class2.php");
|
||||
if (!getperms('0'))
|
||||
if (!getperms("S"))
|
||||
{
|
||||
header('location:'.e_BASE.'index.php');
|
||||
exit;
|
||||
header("location:".e_BASE."index.php");
|
||||
}
|
||||
require_once("auth.php");
|
||||
$text = "";
|
||||
$amount = 30;
|
||||
$from = ($_GET['fm']) ? intval($_GET['fm']) : 0;
|
||||
|
||||
if(e_QUERY == 'purge')
|
||||
// Main language file should automatically be loaded
|
||||
|
||||
unset($qs);
|
||||
|
||||
require_once(e_ADMIN."auth.php");
|
||||
|
||||
|
||||
if (isset($_POST['setoptions']))
|
||||
{
|
||||
$sql->db_Delete('dblog');
|
||||
$pref['roll_log_active'] = intval($_POST['roll_log_active']);
|
||||
$pref['roll_log_days'] = intval($_POST['roll_log_days']);
|
||||
save_prefs();
|
||||
$message = RL_LAN_006 ; // "Options updated.";
|
||||
}
|
||||
|
||||
$total = $sql -> db_Select("dblog", "*", "ORDER BY `dblog_datestamp` DESC", "no_where");
|
||||
$query = "SELECT l.*, u.user_name FROM #dblog AS l LEFT JOIN #user AS u ON l.dblog_user_id = u.user_id ORDER BY l.dblog_datestamp DESC LIMIT $from,$amount";
|
||||
$sql -> db_Select_gen($query);
|
||||
|
||||
if(!is_object($gen)) {
|
||||
$gen = new convert;
|
||||
}
|
||||
$parms = $total.",".$amount.",".$from.",".e_SELF.'?fm=[FROM]';
|
||||
$text .= "<div style='text-align:center'><br />".$tp->parseTemplate("{NEXTPREV={$parms}}")."<br /><br /></div>";
|
||||
$text .= "<div id='admin_log'><table>\n";
|
||||
|
||||
$text .= "
|
||||
<tr>
|
||||
<td class='fcaption'> </td>
|
||||
<td class='fcaption' style='font-weight: bold;'>".LAN_ADMINLOG_1."</td>
|
||||
<td class='fcaption' style='font-weight: bold;'>".LAN_ADMINLOG_2."</td>
|
||||
<td class='fcaption' style='font-weight: bold;'>".LAN_ADMINLOG_3."</td>
|
||||
<td class='fcaption' style='font-weight: bold;'>".LAN_ADMINLOG_4."</td>
|
||||
<td class='fcaption' style='font-weight: bold;'>".LAN_ADMINLOG_5."</td>
|
||||
</tr>\n";
|
||||
|
||||
while ($row = $sql -> db_Fetch()) {
|
||||
$datestamp = $gen->convert_date($row['dblog_datestamp'], 'short');
|
||||
$image = get_log_img($row['dblog_type']);
|
||||
$text .= " <tr>\n";
|
||||
$text .= " <td style='width: 16px;'>{$image}</td>\n";
|
||||
$text .= " <td>{$datestamp}</td>\n";
|
||||
$text .= " <td>".$tp->toHtml($row['dblog_title'],FALSE,"defs")."</td>\n";
|
||||
$text .= " <td>".$tp->toHtml($row['dblog_remarks'],FALSE,"defs")."</td>\n";
|
||||
$text .= " <td>{$row['dblog_ip']}</td>\n";
|
||||
$text .= ($row['user_name']) ? " <td><a href='".e_BASE."user.php?id.{$row['dblog_user_id']}'>{$row['user_name']}</a></td>\n" : " <td>{$row['dblog_user_id']}</td>\n";
|
||||
$text .= " </tr>\n";
|
||||
if (isset($_POST['setcommonoptions']))
|
||||
{
|
||||
$pref['sys_log_perpage'] = intval($_POST['sys_log_perpage']);
|
||||
save_prefs();
|
||||
$message = RL_LAN_006 ; // "Options updated.";
|
||||
}
|
||||
|
||||
$text .= "</table></div>\n";
|
||||
|
||||
$text .= "<div style='text-align:center'><br />".$tp->parseTemplate("{NEXTPREV={$parms}}")."</div>";
|
||||
|
||||
$ns->tablerender(LAN_ADMINLOG_0, $text);
|
||||
require_once("footer.php");
|
||||
if (e_QUERY)
|
||||
{ // Must explode after calling auth.php
|
||||
$qs = explode(".", e_QUERY);
|
||||
}
|
||||
|
||||
function get_log_img($log_type) {
|
||||
global $imode;
|
||||
switch ($log_type) {
|
||||
case E_LOG_INFORMATIVE:
|
||||
return "<img src='".e_IMAGE_ABS."packs/".$imode."/admin_images/docs_16.png' alt='".LAN_ADMINLOG_6."' title='".LAN_ADMINLOG_7."' />";
|
||||
break;
|
||||
case E_LOG_NOTICE:
|
||||
return "<img src='".e_IMAGE_ABS."packs/".$imode."/admin_images/notice_16.png' alt='".LAN_ADMINLOG_8."' title='".LAN_ADMINLOG_9."' />";
|
||||
break;
|
||||
case E_LOG_WARNING:
|
||||
return "<img src='".e_IMAGE_ABS."packs/".$imode."/admin_images/blocked.png' alt='".LAN_ADMINLOG_10."' title='".LAN_ADMINLOG_11."' style='width:16p;height:16px' />";
|
||||
break;
|
||||
case E_LOG_FATAL:
|
||||
return "<img src='".e_IMAGE_ABS."packs/".$imode."/admin_images/nopreview.png' alt='".LAN_ADMINLOG_12."' title='".LAN_ADMINLOG_13."' />";
|
||||
break;
|
||||
case E_LOG_PLUGIN;
|
||||
return "<img src='".e_IMAGE_ABS."packs/".$imode."/admin_images/plugins_16.png' alt='".LAN_ADMINLOG_6."' title='".LAN_ADMINLOG_6."' />";
|
||||
break;
|
||||
$action = varset($qs[0],'adminlog');
|
||||
|
||||
include_lan(e_LANGUAGEDIR.e_LANGUAGE.'/admin/lan_log_messages.php');
|
||||
|
||||
// ****************** MAINTENANCE ******************
|
||||
if (isset($_POST['deleteoldadmin']) && isset($_POST['rolllog_clearadmin']))
|
||||
{
|
||||
$back_count = $_POST['rolllog_clearadmin'];
|
||||
if (($back_count >= 1) && ($back_count <= 90))
|
||||
{
|
||||
$temp_date = getdate();
|
||||
$old_date = intval(mktime(0,0,0,$temp_date['mon'],$temp_date['mday']-$back_count,$temp_date['year']));
|
||||
$old_string = strftime("%d %B %Y",$old_date);
|
||||
// $message = "Back delete ".$back_count." days. Oldest date = ".$old_string;
|
||||
$action = "confdel";
|
||||
$qs[1] = $old_date;
|
||||
$qs[2] = $back_count;
|
||||
}
|
||||
else
|
||||
$message = RL_LAN_050;
|
||||
}
|
||||
|
||||
if (!isset($admin_log)) $message .= " Admin Log not valid";
|
||||
|
||||
|
||||
// Actually delete back events
|
||||
if ($action == "backdel")
|
||||
{
|
||||
if (isset($_POST['confirmdeleteold']))
|
||||
{
|
||||
$old_date = intval($qs[1]);
|
||||
$old_string = strftime("%d %B %Y",$old_date);
|
||||
$qry = "dblog_datestamp < ".$old_date;
|
||||
// $message = "Back delete, oldest date = {$old_string} Query = {$qry}";
|
||||
if ($del_count = $sql -> db_Delete("dblog",$qry))
|
||||
{
|
||||
// Add in a log event
|
||||
$admin_log->log_event ("db_Delete - earlier than {$old_string} (past {$qs[2]} days)", $qry, 4);
|
||||
$message = RL_LAN_052.$old_string.RL_LAN_057.$del_count.RL_LAN_053;
|
||||
}
|
||||
return $log_type;
|
||||
else
|
||||
{
|
||||
$message = RL_LAN_054." : ".$sql->mySQLresult;
|
||||
}
|
||||
}
|
||||
|
||||
if (isset($_POST['confirmcancelold']))
|
||||
{
|
||||
$message = RL_LAN_056;
|
||||
}
|
||||
$action = "config";
|
||||
unset($qs[1]);
|
||||
unset($qs[2]);
|
||||
}
|
||||
|
||||
function headerjs() {
|
||||
?>
|
||||
<style type="text/css">
|
||||
#admin_log td {
|
||||
border: 1px solid #000000;
|
||||
margin: 0px;
|
||||
padding: 2px;
|
||||
}
|
||||
#admin_log table {
|
||||
width: 99%;
|
||||
/*border-spacing: 0px;
|
||||
border-collapse: collapse;*/
|
||||
}
|
||||
</style>
|
||||
<?php
|
||||
|
||||
// User audit prefs
|
||||
if (isset($_POST['setauditoptions']))
|
||||
{
|
||||
$message = RL_LAN_063;
|
||||
if (in_array((string)USER_AUDIT_LOGIN,$_POST['user_audit_opts']))
|
||||
{
|
||||
$_POST['user_audit_opts'][] = USER_AUDIT_LOGOUT;
|
||||
}
|
||||
$pref['user_audit_opts'] = implode(',',$_POST['user_audit_opts']);
|
||||
$pref['user_audit_class'] = intval($_POST['user_audit_class']);
|
||||
save_prefs();
|
||||
}
|
||||
|
||||
?>
|
||||
|
||||
if (varsettrue($message))
|
||||
{
|
||||
$ns->tablerender("", "<div style='text-align:center'><b>$message</b></div>");
|
||||
}
|
||||
|
||||
// Prompt to delete back events
|
||||
if($action == "confdel")
|
||||
{
|
||||
$old_string = strftime("%d %B %Y",$qs[1]);
|
||||
$text = "<div style='text-align:center'>
|
||||
<form method='post' action='".e_SELF."?backdel.{$qs[1]}.{$qs[2]}'>
|
||||
<table style='width:97%' class='fborder'>
|
||||
<tr>
|
||||
<td class='forumheader3' colspan='2' style='width:100%;vertical-align:top;rext-align:center;'><br /><strong>".RL_LAN_047.$old_string." </strong><br /><br /></td>
|
||||
</tr>
|
||||
<tr><td style='text-align:center' class='fcaption'><input class='button' type='submit' name='confirmdeleteold' value='".RL_LAN_049."' /></td>
|
||||
<td style='text-align:center' class='fcaption'><input class='button' type='submit' name='confirmcancelold' value='".RL_LAN_055."' /></td></tr>
|
||||
</table></form></div>";
|
||||
|
||||
$ns->tablerender("<div style='text-align:center'>".RL_LAN_051."</div>", $text);
|
||||
}
|
||||
|
||||
// Arrays of options for the various logs
|
||||
$log_db_table = array('adminlog' => 'dblog', 'auditlog' => 'audit_log', 'rolllog' => 'rl_history');
|
||||
$back_day_count = array('adminlog' => 30, 'auditlog' => 30, 'rolllog' => max(intval($pref['roll_log_days']),1));
|
||||
$page_title = array('adminlog' => RL_LAN_030, 'auditlog' => RL_LAN_062, 'rolllog' => RL_LAN_002);
|
||||
$col_count = array('adminlog' => 8, 'auditlog' => 8, 'rolllog' => 9);
|
||||
|
||||
|
||||
|
||||
// Set all the defaults for the data filter
|
||||
$start_enabled = FALSE;
|
||||
$end_enabled = FALSE;
|
||||
$start_time = 0;
|
||||
$end_time = 0;
|
||||
$user_filter = '';
|
||||
$event_filter = '';
|
||||
$pri_filter_cond = "xx";
|
||||
$pri_filter_val = "";
|
||||
$sort_field = "dblog_id";
|
||||
$sort_order = "DESC";
|
||||
|
||||
|
||||
// Maintain the log view filter across pages
|
||||
$rl_cookiename = $pref['cookie_name']."_rl_admin";
|
||||
if (isset($_POST['updatefilters']))
|
||||
{ // Need to put the filter values into the cookie
|
||||
$start_time = $_POST['starttimedate'] + $_POST['starttimehours']*3600 + $_POST['starttimemins']*60;
|
||||
$start_enabled = isset($_POST['start_enabled']);
|
||||
$end_time = $_POST['endtimedate'] + $_POST['endtimehours']*3600 + $_POST['endtimemins']*60;
|
||||
$end_enabled = isset($_POST['end_enabled']);
|
||||
$user_filter = $_POST['roll_user_filter'];
|
||||
$event_filter = $_POST['roll_event_filter'];
|
||||
$pri_filter_cond = $_POST['roll_pri_cond'];
|
||||
$pri_filter_val = $_POST['roll_pri_val'];
|
||||
$caller_filter = $_POST['roll_caller_filter'];
|
||||
$ipaddress_filter = $_POST['roll_ipaddress_filter'];
|
||||
$cookie_string = implode("|",array($start_time,$start_enabled,$end_time,$end_enabled,$user_filter,$event_filter,$pri_filter_cond,$pri_filter_val,$caller_filter,$ipaddress_filter));
|
||||
// echo $cookie_string."<br />";
|
||||
// Create session cookie to store values
|
||||
cookie($rl_cookiename,$cookie_string,0); // Use session cookie
|
||||
}
|
||||
else
|
||||
{
|
||||
// Now try and get the filters from the cookie
|
||||
if (isset($_COOKIE[$rl_cookiename]))
|
||||
list($start_time,$start_enabled,$end_time,$end_enabled,$user_filter,$event_filter,$pri_filter_cond,$pri_filter_val, $caller_filter,$ipaddress_filter) = explode("|",$_COOKIE[$rl_cookiename]);
|
||||
}
|
||||
|
||||
|
||||
|
||||
function time_box($boxname, $this_time, $day_count, $inc_tomorrow = FALSE)
|
||||
{ // Generates boxes for date and time for today and the preceding days
|
||||
// Appends 'date', 'hours', 'mins' to the specified boxname
|
||||
|
||||
$all_time = getdate(); // Date/time now
|
||||
$sel_time = getdate($this_time); // Currently selected date/time
|
||||
$sel_day = mktime(0,0,0,$sel_time['mon'],$sel_time['mday'],$sel_time['year']);
|
||||
$today = mktime(0,0,0,$all_time['mon'],$all_time['mday'] + ($inc_tomorrow ? 1 : 0),$all_time['year']);
|
||||
|
||||
// Start with day
|
||||
$ret = "<select name='{$boxname}date' class='tbox'>\n";
|
||||
// Stick an extra day on the end, plus tomorrow if the flag set
|
||||
for ($i = ($inc_tomorrow ? -2 : -1); $i <= $day_count; $i++)
|
||||
{
|
||||
$day_string = date("D d M",$today);
|
||||
$sel = ($today == $sel_day) ? " selected='selected'" : "";
|
||||
$ret.= "<option value='{$today}'{$sel}>{$day_string}</option>\n";
|
||||
$today -= 86400; // Move to previous day
|
||||
}
|
||||
$ret .= "</select>\n";
|
||||
|
||||
// Hours
|
||||
$ret .= " <select name='{$boxname}hours' class='tbox'>\n";
|
||||
for ($i = 0; $i < 24; $i++)
|
||||
{
|
||||
$sel = ($sel_time['hours'] == $i) ? " selected='selected'" : "";
|
||||
$ret.= "<option value='{$i}'{$sel}>{$i}</option>\n";
|
||||
}
|
||||
$ret .= "</select>\n";
|
||||
|
||||
// Minutes
|
||||
$ret .= " <select name='{$boxname}mins' class='tbox'>\n";
|
||||
for ($i = 0; $i < 60; $i+= 5)
|
||||
{
|
||||
$sel = ($sel_time['minutes'] == $i) ? " selected='selected'" : "";
|
||||
$ret.= "<option value='{$i}'{$sel}>{$i}</option>\n";
|
||||
}
|
||||
$ret .= "</select>\n";
|
||||
|
||||
return $ret;
|
||||
}
|
||||
|
||||
|
||||
if(!defined("USER_WIDTH")) { define("USER_WIDTH","width:97%"); }
|
||||
|
||||
//====================================================================
|
||||
// CONFIGURATION OPTIONS MENU
|
||||
//====================================================================
|
||||
|
||||
if($action == "config")
|
||||
{
|
||||
|
||||
// Common to all logs
|
||||
$text = "<div style='text-align:center'>
|
||||
<form method='post' action='".e_SELF."?config'>
|
||||
<table style='".USERWIDTH."' class='fborder'>
|
||||
|
||||
<tr>
|
||||
<td style='width:40%;vertical-align:top;' class='forumheader3'>".RL_LAN_044."<br /></td>
|
||||
<td style='width:60%;vertical-align:top;' class='forumheader3'>
|
||||
<select name='sys_log_perpage' class='tbox'>
|
||||
<option value='10' ".($pref['sys_log_perpage']=='10'?" selected='selected' ":"")." >10</option>
|
||||
<option value='20' ".($pref['sys_log_perpage']=='20'?" selected='selected' ":"")." >20</option>
|
||||
<option value='30' ".($pref['sys_log_perpage']=='30'?" selected='selected' ":"")." >30</option>
|
||||
<option value='40' ".($pref['sys_log_perpage']=='40'?" selected='selected' ":"")." >40</option>
|
||||
<option value='50' ".($pref['sys_log_perpage']=='50'?" selected='selected' ":"")." >50</option>
|
||||
</select>
|
||||
</td>
|
||||
</tr>
|
||||
|
||||
<tr><td colspan='2' style='text-align:center' class='fcaption'><input class='button' type='submit' name='setcommonoptions' value='".RL_LAN_010."' /></td></tr>
|
||||
</table></form></div>";
|
||||
$ns->tablerender("<div style='text-align:center'>".RL_LAN_064."</div>", $text);
|
||||
|
||||
|
||||
|
||||
// Admin log options
|
||||
//==================
|
||||
$text = "
|
||||
<form method='post' action='".e_SELF."?config'>
|
||||
<table style='width:97%' class='fborder'>
|
||||
<tr>
|
||||
<td style='width:40%;vertical-align:top;' class='forumheader3'>".RL_LAN_045." </td>
|
||||
<td style='width:60%;vertical-align:top;' class='forumheader3'>
|
||||
<select name='rolllog_clearadmin' class='tbox'>
|
||||
<option value='90' selected='selected'>90</option>
|
||||
<option value='60'>60</option>
|
||||
<option value='30'>30</option>
|
||||
<option value='21'>21</option>
|
||||
<option value='20'>20</option>
|
||||
<option value='14'>14</option>
|
||||
<option value='10'>10</option>
|
||||
<option value='7'>7</option>
|
||||
<option value='6'>6</option>
|
||||
<option value='5'>5</option>
|
||||
<option value='4'>4</option>
|
||||
<option value='3'>3</option>
|
||||
<option value='2'>2</option>
|
||||
<option value='1'>1</option>
|
||||
</select>
|
||||
".RL_LAN_046."
|
||||
</td>
|
||||
</tr>
|
||||
<tr><td colspan='2' style='text-align:center' class='fcaption'><input class='button' type='submit' name='deleteoldadmin' value='".RL_LAN_049."' /></td></tr>
|
||||
</table></form></div><br />";
|
||||
|
||||
$ns->tablerender("<div style='text-align:center'>".RL_LAN_048."</div>", $text);
|
||||
|
||||
|
||||
// User Audit log options (for info)
|
||||
//=======================
|
||||
// define('USER_AUDIT_SIGNUP',11); // User signed up
|
||||
// define('USER_AUDIT_EMAILACK',12); // User responded to registration email
|
||||
// define('USER_AUDIT_LOGIN',13); // User logged in
|
||||
// define('USER_AUDIT_LOGOUT',14); // User logged out
|
||||
// define('USER_AUDIT_NEW_DN',15); // User changed display name
|
||||
// define('USER_AUDIT_NEW_PW',16); // User changed password
|
||||
// define('USER_AUDIT_NEW_EML',17); // User changed email
|
||||
// define('USER_AUDIT_NEW_SET',19); // User changed other settings (intentional gap in numbering)
|
||||
|
||||
$audit_checkboxes = array(
|
||||
USER_AUDIT_SIGNUP => RL_LAN_071,
|
||||
USER_AUDIT_EMAILACK => RL_LAN_072,
|
||||
USER_AUDIT_LOGIN => RL_LAN_073,
|
||||
// USER_AUDIT_LOGOUT => RL_LAN_074, // Logout is lumped in with login
|
||||
USER_AUDIT_NEW_DN => RL_LAN_075,
|
||||
USER_AUDIT_NEW_PW => RL_LAN_076,
|
||||
USER_AUDIT_PW_RES => RL_LAN_078,
|
||||
USER_AUDIT_NEW_EML => RL_LAN_077,
|
||||
USER_AUDIT_NEW_SET => RL_LAN_079
|
||||
);
|
||||
|
||||
//Uncomment once inherited user classes
|
||||
// if (!isset($e_userclass) && !is_object($e_userclass))
|
||||
// {
|
||||
require_once(e_HANDLER."userclass_class.php");
|
||||
// $e_userclass = new user_class;
|
||||
// }
|
||||
|
||||
$user_signup_opts = array_flip(explode(',',varset($pref['user_audit_opts'],'')));
|
||||
$text = "<div style='text-align:center'>
|
||||
<form method='post' action='".e_SELF."?config'>
|
||||
<table style='".USERWIDTH."' class='fborder'>
|
||||
<tr>
|
||||
<td style='width:40%;vertical-align:top;' class='forumheader3'>".RL_LAN_026."</td>
|
||||
<td style='width:60%;vertical-align:top;' class='forumheader3'>";
|
||||
|
||||
// Uncomment once inherited userclasses
|
||||
// $text .= "<select name='class_select'>\n";
|
||||
// $text .= $e_userclass->vetted_tree('user_audit_class',array($e_userclass,'select'), varset($pref['user_audit_class'],''),'force');
|
||||
// $text .= "</select>\n";
|
||||
$text .= r_userclass('user_audit_class', varset($pref['user_audit_class'],''),'off','nobody,admin,user,classes');
|
||||
$text .= "</td>
|
||||
</tr>
|
||||
|
||||
<tr>
|
||||
<td style='width:40%;vertical-align:top;' class='forumheader3'>".RL_LAN_031."</td>
|
||||
<td style='width:60%;vertical-align:top;' class='forumheader3'>";
|
||||
$spacer = '';
|
||||
foreach ($audit_checkboxes as $k => $t)
|
||||
{
|
||||
$text .= $spacer."
|
||||
<input class='tbox' type='checkbox' name='user_audit_opts[]' value='{$k}' ".(isset($user_signup_opts[$k]) ? " checked='checked' ":"")." />".$t;
|
||||
$spacer = '<br />';
|
||||
}
|
||||
$text .= "
|
||||
</td>
|
||||
</tr>
|
||||
|
||||
<tr><td colspan='2' style='text-align:center' class='fcaption'><input class='button' type='submit' name='setauditoptions' value='".RL_LAN_010."' /></td></tr>
|
||||
</table></form></div>
|
||||
<br />";
|
||||
$ns->tablerender("<div style='text-align:center'>".RL_LAN_007."</div>", $text);
|
||||
|
||||
|
||||
// Rolling log options
|
||||
//====================
|
||||
$text = "<div style='text-align:center'>
|
||||
<form method='post' action='".e_SELF."?config'>
|
||||
<table style='".USERWIDTH."' class='fborder'>
|
||||
<tr>
|
||||
<td style='width:40%;vertical-align:top;' class='forumheader3'>".RL_LAN_008."</td>
|
||||
<td style='width:60%;vertical-align:top;' class='forumheader3'><input class='tbox' type='checkbox' name='roll_log_active' value='1' ".($pref['roll_log_active']==1?" checked='checked' ":"")." /></td>
|
||||
</td>
|
||||
</tr>
|
||||
|
||||
<tr>
|
||||
<td style='width:40%;vertical-align:top;' class='forumheader3'>".RL_LAN_009."</td>
|
||||
<td style='width:60%;vertical-align:top;' class='forumheader3'><input class='tbox' type='text' name='roll_log_days' size='10' value='".$pref['roll_log_days']."' maxlength='5' />
|
||||
</td>
|
||||
</tr>
|
||||
|
||||
<tr><td colspan='2' style='text-align:center' class='fcaption'><input class='button' type='submit' name='setoptions' value='".RL_LAN_010."' /></td></tr>
|
||||
</table></form></div>";
|
||||
$ns->tablerender("<div style='text-align:center'>".RL_LAN_011."</div>", $text);
|
||||
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
//====================================================================
|
||||
// LOG VIEW MENU
|
||||
//====================================================================
|
||||
|
||||
if (($action == "rolllog") || ($action == "adminlog") || ($action == "auditlog"))
|
||||
{
|
||||
$from = intval(varset($qs[1], 0)); // First entry to display
|
||||
$amount = max(varset($pref['sys_log_perpage'], 20),5); // Number of entries per page
|
||||
|
||||
// Array decides which filters are active for each log. There are 4 columns total. All but 'datetimes' occupy 2. Must specify multiple of 4 columns - add 'blank' if necessary
|
||||
$active_filters = array('adminlog' => array('datetimes'=>0,'ipfilter'=>0,'userfilter'=>0,'eventfilter'=>0,'priority'=>0),
|
||||
'auditlog' => array('datetimes'=>0,'ipfilter'=>0,'userfilter'=>0,'eventfilter'=>0,'blank'=>2),
|
||||
'rolllog' => array('datetimes'=>0,'ipfilter'=>0,'userfilter'=>0,'eventfilter'=>0,'priority'=>0,'callerfilter'=>0,'blank'=>2));
|
||||
|
||||
// Arrays determine column widths, headings, displayed fields for each log
|
||||
$col_widths = array('adminlog' => array(18,4,14,7,15,8,14,20), // Date - Pri - IP - UID - User - Code - Event - Info
|
||||
'auditlog' => array(18,14,7,15,8,14,24),
|
||||
'rolllog' => array(15,4,12,6,12,7,13,13,18)); // Date - Pri - IP - UID - User - Code - Caller - Event - Info
|
||||
$col_titles = array('adminlog' => array(RL_LAN_019,RL_LAN_032,RL_LAN_020,RL_LAN_021,RL_LAN_022,RL_LAN_023,RL_LAN_025,RL_LAN_033),
|
||||
'auditlog' => array(RL_LAN_019,RL_LAN_020,RL_LAN_021,RL_LAN_022,RL_LAN_023,RL_LAN_025,RL_LAN_033),
|
||||
'rolllog' => array(RL_LAN_019,RL_LAN_032,RL_LAN_020,RL_LAN_021,RL_LAN_022,RL_LAN_023,RL_LAN_024,RL_LAN_025,RL_LAN_033));
|
||||
$col_fields = array('adminlog' => array('cf_datestring','dblog_type','dblog_ip','dblog_user_id','dblog_user_name','dblog_eventcode','dblog_title','dblog_remarks'),
|
||||
'auditlog' => array('cf_datestring','dblog_ip','dblog_user_id','dblog_user_name','dblog_eventcode','dblog_title','dblog_remarks'),
|
||||
'rolllog' => array('cf_datestring','dblog_type','dblog_ip','dblog_user_id','dblog_user_name','dblog_eventcode','dblog_caller','dblog_title','dblog_remarks'));
|
||||
|
||||
|
||||
|
||||
// Check things
|
||||
if ($start_time >= $end_time)
|
||||
{ // Make end time beginning of tomorrow
|
||||
$tempdate = getdate();
|
||||
$end_time = mktime(0,0,0,$tempdate['mon'],$tempdate['mday']+1,$tempdate['year']); // Seems odd, but mktime will work this out OK
|
||||
// (or so the manual says)
|
||||
}
|
||||
|
||||
|
||||
|
||||
// Now work out the query - only use those filters which are displayed
|
||||
$qry = '';
|
||||
$and_array = array();
|
||||
foreach ($active_filters[$action] as $fname=>$fpars)
|
||||
{
|
||||
switch ($fname)
|
||||
{
|
||||
case 'datetimes' :
|
||||
if ($start_enabled && ($start_time > 0)) $and_array[] = "`dblog_datestamp` >= ".intval($start_time);
|
||||
if ($end_enabled && ($end_time > 0)) $and_array[] = "`dblog_datestamp` <= ".intval($end_time);
|
||||
break;
|
||||
case 'ipfilter' :
|
||||
if ($ipaddress_filter != "")
|
||||
{
|
||||
if (substr($ipaddress_filter,-1) == '*')
|
||||
{ // Wildcard to handle - mySQL uses %
|
||||
$and_array[] = "`dblog_ip` LIKE '".substr($ipaddress_filter,0,-1)."%' ";
|
||||
}
|
||||
else
|
||||
{
|
||||
$and_array[] = "`dblog_ip`= '".$ipaddress_filter."' ";
|
||||
}
|
||||
}
|
||||
break;
|
||||
case 'userfilter' :
|
||||
if ($user_filter != '') $and_array[] = "`dblog_user_id` = ".intval($user_filter);
|
||||
break;
|
||||
case 'eventfilter' :
|
||||
if ($event_filter != '')
|
||||
{
|
||||
if (substr($event_filter,-1) == '*')
|
||||
{ // Wildcard to handle - mySQL uses %
|
||||
$and_array[] = " `dblog_eventcode` LIKE '".substr($event_filter,0,-1)."%' ";
|
||||
}
|
||||
else
|
||||
{
|
||||
$and_array[] = "`dblog_eventcode`= '".$event_filter."' ";
|
||||
}
|
||||
}
|
||||
break;
|
||||
case 'callerfilter' :
|
||||
if ($caller_filter != '')
|
||||
{
|
||||
if (substr($caller_filter,-1) == '*')
|
||||
{ // Wildcard to handle - mySQL uses %
|
||||
$and_array[] = "`dblog_caller` LIKE '".substr($caller_filter,0,-1)."%' ";
|
||||
}
|
||||
else
|
||||
{
|
||||
$and_array[] = "`dblog_caller`= '".$caller_filter."' ";
|
||||
}
|
||||
}
|
||||
break;
|
||||
case 'priority' :
|
||||
if (($pri_filter_val != "") && ($pri_filter_cond != "") && ($pri_filter_cond != "xx"))
|
||||
{
|
||||
switch ($pri_filter_cond)
|
||||
{
|
||||
case "lt" :
|
||||
$and_array[] = "`dblog_type` <= '{$pri_filter_val}' ";
|
||||
break;
|
||||
case "eq" :
|
||||
$and_array[] = "`dblog_type` = '{$pri_filter_val}' ";
|
||||
break;
|
||||
case "gt" :
|
||||
$and_array[] = "`dblog_type` >= '{$pri_filter_val}' ";
|
||||
break;
|
||||
}
|
||||
}
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
if (count($and_array)) $qry = " WHERE ".implode(' AND ',$and_array);
|
||||
$num_entry = $sql->db_Count($log_db_table[$action], "(*)", $qry);
|
||||
|
||||
if ($from > $num_entry) $from = 0; // We may be on a later page
|
||||
|
||||
$qry = "SELECT dbl.*,u.user_name FROM #".$log_db_table[$action]." AS dbl LEFT JOIN #user AS u ON dbl.dblog_user_id=u.user_id".$qry." ORDER BY {$sort_field} ".$sort_order." LIMIT {$from}, {$amount} ";
|
||||
// echo $qry.'<br />';
|
||||
|
||||
|
||||
// Start by putting up the filter boxes
|
||||
$text = "<div style='text-align:center'>
|
||||
<form method='post' action='".e_SELF."?".e_QUERY."'>
|
||||
<table style='".USERWIDTH."' class='fborder'>
|
||||
<colgroup>
|
||||
<col width = '20%';vertical-align:top; />
|
||||
<col width = '30%';vertical-align:top; />
|
||||
<col width = '20%';vertical-align:top; />
|
||||
<col width = '30%';vertical-align:top; />
|
||||
</colgroup>
|
||||
<tr><td colspan='4' class='fcaption'>".RL_LAN_012." </td></tr>";
|
||||
$filter_cols = 0;
|
||||
foreach ($active_filters[$action] as $fname=>$fpars)
|
||||
{
|
||||
if ($filter_cols == 0) $text .= '<tr>';
|
||||
switch ($fname)
|
||||
{
|
||||
case 'datetimes' :
|
||||
$text .= "
|
||||
<td class='forumheader3'><input class='tbox' type='checkbox' name='start_enabled' value='1' ".($start_enabled==1?" checked='checked' ":"").
|
||||
"/> ".RL_LAN_013."</td><td class='forumheader3'>".time_box("starttime",$start_time,$back_day_count[$action],FALSE)."</td>
|
||||
<td class='forumheader3'><input class='tbox' type='checkbox' name='end_enabled' value='1' ".($end_enabled==1?" checked='checked' ":"").
|
||||
"/> ".RL_LAN_014."</td><td class='forumheader3'>".time_box("endtime",$end_time,$back_day_count[$action],TRUE).
|
||||
"</td>";
|
||||
$filter_cols = 4;
|
||||
break;
|
||||
case 'priority' :
|
||||
$text .= " <td class='forumheader3'>".RL_LAN_058."</td>
|
||||
<td class='forumheader3'><select name='roll_pri_cond' class='tbox'>
|
||||
<option value='xx' ".($pri_filter_cond=='xx'?" selected='selected' ":"")." > </option>
|
||||
<option value='gt' ".($pri_filter_cond=='gt'?" selected='selected' ":"")." >>=</option>
|
||||
<option value='eq' ".($pri_filter_cond=='eq'?" selected='selected' ":"")." >==</option>
|
||||
<option value='lt' ".($pri_filter_cond=='lt'?" selected='selected' ":"")." ><=</option>
|
||||
</select>
|
||||
|
||||
<input class='tbox' type='text' name='roll_pri_val' size='20' value='".$pri_filter_val."' maxlength='10' /></td>";
|
||||
$filter_cols += 2;
|
||||
break;
|
||||
case 'ipfilter' :
|
||||
$text .= "<td class='forumheader3'>".RL_LAN_060."<br /><span class='smalltext'><em>".RL_LAN_061."</em></span></td>
|
||||
<td class='forumheader3'><input class='tbox' type='text' name='roll_ipaddress_filter' size='20' value='".$ipaddress_filter."' maxlength='20' /></td>";
|
||||
$filter_cols += 2;
|
||||
break;
|
||||
case 'userfilter' :
|
||||
$text .= "<td class='forumheader3'>".RL_LAN_015."<br /><span class='smalltext'><em>".RL_LAN_016."</em></span></td>
|
||||
<td class='forumheader3'><input class='tbox' type='text' name='roll_user_filter' size='20' value='".$user_filter."' maxlength='10' /></td>";
|
||||
$filter_cols += 2;
|
||||
break;
|
||||
case 'eventfilter' :
|
||||
$text .= "<td class='forumheader3'>".RL_LAN_029."<br /><span class='smalltext'><em>".RL_LAN_061."</em></span></td>
|
||||
<td class='forumheader3'><input class='tbox' type='text' name='roll_event_filter' size='20' value='".$event_filter."' maxlength='10' /></td>";
|
||||
$filter_cols += 2;
|
||||
break;
|
||||
case 'callerfilter' :
|
||||
$text .= "<td class='forumheader3'>".RL_LAN_059."<br /><span class='smalltext'><em>".RL_LAN_061."</em></span></td>
|
||||
<td class='forumheader3'><input class='tbox' type='text' name='roll_caller_filter' size='40' value='".$caller_filter."' maxlength='40' /></td>";
|
||||
$filter_cols += 2;
|
||||
break;
|
||||
case 'blank' : // Any number of blank cells
|
||||
$text .= Str_repeat("<td class='forumheader3'> </td>",$fpars);
|
||||
$filter_cols += $fpars;
|
||||
break;
|
||||
}
|
||||
if ($filter_cols >= 4) { $text .= '</tr>'; $filter_cols = 0; }
|
||||
}
|
||||
|
||||
// $text .= "<tr><td colspan='4'>Query = {$qry}<br />{$_COOKIE[$rl_cookiename]}</td></tr>";
|
||||
$text .= "
|
||||
<tr><td colspan='4' style='text-align:center' class='forumheader3'><input class='button' type='submit' name='updatefilters' value='".RL_LAN_028."' /></td></tr>
|
||||
</table>
|
||||
</form>
|
||||
</div><br />";
|
||||
|
||||
|
||||
// Next bit is the actual log display - the arrays define column widths, titles, fields etc for each log
|
||||
|
||||
$column_count = count($col_widths[$action]);
|
||||
$text .= "<div style='text-align:center'>
|
||||
<form method='post' action='".e_SELF."?".e_QUERY."'>
|
||||
<table style='".USERWIDTH."' class='fborder'>
|
||||
<colgroup>";
|
||||
foreach($col_widths[$action] as $i)
|
||||
{
|
||||
$text .= "<col width = '{$i}%';vertical-align:top; />\n";
|
||||
}
|
||||
$text .= "</colgroup>\n";
|
||||
|
||||
if (!$sql->db_Select_gen($qry))
|
||||
{
|
||||
$text .= "<tr><td colspan='{$column_count}'>".RL_LAN_017."</td></tr>";
|
||||
$num_entry = 0;
|
||||
}
|
||||
else
|
||||
{// Start with header
|
||||
$text .= '<tr>';
|
||||
foreach ($col_titles[$action] as $ct)
|
||||
{
|
||||
$text .= " <td class='forumheader'>{$ct}</td>";
|
||||
}
|
||||
$text .= "</tr>\n";
|
||||
|
||||
// Now put up the events
|
||||
while ($row = $sql->db_Fetch())
|
||||
{
|
||||
$text .= '<tr>';
|
||||
foreach ($col_fields[$action] as $cf)
|
||||
{
|
||||
switch ($cf)
|
||||
{
|
||||
case 'cf_datestring' :
|
||||
$val = date("d-m-y H:i:s",$row['dblog_datestamp']);
|
||||
break;
|
||||
case 'cf_eventcode' :
|
||||
$val = 'ADMIN'.$row['dblog_eventcode'];
|
||||
break;
|
||||
case 'dblog_title' : // Look up constants to give multi-language viewing
|
||||
$val = trim($row['dblog_title']);
|
||||
// $val = $tp->toHTML($row['dblog_title'],FALSE,'RAWTEXT,defs');
|
||||
if (defined($val)) $val = constant($val);
|
||||
break;
|
||||
case 'dblog_username' :
|
||||
$val = $row['dblog_userid'] ? $row['dblog_username'] : 'Anonymous';
|
||||
break;
|
||||
case 'dblog_caller' :
|
||||
$val = $row['dblog_caller'];
|
||||
if ((strpos($val,'|') !== FALSE) && (strpos($val,'@') !== FALSE))
|
||||
{
|
||||
list($file,$rest) = explode('|',$val);
|
||||
list($routine,$rest) = explode('@',$rest);
|
||||
$val = $file.'<br />Routine: '.$routine.'<br />Line: '.$rest;
|
||||
}
|
||||
break;
|
||||
default :
|
||||
$val = $row[$cf];
|
||||
}
|
||||
$text .= "<td class='forumheader3'>{$val}</td>";
|
||||
}
|
||||
$text .= "</tr>\n";
|
||||
}
|
||||
}
|
||||
$text .= "
|
||||
<tr><td colspan='{$column_count}' style='text-align:center' class='fcaption'><input class='button' type='submit' name='refreshlog' value='".RL_LAN_018."' /></td></tr>
|
||||
</table>
|
||||
</form>
|
||||
</div>";
|
||||
|
||||
// Next-Previous. ==========================
|
||||
|
||||
if ($num_entry > $amount)
|
||||
{
|
||||
$parms = "{$num_entry},{$amount},{$from},".e_SELF."?".$action.".[FROM]";
|
||||
$text .= "<br />".$tp->parseTemplate("{NEXTPREV={$parms}}");
|
||||
}
|
||||
|
||||
$text .= " Total {$num_entry} entries matching search condition";
|
||||
$ns->tablerender("<div style='text-align:center'>{$page_title[$action]}</div>", $text);
|
||||
}
|
||||
|
||||
|
||||
function admin_log_adminmenu()
|
||||
{
|
||||
if (e_QUERY) {
|
||||
$tmp = explode(".", e_QUERY);
|
||||
$action = $tmp[0];
|
||||
}
|
||||
if ($action == "") {
|
||||
$action = "adminlog";
|
||||
}
|
||||
$var['adminlog']['text'] = RL_LAN_030;
|
||||
$var['adminlog']['link'] = "admin_log.php?adminlog";
|
||||
|
||||
$var['auditlog']['text'] = RL_LAN_062;
|
||||
$var['auditlog']['link'] = "admin_log.php?auditlog";
|
||||
|
||||
$var['rolllog']['text'] = RL_LAN_002;
|
||||
$var['rolllog']['link'] = "admin_log.php?rolllog";
|
||||
|
||||
$var['config']['text'] = RL_LAN_027;
|
||||
$var['config']['link'] ="admin_log.php?config";
|
||||
|
||||
show_admin_menu(RL_LAN_005, $action, $var);
|
||||
}
|
||||
|
||||
|
||||
require_once(e_ADMIN."footer.php");
|
||||
|
||||
?>
|
@@ -11,9 +11,9 @@
|
||||
| GNU General Public License (http://gnu.org).
|
||||
|
|
||||
| $Source: /cvs_backup/e107_0.8/e107_admin/administrator.php,v $
|
||||
| $Revision: 1.2 $
|
||||
| $Date: 2006-12-07 15:41:49 $
|
||||
| $Author: sweetas $
|
||||
| $Revision: 1.3 $
|
||||
| $Date: 2007-12-15 15:06:40 $
|
||||
| $Author: e107steved $
|
||||
+----------------------------------------------------------------------------+
|
||||
*/
|
||||
require_once('../class2.php');
|
||||
@@ -200,7 +200,7 @@ function edit_administrator($row){
|
||||
$text .= checkb("E", $a_perms).ADMSLAN_30."<br />"; // Configure news feed headlines
|
||||
$text .= checkb("F", $a_perms).ADMSLAN_31."<br />"; // Configure emoticons
|
||||
$text .= checkb("G", $a_perms).ADMSLAN_32."<br />"; // Configure front page content
|
||||
$text .= checkb("S", $a_perms).ADMSLAN_33."<br />"; // Configure log/stats
|
||||
$text .= checkb("S", $a_perms).ADMSLAN_33."<br />"; // Configure system logs (previously log/stats - now plugin)
|
||||
$text .= checkb("T", $a_perms).ADMSLAN_34."<br />"; // Configure meta tags
|
||||
$text .= checkb("V", $a_perms).ADMSLAN_35."<br />"; // Configure public file uploads
|
||||
$text .= checkb("X", $a_perms).ADMSLAN_66."<br />"; // Configure Search
|
||||
|
@@ -12,8 +12,8 @@
|
||||
| GNU General Public License (http://gnu.org).
|
||||
|
|
||||
| $Source: /cvs_backup/e107_0.8/e107_handlers/admin_log_class.php,v $
|
||||
| $Revision: 1.4 $
|
||||
| $Date: 2007-12-09 16:42:23 $
|
||||
| $Revision: 1.5 $
|
||||
| $Date: 2007-12-15 15:06:40 $
|
||||
| $Author: e107steved $
|
||||
|
||||
To do:
|
||||
@@ -59,13 +59,25 @@ class e_admin_log {
|
||||
define("E_LOG_INFORMATIVE", 0); // Minimal Log Level, including really minor stuff
|
||||
define("E_LOG_NOTICE", 1); // More important than informative, but less important than notice
|
||||
define("E_LOG_WARNING", 2); // Not anything serious, but important information
|
||||
define("E_LOG_FATAL", 3); // An event so bad your site ceased execution.
|
||||
define("E_LOG_FATAL", 3); // An event so bad your site ceased execution.
|
||||
define("E_LOG_PLUGIN", 4); // Plugin information
|
||||
|
||||
// Logging actions
|
||||
define("LOG_TO_ADMIN", 1);
|
||||
define("LOG_TO_AUDIT", 2);
|
||||
define("LOG_TO_ROLLING", 4);
|
||||
|
||||
// User audit logging (intentionally start at 10 - stick to 2 digits)
|
||||
define('USER_AUDIT_ADMIN',10); // User data changed by admin
|
||||
define('USER_AUDIT_SIGNUP',11); // User signed up
|
||||
define('USER_AUDIT_EMAILACK',12); // User responded to registration email
|
||||
define('USER_AUDIT_LOGIN',13); // User logged in
|
||||
define('USER_AUDIT_LOGOUT',14); // User logged out
|
||||
define('USER_AUDIT_NEW_DN',15); // User changed display name
|
||||
define('USER_AUDIT_NEW_PW',16); // User changed password
|
||||
define('USER_AUDIT_NEW_EML',17); // User changed email
|
||||
define('USER_AUDIT_PW_RES',18); // Password reset
|
||||
define('USER_AUDIT_NEW_SET',19); // User changed other settings (intentional gap in numbering)
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -136,9 +148,8 @@ class e_admin_log {
|
||||
|
||||
$importance = $tp->toDB($importance,true,false,'no_html');
|
||||
$eventcode = $tp->toDB($eventcode,true,false,'no_html');
|
||||
$explain = $tp->toDB($explain,true,false,'no_html');
|
||||
$explain = mysql_real_escape_string($tp->toDB($explain,true,false,'no_html'));
|
||||
$event_title = $tp->toDB($event_title,true,false,'no_html');
|
||||
$source_call = $tp->toDB($source_call,true,false,'no_html');
|
||||
|
||||
|
||||
//---------------------------------------
|
||||
@@ -146,7 +157,8 @@ class e_admin_log {
|
||||
//---------------------------------------
|
||||
if ($target_logs & LOG_TO_ADMIN)
|
||||
{ // Admin log - assume all fields valid
|
||||
$this->rldb->db_Insert("dblog", " 0, ".intval($time_usec).','.intval($time_sec).", '{$importance}', '{$eventcode}', {$userid}, '{$userIP}', '{$event_title}', '{$explain}' ");
|
||||
$qry = " 0, ".intval($time_sec).','.intval($time_usec).", '{$importance}', '{$eventcode}', {$userid}, '{$userIP}', '{$event_title}', '{$explain}' ";
|
||||
$this->rldb->db_Insert("dblog",$qry);
|
||||
}
|
||||
|
||||
|
||||
@@ -177,10 +189,10 @@ class e_admin_log {
|
||||
}
|
||||
|
||||
|
||||
if (is_array($source_call))
|
||||
{ // Print the debug_backtrace() array
|
||||
while ($i < $back_count)
|
||||
{
|
||||
if (is_array($source_call))
|
||||
{ // Print the debug_backtrace() array
|
||||
while ($i < $back_count)
|
||||
{
|
||||
$source_call[$i]['file'] = $e107->fix_windows_paths($source_call[$i]['file']); // Needed for Windoze hosts.
|
||||
$source_call[$i]['file'] = str_replace($e107->file_path,"",$source_call[$i]['file']); // We really just want a e107 root-relative path. Strip out the root bit
|
||||
$tmp = $source_call[$i]['file']."|".$source_call[$i]['class'].$source_call[$i]['type'].$source_call[$i]['function']."@".$source_call[$i]['line'];
|
||||
@@ -191,14 +203,15 @@ class e_admin_log {
|
||||
$i++;
|
||||
if ($i < $back_count) $explain .= "<br />-------------------";
|
||||
if (!isset($tmp1)) $tmp1 = $tmp; // Pick off the immediate caller as the source
|
||||
}
|
||||
if (isset($tmp1)) $source_call = $tmp1; else $source_call = 'Root level';
|
||||
}
|
||||
else
|
||||
{
|
||||
$source_call = $e107->fix_windows_paths($source_call); // Needed for Windoze hosts.
|
||||
$source_call = str_replace($e107->file_path,"",$source_call); // We really just want a e107 root-relative path. Strip out the root bit
|
||||
}
|
||||
if (isset($tmp1)) $source_call = $tmp1; else $source_call = 'Root level';
|
||||
}
|
||||
else
|
||||
{
|
||||
$source_call = $e107->fix_windows_paths($source_call); // Needed for Windoze hosts.
|
||||
$source_call = str_replace($e107->file_path,"",$source_call); // We really just want a e107 root-relative path. Strip out the root bit
|
||||
$source_call = $tp->toDB($source_call,true,false,'no_html');
|
||||
}
|
||||
// else $source_call is a string
|
||||
|
||||
// Save new rolling log record
|
||||
@@ -212,6 +225,40 @@ class e_admin_log {
|
||||
}
|
||||
|
||||
|
||||
//--------------------------------------
|
||||
// USER AUDIT ENTRY
|
||||
//--------------------------------------
|
||||
// $event_code is a defined constant (see above) which specifies the event
|
||||
// $event_data is an array of data fields whose keys and values are logged (usually user data, but doesn't have to be - can add messages here)
|
||||
// $id and $u_name are left blank except for admin edits and user login, where they specify the id and login name of the 'target' user
|
||||
function user_audit($event_type, $event_data, $id = '', $u_name = '')
|
||||
{
|
||||
global $e107, $tp;
|
||||
list($time_usec, $time_sec) = explode(" ", microtime()); // Log event time immediately to minimise uncertainty
|
||||
|
||||
// See whether we should log this
|
||||
$user_logging_opts = array_flip(explode(',',varset($pref['user_audit_opts'],'')));
|
||||
if (!isset($user_logging_opts[$event_type])) return; // Finished if not set to log this event type
|
||||
|
||||
|
||||
if ($this->rldb == NULL) $this->rldb = new db; // Better use our own db - don't know what else is going on
|
||||
|
||||
if ($id) $userid = $id; else $userid = (USER === TRUE) ? USERID : 0;
|
||||
if ($u_name) $userstring = $u_name; else $userstring = ( USER === true ? USERNAME : "LAN_ANONYMOUS");
|
||||
$userIP = $e107->getip();
|
||||
$eventcode = 'USER_'.$event_type;
|
||||
|
||||
$title = 'LAN_AUDIT_LOG_0'.$event_type; // This creates a string which will be displayed as a constant
|
||||
$spacer = '';
|
||||
$detail = '';
|
||||
foreach ($event_data as $k => $v)
|
||||
{
|
||||
$detail .= $spacer.$k.'=>'.$v;
|
||||
$spacer = '<br />';
|
||||
}
|
||||
$this->rldb->db_Insert("audit_log","0, ".intval($time_sec).', '.intval($time_usec).", '{$eventcode}', {$userid}, '{$userstring}', '{$userIP}', '{$title}', '{$detail}' ");
|
||||
}
|
||||
|
||||
|
||||
function get_log_events($count = 15, $offset)
|
||||
{
|
||||
|
@@ -12,8 +12,8 @@
|
||||
| GNU General Public License (http://gnu.org).
|
||||
|
|
||||
| $Source: /cvs_backup/e107_0.8/e107_handlers/login.php,v $
|
||||
| $Revision: 1.8 $
|
||||
| $Date: 2007-12-09 16:42:23 $
|
||||
| $Revision: 1.9 $
|
||||
| $Date: 2007-12-15 15:06:40 $
|
||||
| $Author: e107steved $
|
||||
+----------------------------------------------------------------------------+
|
||||
*/
|
||||
@@ -105,48 +105,79 @@ class userlogin {
|
||||
else
|
||||
{ // User is OK as far as core is concerned
|
||||
// $admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","User login",'User passed basics',FALSE,LOG_TO_ROLLING);
|
||||
$ret = $e_event->trigger("preuserlogin", $username);
|
||||
if ($ret!='')
|
||||
$ret = $e_event->trigger("preuserlogin", $username);
|
||||
if ($ret!='')
|
||||
{
|
||||
define("LOGINMESSAGE", $ret."<br /><br />");
|
||||
return FALSE;
|
||||
}
|
||||
else
|
||||
{ // Trigger events happy as well
|
||||
$lode = $sql -> db_Fetch(); // Get user info
|
||||
$user_id = $lode['user_id'];
|
||||
$user_name = $lode['user_name'];
|
||||
$user_xup = $lode['user_xup'];
|
||||
|
||||
/* restrict more than one person logging in using same us/pw */
|
||||
if($pref['disallowMultiLogin'])
|
||||
{
|
||||
define("LOGINMESSAGE", $ret."<br /><br />");
|
||||
if($sql -> db_Select("online", "online_ip", "online_user_id='".$user_id.".".$user_name."'"))
|
||||
{
|
||||
define("LOGINMESSAGE", LAN_304."<br /><br />");
|
||||
$sql -> db_Insert("generic", "0, 'failed_login', '".time()."', 0, '$fip', '$user_id', '".LAN_LOGIN_16." ::: ".LAN_LOGIN_1.": ".$tp -> toDB($username).", ".LAN_LOGIN_17.": ".md5($ouserpass)."' ");
|
||||
$this -> checkibr($fip);
|
||||
return FALSE;
|
||||
}
|
||||
else
|
||||
{ // Trigger events happy as well
|
||||
$lode = $sql -> db_Fetch(); // Get user info
|
||||
$user_id = $lode['user_id'];
|
||||
$user_name = $lode['user_name'];
|
||||
$user_xup = $lode['user_xup'];
|
||||
}
|
||||
}
|
||||
|
||||
/* restrict more than one person logging in using same us/pw */
|
||||
if($pref['disallowMultiLogin'])
|
||||
$cookieval = $user_id.".".md5($userpass);
|
||||
if($user_xup)
|
||||
{
|
||||
$this->update_xup($user_id, $user_xup);
|
||||
}
|
||||
|
||||
if ($pref['user_tracking'] == "session")
|
||||
{
|
||||
$_SESSION[$pref['cookie_name']] = $cookieval;
|
||||
}
|
||||
else
|
||||
{
|
||||
if ($autologin == 1)
|
||||
{
|
||||
if($sql -> db_Select("online", "online_ip", "online_user_id='".$user_id.".".$user_name."'"))
|
||||
{
|
||||
define("LOGINMESSAGE", LAN_304."<br /><br />");
|
||||
$sql -> db_Insert("generic", "0, 'failed_login', '".time()."', 0, '$fip', '$user_id', '".LAN_LOGIN_16." ::: ".LAN_LOGIN_1.": ".$tp -> toDB($username).", ".LAN_LOGIN_17.": ".md5($ouserpass)."' ");
|
||||
$this -> checkibr($fip);
|
||||
return FALSE;
|
||||
}
|
||||
cookie($pref['cookie_name'], $cookieval, (time() + 3600 * 24 * 30));
|
||||
}
|
||||
else
|
||||
{
|
||||
cookie($pref['cookie_name'], $cookieval);
|
||||
}
|
||||
}
|
||||
|
||||
// User login definitely accepted here
|
||||
|
||||
$cookieval = $user_id.".".md5($userpass);
|
||||
if($user_xup) {
|
||||
$this->update_xup($user_id, $user_xup);
|
||||
}
|
||||
|
||||
if ($pref['user_tracking'] == "session") {
|
||||
$_SESSION[$pref['cookie_name']] = $cookieval;
|
||||
} else {
|
||||
if ($autologin == 1) {
|
||||
cookie($pref['cookie_name'], $cookieval, (time() + 3600 * 24 * 30));
|
||||
} else {
|
||||
cookie($pref['cookie_name'], $cookieval);
|
||||
}
|
||||
// Calculate class membership - needed for a couple of things
|
||||
$class_list = explode(',',$lode['user_class']);
|
||||
if ($lode['user_admin'] && strlen($lode['user_perms']))
|
||||
{
|
||||
$class_list[] = e_UC_ADMIN;
|
||||
if (strpos($lode['user_perms'],'0') === 0)
|
||||
{
|
||||
$class_list[] = e_UC_MAINADMIN;
|
||||
}
|
||||
$edata_li = array("user_id" => $user_id, "user_name" => $username);
|
||||
$e_event->trigger("login", $edata_li);
|
||||
$redir = (e_QUERY ? e_SELF."?".e_QUERY : e_SELF);
|
||||
}
|
||||
$class_list[] = e_UC_MEMBER;
|
||||
$class_list[] = e_UC_PUBLIC;
|
||||
|
||||
$user_logging_opts = array_flip(explode(',',varset($pref['user_audit_opts'],'')));
|
||||
if (isset($user_logging_opts[USER_AUDIT_LOGIN]) && in_array(varset($pref['user_audit_class'],''),$class_list))
|
||||
{ // Need to note in user audit trail
|
||||
$admin_log->user_audit(USER_AUDIT_LOGIN,'', $user_id,$user_name);
|
||||
}
|
||||
|
||||
$edata_li = array("user_id" => $user_id, "user_name" => $username);
|
||||
$e_event->trigger("login", $edata_li);
|
||||
$redir = (e_QUERY ? e_SELF."?".e_QUERY : e_SELF);
|
||||
|
||||
|
||||
|
||||
if (isset($pref['frontpage_force']) && is_array($pref['frontpage_force']))
|
||||
@@ -155,17 +186,6 @@ class userlogin {
|
||||
$lode['user_perms'] = trim($lode['user_perms']);
|
||||
// $log_info = "New user: ".$lode['user_name']." Class: ".$lode['user_class']." Admin: ".$lode['user_admin']." Perms: ".$lode['user_perms'];
|
||||
// $admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","Login Start",$log_info,FALSE,FALSE);
|
||||
$class_list = explode(',',$lode['user_class']);
|
||||
if ($lode['user_admin'] && strlen($lode['user_perms']))
|
||||
{
|
||||
$class_list[] = e_UC_ADMIN;
|
||||
if (('0'==$lode['user_perms']) || ('0.' == $lode['user_perms']))
|
||||
{
|
||||
$class_list[] = e_UC_MAINADMIN;
|
||||
}
|
||||
}
|
||||
$class_list[] = e_UC_MEMBER;
|
||||
$class_list[] = e_UC_PUBLIC;
|
||||
// $admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","New User class",implode(',',$class_list),FALSE,FALSE);
|
||||
foreach ($pref['frontpage_force'] as $fk=>$fp)
|
||||
{
|
||||
|
@@ -4,8 +4,8 @@
|
||||
| e107 website system - Language File.
|
||||
|
|
||||
| $Source: /cvs_backup/e107_0.8/e107_languages/English/admin/lan_admin.php,v $
|
||||
| $Revision: 1.5 $
|
||||
| $Date: 2007-07-03 19:22:08 $
|
||||
| $Revision: 1.6 $
|
||||
| $Date: 2007-12-15 15:06:40 $
|
||||
| $Author: e107steved $
|
||||
+----------------------------------------------------------------------------+
|
||||
*/
|
||||
@@ -175,6 +175,9 @@ define("ADLAN_152", "Enter Code");
|
||||
define("ADLAN_153", "Administration Area");
|
||||
define('ADLAN_154', "Error contacting Sourceforge to check for new version");
|
||||
|
||||
define('ADLAN_155', 'System Logs');
|
||||
define('ADLAN_156', 'Admin log, user audit, rolling log');
|
||||
|
||||
define('ADLAN_CL_1', 'Settings');
|
||||
define('ADLAN_CL_2', 'Users');
|
||||
define('ADLAN_CL_3', 'Content');
|
||||
@@ -255,7 +258,6 @@ define("LAN_INACTIVE","Inactive");
|
||||
define("LAN_BAN","Ban");
|
||||
define("LAN_RATING", "Rating");
|
||||
|
||||
define("LAN_UPLOAD", "Upload");
|
||||
define("LAN_UPLOAD_IMAGES","Upload Images");
|
||||
define("LAN_UPLOAD_FILES","Upload Files");
|
||||
define("LAN_UPLOAD_ADDFILE","Add Another File");
|
||||
|
@@ -1,27 +1,71 @@
|
||||
<?php
|
||||
/*
|
||||
+ ----------------------------------------------------------------------------+
|
||||
| e107 website system - Language File.
|
||||
|
|
||||
| $Source: /cvs_backup/e107_0.8/e107_languages/English/admin/lan_admin_log.php,v $
|
||||
| $Revision: 1.1.1.1 $
|
||||
| $Date: 2006-12-02 04:34:40 $
|
||||
| $Author: lisa_
|
||||
+----------------------------------------------------------------------------+
|
||||
*/
|
||||
define("LAN_ADMINLOG_0", "Admin Log");
|
||||
define("LAN_ADMINLOG_1", "Date");
|
||||
define("LAN_ADMINLOG_2", "Title");
|
||||
define("LAN_ADMINLOG_3", "Description");
|
||||
define("LAN_ADMINLOG_4", "User IP");
|
||||
define("LAN_ADMINLOG_5", "User ID");
|
||||
define("LAN_ADMINLOG_6", "Informative Icon");
|
||||
define("LAN_ADMINLOG_7", "Informative Message");
|
||||
define("LAN_ADMINLOG_8", "Notice Icon");
|
||||
define("LAN_ADMINLOG_9", "Notice Message");
|
||||
define("LAN_ADMINLOG_10", "Warning Icon");
|
||||
define("LAN_ADMINLOG_11", "Warning Message");
|
||||
define("LAN_ADMINLOG_12", "Fatal Icon");
|
||||
define("LAN_ADMINLOG_13", "Fatal Error Message");
|
||||
// e107 Language File.
|
||||
// $Id: lan_admin_log.php,v 1.2 2007-12-15 15:06:40 e107steved Exp $
|
||||
|
||||
define('RL_LAN_001', 'System Logs');
|
||||
define('RL_LAN_002', "Rolling Log");
|
||||
//define('RL_LAN_003', "Admin/Rolling Log Installed.");
|
||||
//define('RL_LAN_004', "Admin/Rolling Log Upgraded");
|
||||
define('RL_LAN_005', "Configure/View system logs");
|
||||
define('RL_LAN_006', "Options Updated");
|
||||
define('RL_LAN_007', "User Audit Trail Options");
|
||||
define('RL_LAN_008', "Rolling Log is active:");
|
||||
define('RL_LAN_009', "Rolling Log History length in days");
|
||||
define('RL_LAN_010', "Update Options");
|
||||
define('RL_LAN_011', 'Rolling Log Configuration and Maintenance Options');
|
||||
define('RL_LAN_012', "Filter Options");
|
||||
define('RL_LAN_013', "Start date/time");
|
||||
define('RL_LAN_014', "End date/time");
|
||||
define('RL_LAN_015', "User ID filter");
|
||||
define('RL_LAN_016', "Blank for none, zero for guest");
|
||||
define('RL_LAN_017', "No log entries, or none match filter");
|
||||
define('RL_LAN_018', "Refresh log");
|
||||
define('RL_LAN_019', "Date");
|
||||
define('RL_LAN_020', "IP");
|
||||
define('RL_LAN_021', "ID");
|
||||
define('RL_LAN_022', "User");
|
||||
define('RL_LAN_023', "Type");
|
||||
define('RL_LAN_024', "From");
|
||||
define('RL_LAN_025', "Event Title");
|
||||
define('RL_LAN_026', "Class for which user actions logged");
|
||||
define('RL_LAN_027', "Options");
|
||||
define('RL_LAN_028', "Update Filters");
|
||||
define('RL_LAN_029', "Event type filter");
|
||||
define('RL_LAN_030', "Admin Log");
|
||||
define('RL_LAN_031', "Actions to log");
|
||||
define('RL_LAN_032', "Pri"); // Event importance
|
||||
define('RL_LAN_033', "Further Information");
|
||||
define('RL_LAN_044', "Log events to display per page");
|
||||
define('RL_LAN_045', "Delete admin log events older than ");
|
||||
define('RL_LAN_046', " days");
|
||||
define('RL_LAN_047', "Confirm delete admin log events older than ");
|
||||
define('RL_LAN_048', "Admin log maintenance");
|
||||
define('RL_LAN_049', "Delete old entries");
|
||||
define('RL_LAN_050', "Parameter error - nothing deleted");
|
||||
define('RL_LAN_051', "Confirm Delete");
|
||||
define('RL_LAN_052', "Admin log events older than ");
|
||||
define('RL_LAN_053', " entries) deleted");
|
||||
define('RL_LAN_054', "Nothing to delete, or database error");
|
||||
define('RL_LAN_055', "Cancel");
|
||||
define('RL_LAN_056', "Nothing deleted");
|
||||
define('RL_LAN_057', " (");
|
||||
define('RL_LAN_058', "Priority Filter:");
|
||||
define('RL_LAN_059', "Caller Filter:");
|
||||
define('RL_LAN_060', "IP Address Filter:");
|
||||
define('RL_LAN_061', "Wildcard (*) at end acceptable");
|
||||
define('RL_LAN_062', 'User Audit Log');
|
||||
define('RL_LAN_063', 'User audit settings updated');
|
||||
define('RL_LAN_064', 'Applicable to all logs');
|
||||
|
||||
|
||||
// Messages for checkbox options in audit log - correspond to audit log event codes
|
||||
define('RL_LAN_071', 'User registration (ignores class setting above)');
|
||||
define('RL_LAN_072', 'Signup email acknowledgement (ignores class setting above)');
|
||||
define('RL_LAN_073', 'Login/Logout');
|
||||
define('RL_LAN_075', 'Change display name');
|
||||
define('RL_LAN_076', 'Change password');
|
||||
define('RL_LAN_077', 'Change email address');
|
||||
define('RL_LAN_078', 'Password Reset');
|
||||
define('RL_LAN_079', 'Change other user settings');
|
||||
|
||||
?>
|
@@ -4,9 +4,9 @@
|
||||
| e107 website system - Language File.
|
||||
|
|
||||
| $Source: /cvs_backup/e107_0.8/e107_languages/English/admin/lan_administrator.php,v $
|
||||
| $Revision: 1.1.1.1 $
|
||||
| $Date: 2006-12-02 04:34:40 $
|
||||
| $Author: mcfly_e107 $
|
||||
| $Revision: 1.2 $
|
||||
| $Date: 2007-12-15 15:06:40 $
|
||||
| $Author: e107steved $
|
||||
+----------------------------------------------------------------------------+
|
||||
*/
|
||||
define("ADMSLAN_0", "New user/admin entry created for");
|
||||
@@ -37,7 +37,7 @@ define("ADMSLAN_29", "Manage banners");
|
||||
define("ADMSLAN_30", "Configure news feed headlines");
|
||||
define("ADMSLAN_31", "Configure emoticons");
|
||||
define("ADMSLAN_32", "Configure front page content");
|
||||
define("ADMSLAN_33", "Configure log/stats");
|
||||
define("ADMSLAN_33", "Configure system logging");
|
||||
define("ADMSLAN_34", "Configure meta tags");
|
||||
define("ADMSLAN_35", "Configure public file uploads");
|
||||
define("ADMSLAN_36", "Configure Image Settings");
|
||||
|
@@ -4,9 +4,9 @@
|
||||
| e107 website system - Language File.
|
||||
|
|
||||
| $Source: /cvs_backup/e107_0.8/e107_languages/English/lan_fpw.php,v $
|
||||
| $Revision: 1.2 $
|
||||
| $Date: 2007-12-13 01:01:35 $
|
||||
| $Author: e107coders $
|
||||
| $Revision: 1.3 $
|
||||
| $Date: 2007-12-15 15:06:40 $
|
||||
| $Author: e107steved $
|
||||
+----------------------------------------------------------------------------+
|
||||
*/
|
||||
define("PAGE_NAME", "Password Reset");
|
||||
@@ -18,7 +18,7 @@ define("LAN_06", "Attempted password reset");
|
||||
define("LAN_07", "Someone with IP address ");
|
||||
define("LAN_08", "attempted to reset the main admin password.");
|
||||
define("LAN_09", "Password reset from ");
|
||||
define("LAN_112", "Email address used when signing up");
|
||||
define("LAN_112", 'Email address registered on this site');
|
||||
define("LAN_156", "Submit");
|
||||
define("LAN_213", "That username/email address was not found in database.");
|
||||
define("LAN_214", "Unable to reset password");
|
||||
@@ -44,5 +44,11 @@ define("LAN_FPW14", "has been submitted by someone with the IP of");
|
||||
define("LAN_FPW15", "This does not mean your password has yet been reset. You must navigate to the link shown below to complete the reset process.");
|
||||
define("LAN_FPW16", "If you did not request to have your password reset and you do NOT want it reset, you may simply ignore this email");
|
||||
define("LAN_FPW17", "The link below will be valid for 48 hours.");
|
||||
define('LAN_FPW18','Password reset requested');
|
||||
define('LAN_FPW19','Email send failed');
|
||||
define('LAN_FPW20','Email send succeeded');
|
||||
define('LAN_FPW21','User clicked on password reset link');
|
||||
define('LAN_FPW22','');
|
||||
|
||||
|
||||
?>
|
@@ -4,8 +4,8 @@
|
||||
| e107 website system - Language File.
|
||||
|
|
||||
| $Source: /cvs_backup/e107_0.8/e107_languages/English/lan_signup.php,v $
|
||||
| $Revision: 1.9 $
|
||||
| $Date: 2007-11-11 21:52:37 $
|
||||
| $Revision: 1.10 $
|
||||
| $Date: 2007-12-15 15:06:40 $
|
||||
| $Author: e107steved $
|
||||
+----------------------------------------------------------------------------+
|
||||
*/
|
||||
@@ -44,6 +44,18 @@ define("LAN_405", "This stage of registration is complete. You will receive a co
|
||||
define("LAN_406", "Thank you!");
|
||||
define("LAN_407", "Please keep this email for your own information. Your password has been encrypted and cannot be retrieved if you misplace or forget it. You can however request a new password if this happens.\n\nThanks for your registration.\n\nFrom");
|
||||
define("LAN_408", "A user with that email address already exists. Please use the 'forgot password' screen to retrieve your password.");
|
||||
|
||||
define("LAN_409", "Invalid characters in username");
|
||||
define("LAN_410", "Enter code visible in the image");
|
||||
define("LAN_411", "That display name already exists in the database, please choose a different display name");
|
||||
|
||||
|
||||
define("LAN_EMAIL_01", "Dear");
|
||||
define("LAN_EMAIL_04", "Please keep this email for your own information.");
|
||||
define("LAN_EMAIL_05", "Your password has been encrypted and cannot be retrieved if you misplace or forget it. You can however request a new password if this happens.");
|
||||
define("LAN_EMAIL_06", "Thanks for your registration.");
|
||||
|
||||
|
||||
define("LAN_SIGNUP_1", "Min.");
|
||||
define("LAN_SIGNUP_2", "chars.");
|
||||
define("LAN_SIGNUP_3", "Code verification failed.");
|
||||
@@ -55,12 +67,6 @@ define("LAN_SIGNUP_8", "Thank you!");
|
||||
define("LAN_SIGNUP_9", "Unable to proceed.");
|
||||
define("LAN_SIGNUP_10", "Yes");
|
||||
define("LAN_SIGNUP_11", ".");
|
||||
|
||||
define("LAN_409", "Invalid characters in username");
|
||||
define("LAN_410", "Enter code visible in the image");
|
||||
define("LAN_411", "That display name already exists in the database, please choose a different display name");
|
||||
|
||||
|
||||
define("LAN_SIGNUP_12", "please keep your username and password written down in a safe place as if lost they cannot be retrieved.");
|
||||
define("LAN_SIGNUP_13", "You can now log in from the Login box, or from <a href='".e_BASE."login.php'>here</a>.");
|
||||
define("LAN_SIGNUP_14", "here");
|
||||
@@ -80,27 +86,15 @@ define("LAN_SIGNUP_27", "Show");
|
||||
define("LAN_SIGNUP_28", "choice of Content/Mail-lists");
|
||||
define("LAN_SIGNUP_29", "A verification email will be sent to the email address you enter here so it must be valid.");
|
||||
define("LAN_SIGNUP_30", "If you do not wish to display your email address on this site, please tick the 'hide email address' box.");
|
||||
|
||||
define("LAN_SIGNUP_31", "URL to your XUP file");
|
||||
define("LAN_SIGNUP_32", "What's an XUP file?");
|
||||
define("LAN_SIGNUP_33", "Type path or choose avatar");
|
||||
define("LAN_SIGNUP_34", "Please note: Any image uploaded to this server that is deemed inappropriate by the administrators will be deleted immediately.");
|
||||
define("LAN_SIGNUP_35", "Click here to register using an XUP file");
|
||||
define("LAN_SIGNUP_36", "An error has occurred creating your user information, please contact the site admin");
|
||||
|
||||
define("LAN_LOGINNAME", "Username");
|
||||
define("LAN_PASSWORD", "Password");
|
||||
define("LAN_USERNAME", "Display Name");
|
||||
define("LAN_EMAIL_01", "Dear");
|
||||
define("LAN_EMAIL_04", "Please keep this email for your own information.");
|
||||
define("LAN_EMAIL_05", "Your password has been encrypted and cannot be retrieved if you misplace or forget it. You can however request a new password if this happens.");
|
||||
define("LAN_EMAIL_06", "Thanks for your registration.");
|
||||
|
||||
define("LAN_SIGNUP_37", "This stage of registration is complete. The site admin will need to approve your membership. Once this has been done you will receive a confirmation email alerting you that your membership has been approved.");
|
||||
define("LAN_SIGNUP_38", "You entered two different email addresses. Please enter a valid email address in the two fields provided");
|
||||
define("LAN_SIGNUP_39", "Re-type Email Address:");
|
||||
|
||||
// 0.7.6
|
||||
define("LAN_SIGNUP_40", "Activation not necessary");
|
||||
define("LAN_SIGNUP_41", "Your account is already activated.");
|
||||
define("LAN_SIGNUP_42", "There was a problem, the registration mail was not sent, please contact the website administrator.");
|
||||
@@ -120,6 +114,21 @@ define("LAN_SIGNUP_56", "That display name is too short. Please choose another")
|
||||
define("LAN_SIGNUP_57", "That login name is too long. Please choose another");
|
||||
define("LAN_SIGNUP_58", "Signup Preview");
|
||||
define("LAN_SIGNUP_59","**** If the link doesn't work, please check that part of it has not overflowed onto the next line. ****");
|
||||
define('LAN_SIGNUP_60','Signup email resend requested');
|
||||
define('LAN_SIGNUP_61','Send succeeded');
|
||||
define('LAN_SIGNUP_62','Send failed');
|
||||
define('LAN_SIGNUP_63','Password reset email resent requested');
|
||||
define('LAN_SIGNUP_64','');
|
||||
define('LAN_SIGNUP_65','');
|
||||
define('LAN_SIGNUP_66','');
|
||||
define('LAN_SIGNUP_67','');
|
||||
define('LAN_SIGNUP_68','');
|
||||
define('LAN_SIGNUP_69','');
|
||||
define('LAN_SIGNUP_70','');
|
||||
|
||||
define("LAN_LOGINNAME", "Username");
|
||||
define("LAN_PASSWORD", "Password");
|
||||
define("LAN_USERNAME", "Display Name");
|
||||
|
||||
|
||||
?>
|
||||
|
@@ -4,8 +4,8 @@
|
||||
| e107 website system - Language File.
|
||||
|
|
||||
| $Source: /cvs_backup/e107_0.8/e107_languages/English/lan_usersettings.php,v $
|
||||
| $Revision: 1.9 $
|
||||
| $Date: 2007-08-16 19:19:43 $
|
||||
| $Revision: 1.10 $
|
||||
| $Date: 2007-12-15 15:06:40 $
|
||||
| $Author: e107steved $
|
||||
+----------------------------------------------------------------------------+
|
||||
*/
|
||||
@@ -82,10 +82,6 @@ define("LAN_SIGNUP_5", " characters long.");
|
||||
define("LAN_SIGNUP_6", "Your ");
|
||||
define("LAN_SIGNUP_7", " is required");
|
||||
|
||||
define("LAN_USET_1", "Your avatar is too wide");
|
||||
define("LAN_USET_2", "Maximum allowable width is");
|
||||
define("LAN_USET_3", "Your avatar is too high");
|
||||
define("LAN_USET_4", "Maximum allowable height is");
|
||||
|
||||
// v.616
|
||||
define("LAN_CUSTOMTITLE", "Custom Title");
|
||||
@@ -99,6 +95,10 @@ define("MAX_AVHEIGHT", " x ");
|
||||
define("RESIZE_NOT_SUPPORTED", "Resize method not supported by this server. Please resize image or choose another. File has been deleted.");
|
||||
|
||||
// v0.7
|
||||
define("LAN_USET_1", "Your avatar is too wide");
|
||||
define("LAN_USET_2", "Maximum allowable width is");
|
||||
define("LAN_USET_3", "Your avatar is too high");
|
||||
define("LAN_USET_4", "Maximum allowable height is");
|
||||
define("LAN_USET_5", "Subscribed to");
|
||||
define("LAN_USET_6", "Subscribe to our mailing-list(s) and/or sections of this site.");
|
||||
define("LAN_USET_7", "Miscellaneous");
|
||||
@@ -112,5 +112,8 @@ define("LAN_USET_14", "Login name too long. Please choose another");
|
||||
define("LAN_USET_15", "Display name too long. Please choose another");
|
||||
define("LAN_USET_16", "Tick box to delete existing photo without uploading another");
|
||||
define("LAN_USET_17", "Display name already used. Please choose another");
|
||||
define('LAN_USET_18', 'User data changed by admin: --ID--, login name: --LOGNAME--');
|
||||
define('LAN_USET_19', '');
|
||||
define('LAN_USET_20', '');
|
||||
|
||||
?>
|
72
fpw.php
72
fpw.php
@@ -11,9 +11,9 @@
|
||||
| GNU General Public License (http://gnu.org).
|
||||
|
|
||||
| $Source: /cvs_backup/e107_0.8/fpw.php,v $
|
||||
| $Revision: 1.3 $
|
||||
| $Date: 2007-12-13 01:01:35 $
|
||||
| $Author: e107coders $
|
||||
| $Revision: 1.4 $
|
||||
| $Date: 2007-12-15 15:06:40 $
|
||||
| $Author: e107steved $
|
||||
+----------------------------------------------------------------------------+
|
||||
*/
|
||||
require_once("class2.php");
|
||||
@@ -58,14 +58,18 @@ function fpw_error($txt) {
|
||||
exit;
|
||||
}
|
||||
|
||||
//the seperator character used
|
||||
//the separator character used
|
||||
$fpw_sep = "#";
|
||||
|
||||
if (e_QUERY) {
|
||||
|
||||
|
||||
if (e_QUERY)
|
||||
{ // User has clicked on link to reset password
|
||||
define("FPW_ACTIVE","TRUE");
|
||||
$tmp = explode($fpw_sep, e_QUERY);
|
||||
$tmpinfo = preg_replace("#[\W_]#", "", $tp -> toDB($tmp[0], true));
|
||||
if ($sql->db_Select("tmp", "*", "tmp_info LIKE '%{$fpw_sep}{$tmpinfo}' ")) {
|
||||
if ($sql->db_Select("tmp", "*", "tmp_info LIKE '%{$fpw_sep}{$tmpinfo}' "))
|
||||
{
|
||||
$row = $sql->db_Fetch();
|
||||
extract($row);
|
||||
$sql->db_Delete("tmp", "tmp_info LIKE '%{$fpw_sep}{$tmpinfo}' ");
|
||||
@@ -76,8 +80,15 @@ if (e_QUERY) {
|
||||
}
|
||||
$mdnewpw = md5($newpw);
|
||||
|
||||
// Details for admin log
|
||||
$do_log['password_action'] = LAN_FPW21;
|
||||
$do_log['user_name'] = $tp -> toDB($username, true);
|
||||
$do_log['activation_code'] = $tmpinfo;
|
||||
$do_log['user_password'] = $mdnewpw;
|
||||
$admin_log->user_audit(USER_AUDIT_PW_RES,$do_log,0,$do_log['user_name']);
|
||||
|
||||
list($username, $md5) = explode($fpw_sep, $tmp_info);
|
||||
$sql->db_Update("user", "user_password='$mdnewpw', user_viewed='' WHERE user_name='".$tp -> toDB($username, true)."' ");
|
||||
$sql->db_Update("user", "user_password='{$mdnewpw}', user_viewed='' WHERE user_name='".$tp -> toDB($username, true)."' ");
|
||||
cookie($pref['cookie_name'], "", (time()-2592000));
|
||||
$_SESSION[$pref['cookie_name']] = "";
|
||||
|
||||
@@ -94,11 +105,16 @@ if (e_QUERY) {
|
||||
}
|
||||
}
|
||||
|
||||
if (isset($_POST['pwsubmit'])) {
|
||||
|
||||
// Request to reset password
|
||||
//--------------------------
|
||||
if (isset($_POST['pwsubmit']))
|
||||
{
|
||||
require_once(e_HANDLER."mail.php");
|
||||
$email = $_POST['email'];
|
||||
|
||||
if ($pref['fpwcode'] && extension_loaded("gd")) {
|
||||
if ($pref['fpwcode'] && extension_loaded("gd"))
|
||||
{
|
||||
if (!$sec_img->verify_code($_POST['rand_num'], $_POST['code_verify'])) {
|
||||
fpw_error(LAN_FPW3);
|
||||
}
|
||||
@@ -110,19 +126,22 @@ if (isset($_POST['pwsubmit'])) {
|
||||
// Allow admins to remove 'username' from fpw_template.php if they wish.
|
||||
$query .= (isset($_POST['username'])) ? " AND user_loginname='{$clean_username}'" : "";
|
||||
|
||||
if ($sql->db_Select("user", "*", $query)) {
|
||||
if ($sql->db_Select("user", "*", $query))
|
||||
{
|
||||
$row = $sql->db_Fetch();
|
||||
extract($row);
|
||||
extract($row);
|
||||
|
||||
if ($user_admin == 1 && $user_perms == "0") {
|
||||
if ($user_admin == 1 && $user_perms == "0")
|
||||
{ // Main admin expected to be competent enough to never forget password! (And its a security check - so warn them)
|
||||
sendemail($pref['siteadminemail'], LAN_06, LAN_07."".$e107->getip()." ".LAN_08);
|
||||
echo "<script type='text/javascript'>document.location.href='index.php'</script>\n";
|
||||
die();
|
||||
}
|
||||
|
||||
if ($sql->db_Select("tmp", "*", "tmp_ip = 'pwreset' AND tmp_info LIKE '{$user_name}{$fpw_sep}%'")) {
|
||||
fpw_error(LAN_FPW4);
|
||||
exit;
|
||||
if ($sql->db_Select("tmp", "*", "tmp_ip = 'pwreset' AND tmp_info LIKE '{$user_name}{$fpw_sep}%'"))
|
||||
{
|
||||
fpw_error(LAN_FPW4);
|
||||
exit;
|
||||
}
|
||||
|
||||
mt_srand ((double)microtime() * 1000000);
|
||||
@@ -139,17 +158,30 @@ if (isset($_POST['pwsubmit'])) {
|
||||
//Set timestamp two days ahead so it doesn't get auto-deleted
|
||||
$sql->db_Insert("tmp", "'pwreset',{$deltime},'{$user_name}{$fpw_sep}{$rcode}'");
|
||||
|
||||
$do_log['password_action'] = LAN_FPW18;
|
||||
$do_log['user_id'] = $row['user_id'];
|
||||
$do_log['user_name'] = $row['user_name'];
|
||||
$do_log['user_loginname'] = $row['user_loginname'];
|
||||
$do_log['activation_code'] = $rcode;
|
||||
|
||||
if (sendemail($_POST['email'], "".LAN_09."".SITENAME, $message)) {
|
||||
$text = "<div style='text-align:center'>".LAN_FPW6."</div>";
|
||||
} else {
|
||||
$text = "<div style='text-align:center'>".LAN_02."</div>";
|
||||
if (sendemail($_POST['email'], "".LAN_09."".SITENAME, $message))
|
||||
{
|
||||
$text = "<div style='text-align:center'>".LAN_FPW6."</div>";
|
||||
$do_log['password_result'] = LAN_FPW20;
|
||||
}
|
||||
else
|
||||
{
|
||||
$text = "<div style='text-align:center'>".LAN_02."</div>";
|
||||
$do_log['password_result'] = LAN_FPW19;
|
||||
}
|
||||
$admin_log->user_audit(USER_AUDIT_PW_RES,$do_log,$row['user_id'],$row['user_name']);
|
||||
|
||||
$ns->tablerender(LAN_03, $text);
|
||||
require_once(FOOTERF);
|
||||
exit;
|
||||
} else {
|
||||
}
|
||||
else
|
||||
{
|
||||
$text = LAN_213;
|
||||
$ns->tablerender(LAN_214, "<div style='text-align:center'>".$text."</div>");
|
||||
}
|
||||
|
40
signup.php
40
signup.php
@@ -11,8 +11,8 @@
|
||||
| GNU General Public License (http://gnu.org).
|
||||
|
|
||||
| $Source: /cvs_backup/e107_0.8/signup.php,v $
|
||||
| $Revision: 1.12 $
|
||||
| $Date: 2007-12-09 16:42:22 $
|
||||
| $Revision: 1.13 $
|
||||
| $Date: 2007-12-15 15:06:40 $
|
||||
| $Author: e107steved $
|
||||
+----------------------------------------------------------------------------+
|
||||
*/
|
||||
@@ -40,6 +40,7 @@ include_once(e_FILE."shortcode/batch/signup_shortcodes.php");
|
||||
|
||||
$signup_imagecode = ($pref['signcode'] && extension_loaded("gd"));
|
||||
|
||||
|
||||
//-------------------------------
|
||||
// Resend Activation Email
|
||||
//-------------------------------
|
||||
@@ -100,24 +101,22 @@ if(e_QUERY == "resend" && !USER && ($pref['user_reg_veri'] == 1))
|
||||
$mailheader_e107id = $nid;
|
||||
require_once(e_HANDLER."mail.php");
|
||||
|
||||
/*
|
||||
echo "Sending to: ".$row['user_email'];
|
||||
require_once(FOOTERF);
|
||||
exit;
|
||||
*/
|
||||
$do_log['signup_action'] = LAN_SIGNUP_63;
|
||||
|
||||
if(!sendemail($row['user_email'], $eml['subject'], $eml['message'], $row['user_name'], "", "", $eml['attachments'], $eml['cc'], $eml['bcc'], $returnpath, $returnreceipt,$eml['inline-images']))
|
||||
{
|
||||
$ns -> tablerender(LAN_ERROR,LAN_SIGNUP_42);
|
||||
require_once(FOOTERF);
|
||||
exit;
|
||||
$ns -> tablerender(LAN_ERROR,LAN_SIGNUP_42);
|
||||
$do_log['signup_result'] = LAN_SIGNUP_62;
|
||||
}
|
||||
else
|
||||
{
|
||||
$ns -> tablerender(LAN_SIGNUP_43,LAN_SIGNUP_44." ".$row['user_email']." - ".LAN_SIGNUP_45."<br /><br />");
|
||||
require_once(FOOTERF);
|
||||
exit;
|
||||
$do_log['signup_result'] = LAN_SIGNUP_61;
|
||||
}
|
||||
// Now log this (log will ignore if its disabled)
|
||||
$admin_log->user_audit(USER_AUDIT_PW_RES,$do_log,$row['user_id'],$row['user_name']);
|
||||
require_once(FOOTERF);
|
||||
exit;
|
||||
}
|
||||
|
||||
require_once(e_HANDLER."message_handler.php");
|
||||
@@ -284,7 +283,7 @@ if (e_QUERY)
|
||||
if ($qs[0] == "activate" && (count($qs) == 3 || count($qs) == 4) && $qs[2])
|
||||
{
|
||||
// return the message in the correct language.
|
||||
if($qs[3] && strlen($qs[3]) == 2 )
|
||||
if(isset($qs[3]) && strlen($qs[3]) == 2 )
|
||||
{
|
||||
require_once(e_HANDLER."language_class.php");
|
||||
$lng = new language;
|
||||
@@ -321,6 +320,10 @@ if (e_QUERY)
|
||||
}
|
||||
}
|
||||
$sql->db_Update("user", "user_ban='0', user_sess=''{$init_classes} WHERE user_sess='".$tp -> toDB($qs[2], true)."' ");
|
||||
|
||||
// Log to user audit log if enabled
|
||||
$admin_log->user_audit(USER_AUDIT_EMAILACK,$row);
|
||||
|
||||
$e_event->trigger("userveri", $row);
|
||||
require_once(HEADERF);
|
||||
$text = LAN_401." <a href='index.php'>".LAN_SIGNUP_22."</a> ".LAN_SIGNUP_23."<br />".LAN_SIGNUP_24." ".SITENAME;
|
||||
@@ -688,6 +691,17 @@ global $db_debug;
|
||||
$u_key = md5(uniqid(rand(), 1));
|
||||
// ************* Possible class insert
|
||||
$nid = $sql->db_Insert("user", "0, '{$username}', '{$loginname}', '', '".md5($_POST['password1'])."', '{$u_key}', '".$tp -> toDB($_POST['email'])."', '".$tp -> toDB($_POST['signature'])."', '".$tp -> toDB($_POST['image'])."', '".$tp -> toDB($_POST['timezone'])."', '".$tp -> toDB($_POST['hideemail'])."', '".$time."', '0', '".$time."', '0', '0', '0', '0', '".$ip."', '2', '0', '', '', '0', '0', '".$tp -> toDB($_POST['realname'])."', '', '', '', '0', '".$tp -> toDB($_POST['xupexist'])."' ");
|
||||
|
||||
// Log to user audit log if enabled
|
||||
$admin_log->user_audit(USER_AUDIT_SIGNUP,array(
|
||||
'user_id' => $nid,
|
||||
'user_name' => $username,
|
||||
'user_loginname' => $loginname,
|
||||
'user_email' => $tp -> toDB($_POST['email']),
|
||||
'user_realname' => $tp -> toDB($_POST['realname']),
|
||||
'signup_key' => $u_key
|
||||
));
|
||||
|
||||
if(!$nid)
|
||||
{
|
||||
require_once(HEADERF);
|
||||
|
644
usersettings.php
644
usersettings.php
@@ -11,12 +11,39 @@
|
||||
| GNU General Public License (http://gnu.org).
|
||||
|
|
||||
| $Source: /cvs_backup/e107_0.8/usersettings.php,v $
|
||||
| $Revision: 1.17 $
|
||||
| $Date: 2007-12-09 22:38:27 $
|
||||
| $Revision: 1.18 $
|
||||
| $Date: 2007-12-15 15:06:40 $
|
||||
| $Author: e107steved $
|
||||
|
||||
Mods to give a uniform interface.
|
||||
|
||||
|
||||
To do:
|
||||
1. Check that photo can be updated/deleted OK
|
||||
3. Make sure all $_POST values go through $tp->toDB - currently display name, login name don't - that's the way it was
|
||||
4. Make sure displayname and loginname kept in sync where not permitted to be different
|
||||
5. Check whether customtitle needs a special look to obey an option - currently updated in two places; check which is required
|
||||
6. XUP update - there's a bit of code which calls userlogin::update_xup() which looks relevant - BUT:
|
||||
a) It allows update of user_login field
|
||||
b) Possible error on {EMAILHIDE} - should it be {$EMAILHIDE} ?
|
||||
c) That code will update the user record regardless of whether there are values in the XUP file - so could become null
|
||||
7. When restoring $_POST values after an error (just before display) they should all have been vetted - should be done, but double check
|
||||
8. Check the use of 'class' around line 190 - if left, the message doesn't make total sense. Not sure the feature makes sense anyway.
|
||||
9. No means of retaining name of photo file through an error?
|
||||
10. Can get editable classes from the userclass object in 0.8
|
||||
11. Check its acceptable to, on the whole, not update a field which is empty but for which $_POST[] value exists
|
||||
12. Run through list of fields in DB; make sure all can be updated where needed
|
||||
14. Add admin log entry for when admin changing data
|
||||
15. Check class memberships - possible that main admin made a member of all (may be an inherited userclass issue)
|
||||
|
||||
Notes:
|
||||
$pref['forum_user_customtitle'] - used and saved in central record; set in forum interface
|
||||
Uses $udata initially, later curVal to hold current user data
|
||||
+----------------------------------------------------------------------------+
|
||||
*/
|
||||
|
||||
//echo "Starting usersettings<br />";
|
||||
|
||||
require_once("class2.php");
|
||||
require_once(e_HANDLER."ren_help.php");
|
||||
require_once(e_HANDLER."user_extended_class.php");
|
||||
@@ -24,8 +51,11 @@ $ue = new e107_user_extended;
|
||||
|
||||
//define("US_DEBUG",TRUE);
|
||||
define("US_DEBUG",FALSE);
|
||||
//echo "Loaded includes<br />";
|
||||
|
||||
|
||||
/*
|
||||
These links look redundant
|
||||
if (isset($_POST['sub_news']))
|
||||
{
|
||||
header("location:".e_BASE."submitnews.php");
|
||||
@@ -51,26 +81,30 @@ if (isset($_POST['sub_review'])) {
|
||||
header("location:".e_BASE."subcontent.php?review");
|
||||
exit;
|
||||
}
|
||||
*/
|
||||
|
||||
if (!USER) {
|
||||
header("location:".e_BASE."index.php");
|
||||
exit;
|
||||
|
||||
if (!USER)
|
||||
{ // Must be logged in to change settings
|
||||
header("location:".e_BASE."index.php");
|
||||
exit;
|
||||
}
|
||||
|
||||
if (!ADMIN && e_QUERY && e_QUERY != "update") {
|
||||
header("location:".e_BASE."usersettings.php");
|
||||
exit;
|
||||
if (!ADMIN && e_QUERY && e_QUERY != "update")
|
||||
{
|
||||
header("location:".e_BASE."usersettings.php");
|
||||
exit;
|
||||
}
|
||||
|
||||
require_once(e_HANDLER."ren_help.php");
|
||||
|
||||
if(is_readable(THEME."usersettings_template.php"))
|
||||
{
|
||||
include_once(THEME."usersettings_template.php");
|
||||
include_once(THEME."usersettings_template.php");
|
||||
}
|
||||
else
|
||||
{
|
||||
include_once(e_THEME."templates/usersettings_template.php");
|
||||
include_once(e_THEME."templates/usersettings_template.php");
|
||||
}
|
||||
include_once(e_FILE."shortcode/batch/usersettings_shortcodes.php");
|
||||
|
||||
@@ -80,27 +114,29 @@ $_uid = is_numeric(e_QUERY) ? intval(e_QUERY) : "";
|
||||
$sesschange = ''; // Notice removal
|
||||
$photo_to_delete = '';
|
||||
$avatar_to_delete = '';
|
||||
$changed_user_data = array();
|
||||
|
||||
require_once(HEADERF);
|
||||
|
||||
|
||||
// Save user settings (whether or not changed)
|
||||
//---------------------------------------------
|
||||
// Save user settings (changes only)
|
||||
//-----------------------------------
|
||||
$error = "";
|
||||
|
||||
if (isset($_POST['updatesettings']))
|
||||
{
|
||||
if(!varsettrue($pref['auth_method']) || $pref['auth_method'] == '>e107')
|
||||
{
|
||||
$pref['auth_method'] = 'e107';
|
||||
$pref['auth_method'] = 'e107';
|
||||
}
|
||||
|
||||
if($pref['auth_method'] != 'e107')
|
||||
{
|
||||
$_POST['password1'] = '';
|
||||
$_POST['password2'] = '';
|
||||
$_POST['password1'] = '';
|
||||
$_POST['password2'] = '';
|
||||
}
|
||||
|
||||
|
||||
if ($_uid && ADMIN)
|
||||
{ // Admin logged in and editing another user's settings - so editing a different ID
|
||||
$inp = $_uid;
|
||||
@@ -112,31 +148,59 @@ if (isset($_POST['updatesettings']))
|
||||
}
|
||||
|
||||
|
||||
$udata = get_user_data($inp); // Get all the existing user data, including any extended fields
|
||||
$peer = ($inp == USERID ? false : true);
|
||||
|
||||
|
||||
|
||||
|
||||
// Check external avatar
|
||||
$_POST['image'] = str_replace(array('\'', '"', '(', ')'), '', $_POST['image']); // these are invalid anyway, so why allow them? (XSS Fix)
|
||||
if ($_POST['image'] && $size = getimagesize($_POST['image'])) {
|
||||
if ($_POST['image'])
|
||||
{
|
||||
$_POST['image'] = str_replace(array('\'', '"', '(', ')'), '', $_POST['image']); // these are invalid anyway, so why allow them? (XSS Fix)
|
||||
if ($size = getimagesize($_POST['image']))
|
||||
{
|
||||
$avwidth = $size[0];
|
||||
$avheight = $size[1];
|
||||
$avmsg = "";
|
||||
|
||||
$pref['im_width'] = ($pref['im_width']) ? $pref['im_width'] : 120;
|
||||
$pref['im_height'] = ($pref['im_height']) ? $pref['im_height'] : 100;
|
||||
if ($avwidth > $pref['im_width']) {
|
||||
$avmsg .= LAN_USET_1." ($avwidth)<br />".LAN_USET_2.": {$pref['im_width']}<br /><br />";
|
||||
$pref['im_width'] = varsettrue($pref['im_width'], 120);
|
||||
$pref['im_height'] = varsettrue($pref['im_height'], 100);
|
||||
if ($avwidth > $pref['im_width'])
|
||||
{
|
||||
$avmsg .= LAN_USET_1." ({$avwidth})<br />".LAN_USET_2.": {$pref['im_width']}<br /><br />";
|
||||
}
|
||||
if ($avheight > $pref['im_height']) {
|
||||
$avmsg .= LAN_USET_3." ($avheight)<br />".LAN_USET_4.": {$pref['im_height']}";
|
||||
if ($avheight > $pref['im_height'])
|
||||
{
|
||||
$avmsg .= LAN_USET_3." ({$avheight})<br />".LAN_USET_4.": {$pref['im_height']}";
|
||||
}
|
||||
if ($avmsg) {
|
||||
$_POST['image'] = "";
|
||||
$error = $avmsg;
|
||||
if ($avmsg)
|
||||
{
|
||||
$_POST['image'] = "";
|
||||
$error = $avmsg;
|
||||
}
|
||||
|
||||
else
|
||||
{
|
||||
if ($_POST['image'] != $udata['user_image'])
|
||||
{
|
||||
$changed_user_data['user_image'] = $_POST['image'];
|
||||
}
|
||||
}
|
||||
}
|
||||
else
|
||||
{ // Invalid image file - we could just put up a message
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
// The 'class' option doesn't really make sense to me, but left it for now
|
||||
// $signup_option_title = array(LAN_308, LAN_120, LAN_121, LAN_122);
|
||||
// $signup_option_names = array("realname", "signature", "image", "timezone");
|
||||
|
||||
$signup_option_title = array(LAN_308, LAN_120, LAN_121, LAN_122, LAN_USET_6);
|
||||
$signup_option_names = array("realname", "signature", "image", "timezone", "class");
|
||||
|
||||
foreach($signup_option_names as $key => $value)
|
||||
{ // Check required signup fields
|
||||
if ($pref['signup_option_'.$value] == 2 && !$_POST[$value] && !$_uid)
|
||||
@@ -146,74 +210,56 @@ if (isset($_POST['updatesettings']))
|
||||
}
|
||||
|
||||
|
||||
// Login Name checks
|
||||
if (isset($_POST['loginname']))
|
||||
|
||||
// Login Name checks - only admin can change login name
|
||||
if (isset($_POST['loginname']) && ADMIN && getperms("4"))
|
||||
{ // Only check if its been edited
|
||||
$temp_name = trim(preg_replace('/ |\#|\=|\$/', "", strip_tags($_POST['loginname'])));
|
||||
if ($temp_name != $_POST['loginname'])
|
||||
$loginname = trim(preg_replace('/ |\#|\=|\$/', "", strip_tags($_POST['loginname'])));
|
||||
if ($loginname != $_POST['loginname'])
|
||||
{
|
||||
$error .= LAN_USET_13."\\n";
|
||||
}
|
||||
// Check if login name exceeds maximum allowed length
|
||||
if (strlen($temp_name) > varset($pref['loginname_maxlength'],30))
|
||||
if (strlen($loginname) > varset($pref['loginname_maxlength'],30))
|
||||
{
|
||||
$error .= LAN_USET_14."\\n";
|
||||
}
|
||||
if ($udata['user_loginname'] != $loginname)
|
||||
{
|
||||
$changed_user_data['user_loginname'] = $loginname;
|
||||
}
|
||||
else
|
||||
{
|
||||
unset($loginname);
|
||||
}
|
||||
}
|
||||
$_POST['loginname'] = $temp_name;
|
||||
}
|
||||
if (isset($loginname)) $_POST['loginname'] = $loginname; else unset($_POST['loginname']); // Make sure no change of the $_POST value staying set inappropriately
|
||||
|
||||
|
||||
// Password checks
|
||||
$pwreset = "";
|
||||
if ($_POST['password1'] != $_POST['password2']) {
|
||||
$error .= LAN_105."\\n";
|
||||
|
||||
// Display name checks
|
||||
// If display name == login name, it has to meet the criteria for both login name and display name
|
||||
echo "Check_class: {$pref['displayname_class']}; {$udata['user_class']}; {$peer}<br />";
|
||||
if (check_class($pref['displayname_class'], $udata['user_class'], $peer))
|
||||
{ // Display name can be different to login name - check display name if its been entered
|
||||
if (isset($_POST['username']))
|
||||
{
|
||||
$username = trim(strip_tags($_POST['username']));
|
||||
$_POST['username'] = $username;
|
||||
echo "Found new display name: {$username}<br />";
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
if(trim($_POST['password1']) != "")
|
||||
{
|
||||
$pwreset = "user_password = '".md5(trim($_POST['password1']))."', ";
|
||||
}
|
||||
}
|
||||
|
||||
if(isset($pref['signup_disallow_text']))
|
||||
{
|
||||
$tmp = explode(",", $pref['signup_disallow_text']);
|
||||
foreach($tmp as $disallow){
|
||||
if(strstr($_POST['username'], $disallow)){
|
||||
$error .= LAN_USET_11."\\n";
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (strlen(trim($_POST['password1'])) < $pref['signup_pass_len'] && trim($_POST['password1']) != "") {
|
||||
$error .= LAN_SIGNUP_4.$pref['signup_pass_len'].LAN_SIGNUP_5."\\n";
|
||||
$password1 = "";
|
||||
$password2 = "";
|
||||
{ // Display name and login name must be the same - check only if the login name has been changed
|
||||
if (varsettrue($loginname)) $username = $loginname;
|
||||
}
|
||||
|
||||
|
||||
if (isset($pref['disable_emailcheck']) && $pref['disable_emailcheck']==1)
|
||||
{
|
||||
} else {
|
||||
if (!check_email($_POST['email']))
|
||||
{
|
||||
$error .= LAN_106."\\n";
|
||||
}
|
||||
}
|
||||
|
||||
// Check for duplicate of email address
|
||||
if ($sql->db_Select("user", "user_name, user_email", "user_email='".$tp -> toDB($_POST['email'])."' AND user_id !='".intval($inp)."' "))
|
||||
{
|
||||
$error .= LAN_408."\\n";
|
||||
}
|
||||
|
||||
|
||||
// Display name checks
|
||||
if (isset($_POST['username']))
|
||||
if (varsettrue($username))
|
||||
{
|
||||
echo "Checking user name<br />";
|
||||
// Impose a minimum length on display name
|
||||
$username = trim(strip_tags($_POST['username']));
|
||||
if (strlen($username) < 2)
|
||||
{
|
||||
$error .= LAN_USET_12."\\n";
|
||||
@@ -223,95 +269,141 @@ if (isset($_POST['updatesettings']))
|
||||
$error .= LAN_USET_15."\\n";
|
||||
}
|
||||
|
||||
if(isset($pref['signup_disallow_text']))
|
||||
{
|
||||
$tmp = explode(",", $pref['signup_disallow_text']);
|
||||
foreach($tmp as $disallow)
|
||||
{
|
||||
if(stristr($username, trim($disallow)))
|
||||
{
|
||||
$error .= LAN_USET_11."\\n";
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Display Name exists.
|
||||
if ($sql->db_Count("user", "(*)", "WHERE `user_name`='".$username."' AND `user_id` != '".intval($inp)."' "))
|
||||
{
|
||||
$error .= LAN_USET_17;
|
||||
}
|
||||
if ($username != $udata['user_name']) $changed_user_data['user_name'] = $username;
|
||||
unset($username);
|
||||
}
|
||||
|
||||
|
||||
|
||||
// Password checks
|
||||
if ($_POST['password1'] != $_POST['password2'])
|
||||
{
|
||||
$error .= LAN_105."\\n";
|
||||
}
|
||||
else
|
||||
{
|
||||
if(trim($_POST['password1']) != "")
|
||||
{
|
||||
if (strlen(trim($_POST['password1'])) < $pref['signup_pass_len'])
|
||||
{
|
||||
$error .= LAN_SIGNUP_4.$pref['signup_pass_len'].LAN_SIGNUP_5."\\n";
|
||||
}
|
||||
$changed_user_data['user_password'] = md5(trim($_POST['password1']));
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
// Email address checks
|
||||
if (!varsettrue($pref['disable_emailcheck']))
|
||||
{
|
||||
if (!check_email($_POST['email']))
|
||||
{
|
||||
$error .= LAN_106."\\n";
|
||||
}
|
||||
}
|
||||
|
||||
// Check for duplicate of email address
|
||||
if ($sql->db_Select("user", "user_name, user_email", "user_email='".$tp -> toDB($_POST['email'])."' AND user_id !='".intval($inp)."' "))
|
||||
{
|
||||
$error .= LAN_408."\\n";
|
||||
}
|
||||
|
||||
|
||||
|
||||
// Uploaded avatar and/or photo
|
||||
$user_sess = "";
|
||||
if ($file_userfile['error'] != 4)
|
||||
{
|
||||
require_once(e_HANDLER."upload_handler.php");
|
||||
require_once(e_HANDLER."resize_handler.php");
|
||||
require_once(e_HANDLER."upload_handler.php");
|
||||
require_once(e_HANDLER."resize_handler.php");
|
||||
|
||||
if ($uploaded = file_upload(e_FILE."public/avatars/", "avatar"))
|
||||
{
|
||||
foreach ($uploaded as $upload)
|
||||
{ // Needs the latest upload handler (with legacy and 'future' interfaces) to work
|
||||
if ($upload['name'] && ($upload['index'] == 'avatar') && $pref['avatar_upload'])
|
||||
if ($uploaded = file_upload(e_FILE."public/avatars/", "avatar"))
|
||||
{
|
||||
foreach ($uploaded as $upload)
|
||||
{ // Needs the latest upload handler (with legacy and 'future' interfaces) to work
|
||||
if ($upload['name'] && ($upload['index'] == 'avatar') && $pref['avatar_upload'])
|
||||
{
|
||||
// avatar uploaded - give it a reference which identifies it as server-stored
|
||||
$_POST['image'] = "-upload-".$upload['name'];
|
||||
if ($_POST['image'] != $udata['user_image'])
|
||||
{
|
||||
// avatar uploaded - give it a reference which identifies it as server-stored
|
||||
$_POST['image'] = "-upload-".$upload['name'];
|
||||
if ($_POST['image'] != $currentUser['user_image'])
|
||||
{
|
||||
$avatar_to_delete = str_replace("-upload-", "", $currentUser['user_image']);
|
||||
// echo "Avatar change; deleting {$avatar_to_delete}<br />";
|
||||
}
|
||||
if (!resize_image(e_FILE."public/avatars/".$upload['name'], e_FILE."public/avatars/".$upload['name'], "avatar"))
|
||||
{
|
||||
unset($message);
|
||||
$error .= RESIZE_NOT_SUPPORTED."\\n";
|
||||
@unlink(e_FILE."public/avatars/".$upload['name']);
|
||||
$_POST['image'] = '';
|
||||
}
|
||||
$avatar_to_delete = str_replace("-upload-", "", $udata['user_image']);
|
||||
// echo "Avatar change; deleting {$avatar_to_delete}<br />";
|
||||
$changed_user_data['user_image'] = $_POST['image'];
|
||||
}
|
||||
|
||||
if ($upload['name'] && ($upload['index'] == 'photo') && $pref['photo_upload'] )
|
||||
if (!resize_image(e_FILE."public/avatars/".$upload['name'], e_FILE."public/avatars/".$upload['name'], "avatar"))
|
||||
{
|
||||
// photograph uploaded
|
||||
$user_sess = $upload['name'];
|
||||
if (!resize_image(e_FILE."public/avatars/".$user_sess, e_FILE."public/avatars/".$user_sess, 180))
|
||||
{
|
||||
unset($message);
|
||||
$error .= RESIZE_NOT_SUPPORTED."\\n";
|
||||
@unlink(e_FILE."public/avatars/".$user_sess);
|
||||
$user_sess = '';
|
||||
}
|
||||
unset($message);
|
||||
$error .= RESIZE_NOT_SUPPORTED."\\n";
|
||||
@unlink(e_FILE."public/avatars/".$upload['name']);
|
||||
$_POST['image'] = '';
|
||||
unset($changed_user_data['user_image']);
|
||||
}
|
||||
}
|
||||
|
||||
if ($upload['name'] && ($upload['index'] == 'photo') && $pref['photo_upload'] )
|
||||
{
|
||||
// photograph uploaded
|
||||
if ($udata['user_sess'] != $upload['name'])
|
||||
{
|
||||
$photo_to_delete = $udata['user_sess'];
|
||||
$changed_user_data['user_sess'] = $upload['name'];
|
||||
}
|
||||
|
||||
if (!resize_image(e_FILE."public/avatars/".$upload['name'], e_FILE."public/avatars/".$upload['name'], 180))
|
||||
{
|
||||
unset($message);
|
||||
$error .= RESIZE_NOT_SUPPORTED."\\n";
|
||||
@unlink(e_FILE."public/avatars/".$upload['name']);
|
||||
unset($changed_user_data['user_sess']);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// See if user just wants to delete existing photo
|
||||
if (isset($_POST['user_delete_photo']))
|
||||
{
|
||||
$photo_to_delete = $currentUser['user_sess'];
|
||||
$sesschange = "user_sess = '', ";
|
||||
$photo_to_delete = $udata['user_sess'];
|
||||
$changed_user_data['user_sess'] = '';
|
||||
// echo "Just delete old photo: {$photo_to_delete}<br />";
|
||||
}
|
||||
elseif ($user_sess != "")
|
||||
{ // Update DB with photo
|
||||
$sesschange = "user_sess = '".$tp->toDB($user_sess)."', ";
|
||||
if ($currentUser['user_sess'] == $tp->toDB($user_sess))
|
||||
{
|
||||
$sesschange = ''; // Same photo - do nothing
|
||||
// echo "Photo not changed<br />";
|
||||
}
|
||||
else
|
||||
{
|
||||
$photo_to_delete = $currentUser['user_sess'];
|
||||
// echo "New photo: {$user_sess} Delete old photo: {$photo_to_delete}<br />";
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
// Validate Extended User Fields.
|
||||
if($_POST['ue'])
|
||||
{
|
||||
if($sql->db_Select('user_extended_struct')) {
|
||||
while($row = $sql->db_Fetch())
|
||||
{
|
||||
$extList["user_".$row['user_extended_struct_name']] = $row;
|
||||
}
|
||||
}
|
||||
|
||||
$ue_fields = "";
|
||||
foreach($_POST['ue'] as $key => $val)
|
||||
if($sql->db_Select('user_extended_struct'))
|
||||
{
|
||||
while($row = $sql->db_Fetch())
|
||||
{
|
||||
$extList["user_".$row['user_extended_struct_name']] = $row;
|
||||
}
|
||||
}
|
||||
|
||||
$ue_fields = "";
|
||||
foreach($_POST['ue'] as $key => $val)
|
||||
{
|
||||
$err = false;
|
||||
$parms = explode("^,^", $extList[$key]['user_extended_struct_parms']);
|
||||
$regex = $tp->toText($parms[1]);
|
||||
@@ -336,12 +428,13 @@ if (isset($_POST['updatesettings']))
|
||||
$ue_fields .= ($ue_fields) ? ", " : "";
|
||||
$ue_fields .= $key."='".$val."'";
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
// All validated here
|
||||
// ------------------
|
||||
|
||||
// All key fields validated here
|
||||
// -----------------------------
|
||||
|
||||
// $inp - UID of user whose data is being changed (may not be the currently logged in user)
|
||||
if (!$error)
|
||||
@@ -355,52 +448,14 @@ if (isset($_POST['updatesettings']))
|
||||
|
||||
$ret = $e_event->trigger("preuserset", $_POST);
|
||||
|
||||
if(trim($_POST['user_xup']) != "")
|
||||
{
|
||||
if($sql->db_Select('user', 'user_xup', "user_id = '".intval($inp)."'"))
|
||||
{
|
||||
$row = $sql->db_Fetch();
|
||||
$update_xup = ($row['user_xup'] != $_POST['user_xup']) ? TRUE : FALSE;
|
||||
}
|
||||
}
|
||||
|
||||
if ($ret == '')
|
||||
{
|
||||
$udata = get_user_data($inp); // Get all the user data, including any extended fields
|
||||
$peer = ($inp == USERID ? false : true);
|
||||
|
||||
$loginname = strip_tags($_POST['loginname']);
|
||||
if (!$loginname)
|
||||
{
|
||||
// $sql->db_Select("user", "user_loginname", "user_id='".intval($inp)."'");
|
||||
// $row = $sql -> db_Fetch();
|
||||
$loginname = $udata['user_loginname'];
|
||||
}
|
||||
else
|
||||
{
|
||||
if(!check_class($pref['displayname_class'], $udata['user_class'], $peer))
|
||||
{
|
||||
$new_username = "user_name = '{$loginname}', ";
|
||||
$username = $loginname;
|
||||
}
|
||||
}
|
||||
|
||||
// if (isset($_POST['username']) && check_class($pref['displayname_class']))
|
||||
if (isset($_POST['username']) && check_class($pref['displayname_class'], $udata['user_class'], $peer))
|
||||
{ // Allow change of display name if in right class
|
||||
$username = strip_tags($_POST['username']);
|
||||
$username = $tp->toDB(substr($username, 0, $pref['displayname_maxlength']));
|
||||
$new_username = "user_name = '{$username}', ";
|
||||
}
|
||||
|
||||
|
||||
$_POST['signature'] = $tp->toDB($_POST['signature']);
|
||||
$_POST['realname'] = $tp->toDB($_POST['realname']);
|
||||
|
||||
// Either delete this block, or delete user_customtitle from the later loop for non-vetted fields
|
||||
$new_customtitle = "";
|
||||
if(isset($_POST['customtitle']) && ($pref['forum_user_customtitle'] || ADMIN))
|
||||
{
|
||||
$new_customtitle = ", user_customtitle = '".$tp->toDB($_POST['customtitle'])."' ";
|
||||
$new_customtitle = $tp->toDB($_POST['customtitle']);
|
||||
if ($new_customtitle != $udata['user_customtitle']) $changed_user_data['user_customtitle'] = $new_customtitle;
|
||||
}
|
||||
|
||||
|
||||
@@ -416,51 +471,39 @@ if (isset($_POST['updatesettings']))
|
||||
}
|
||||
|
||||
|
||||
// We can update the basic user record now
|
||||
$sql->db_Update("user", "{$new_username} {$pwreset} {$sesschange} user_email='".$tp -> toDB($_POST['email'])."', user_signature='".$_POST['signature']."', user_image='".$tp -> toDB($_POST['image'])."', user_timezone='".$tp -> toDB($_POST['timezone'])."', user_hideemail='".intval($tp -> toDB($_POST['hideemail']))."', user_login='".$_POST['realname']."' {$new_customtitle}, user_xup='".$tp -> toDB($_POST['user_xup'])."' WHERE user_id='".intval($inp)."' ");
|
||||
if ($photo_to_delete)
|
||||
{ // Photo may be a flat file, or in the database
|
||||
delete_file($photo_to_delete);
|
||||
}
|
||||
if ($avatar_to_delete)
|
||||
{ // Avatar may be a flat file, or in the database
|
||||
delete_file($avatar_to_delete);
|
||||
}
|
||||
|
||||
|
||||
// If user has changed display name, update the record in the online table
|
||||
if(isset($username) && ($username != USERNAME) && !$_uid)
|
||||
// Handle fields which are just transferred without vetting (but are subject to toDB() for exploit restriction)
|
||||
$copy_list = array('user_signature' => 'signature',
|
||||
'user_login' => 'realname',
|
||||
'user_email' => 'email',
|
||||
'user_timezone' => 'timezone',
|
||||
'user_customtitle' => 'customtitle',
|
||||
'user_hideemail' =>'hideemail',
|
||||
'user_xup' => 'user_xup');
|
||||
|
||||
// Next list identifies numerics which might take a value of 0
|
||||
$non_text_list = array(
|
||||
'user_hideemail' =>'hideemail'
|
||||
);
|
||||
foreach ($copy_list as $k => $v)
|
||||
{
|
||||
$sql->db_Update("online", "online_user_id = '".USERID.".".$username."' WHERE online_user_id = '".USERID.".".USERNAME."'");
|
||||
}
|
||||
|
||||
|
||||
// Only admins can update login name
|
||||
if(ADMIN && getperms("4"))
|
||||
{
|
||||
$sql -> db_Update("user", "user_loginname='".$tp -> toDB($loginname)."' WHERE user_id='".intval($inp)."' ");
|
||||
}
|
||||
|
||||
|
||||
// Save extended field values
|
||||
if($ue_fields)
|
||||
{
|
||||
// ***** Next line creates a record which presumably should be there anyway, so could generate an error
|
||||
$sql->db_Select_gen("INSERT INTO #user_extended (user_extended_id, user_hidden_fields) values ('".intval($inp)."', '')");
|
||||
$sql->db_Update("user_extended", $ue_fields." WHERE user_extended_id = '".intval($inp)."'");
|
||||
if (isset($_POST[$v]) && (trim($_POST[$v]) || isset($non_text_list[$k])))
|
||||
{
|
||||
$_POST[$v] = $tp->toDB(trim($_POST[$v]));
|
||||
if ($_POST[$v] != $udata[$k])
|
||||
{
|
||||
$changed_user_data[$k] = $_POST[$v];
|
||||
// echo "Changed {$k}, {$v} from {$udata[$k]} to {$_POST[$v]}<br />";
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
// Update Userclass - only if its the user changing their own data (admins can do it another way)
|
||||
// if (!$_uid && $sql->db_Select("userclass_classes", "*", "userclass_editclass IN (".USERCLASS_LIST.")"))
|
||||
if (!$_uid && $sql->db_Select("userclass_classes", "userclass_id", "userclass_editclass IN (".USERCLASS_LIST.")"))
|
||||
{
|
||||
$ucList = $sql->db_getList(); // List of classes which this user can edit
|
||||
if (US_DEBUG) $admin_log->e_log_event(10,debug_backtrace(),"DEBUG","Usersettings test","Read editable list. Current user classes: ".$udata['user_class'],FALSE,LOG_TO_ROLLING);
|
||||
// if ($sql->db_Select("user", "user_class", "user_id = '".intval($inp)."'"))
|
||||
// {
|
||||
// $row = $sql->db_Fetch();
|
||||
// $cur_classes = explode(",", $row['user_class']);
|
||||
|
||||
$cur_classes = explode(",", $udata['user_class']); // Current class membership
|
||||
$newclist = array_flip($cur_classes); // Array keys are now the class IDs
|
||||
|
||||
@@ -479,20 +522,143 @@ if (isset($_POST['updatesettings']))
|
||||
}
|
||||
$newclist = array_keys($newclist);
|
||||
$nid = implode(',', array_diff($newclist, array('')));
|
||||
// echo "Userclass data - new: {$nid}, old: {$udata['user_class']}<br />";
|
||||
if ($nid != $udata['user_class'])
|
||||
{
|
||||
if (US_DEBUG) $admin_log->e_log_event(10,debug_backtrace(),"DEBUG","Usersettings test","Write back classes; new list: ".$nid,FALSE,LOG_TO_ROLLING);
|
||||
$sql->db_Update("user", "user_class='".$nid."' WHERE user_id=".intval($inp));
|
||||
if (US_DEBUG) $admin_log->e_log_event(10,debug_backtrace(),"DEBUG","Usersettings test","Write back classes; old list: {$udata['user_class']}; new list: ".$nid,FALSE,LOG_TO_ROLLING);
|
||||
$changed_user_data['user_class'] = $nid;
|
||||
}
|
||||
// }
|
||||
}
|
||||
|
||||
|
||||
if($update_xup == TRUE)
|
||||
|
||||
// Only admins can update login name - do this just in case one of the event triggers has mucked it about
|
||||
if (!(ADMIN && getperms("4")))
|
||||
{
|
||||
unset($changed_user_data['user_loginname']);
|
||||
}
|
||||
|
||||
|
||||
// We can update the basic user record now - can just update fields from $changed_user_data
|
||||
$new_data = array();
|
||||
foreach ($changed_user_data as $fn => $fv)
|
||||
{
|
||||
$new_data[] = "`{$fn}`='{$fv}'";
|
||||
}
|
||||
if (US_DEBUG) $admin_log->e_log_event(10,debug_backtrace(),"DEBUG","Usersettings test","Changed data:<br> ".var_export($changed_user_data,TRUE),FALSE,LOG_TO_ROLLING);
|
||||
$sql->db_Update("user",implode(', ',$new_data)." WHERE user_id='".intval($inp)."' ");
|
||||
|
||||
|
||||
// Now see if we need to log anything. First check the options and class membership
|
||||
// (Normally we would leave logging decision to the log class. But this one's a bit more complicated)
|
||||
$user_logging_opts = array_flip(explode(',',varset($pref['user_audit_opts'],'')));
|
||||
$do_log = array();
|
||||
$log_action = '';
|
||||
if ($_uid)
|
||||
{ // Its an admin changing someone elses data - add an admin log entry here
|
||||
echo "Admin changing user data<br />";
|
||||
// Check against the class of the target user, not the admin!
|
||||
if (!check_class(varset($pref['user_audit_class'],''),$udata['user_class'])) $user_logging_opts = array();
|
||||
}
|
||||
else
|
||||
{
|
||||
if (!check_class(varset($pref['user_audit_class'],''))) $user_logging_opts = array();
|
||||
}
|
||||
|
||||
// Now log changes if required
|
||||
if (count($user_logging_opts))
|
||||
{
|
||||
// Start with any specific fields we're changing
|
||||
|
||||
if (isset($changed_user_data['user_name']))
|
||||
{
|
||||
if (isset($user_logging_opts[USER_AUDIT_NEW_DN]))
|
||||
{
|
||||
$do_log['user_name'] = $changed_user_data['user_name'];
|
||||
$log_action = USER_AUDIT_NEW_DN;
|
||||
}
|
||||
unset($changed_user_data['user_name']);
|
||||
}
|
||||
|
||||
if (isset($changed_user_data['user_password']))
|
||||
{
|
||||
if (isset($user_logging_opts[USER_AUDIT_NEW_PW]))
|
||||
{ // Password has already been changed to an md5(), so OK to leave the data
|
||||
$do_log['user_password'] = $changed_user_data['user_password'];
|
||||
$log_action = USER_AUDIT_NEW_PW;
|
||||
}
|
||||
unset($changed_user_data['user_password']);
|
||||
}
|
||||
|
||||
if (isset($changed_user_data['user_email']))
|
||||
{
|
||||
if (isset($user_logging_opts[USER_AUDIT_NEW_EML]))
|
||||
{
|
||||
$do_log['user_email'] = $changed_user_data['user_email'];
|
||||
$log_action = USER_AUDIT_NEW_EML;
|
||||
}
|
||||
unset($changed_user_data['user_email']);
|
||||
}
|
||||
|
||||
if (count($changed_user_data) && isset($user_logging_opts[USER_AUDIT_NEW_SET]))
|
||||
{
|
||||
$do_log = array_merge($do_log,$changed_user_data);
|
||||
$log_action = USER_AUDIT_NEW_SET;
|
||||
}
|
||||
if (count($do_log))
|
||||
{ // Got some changes to audit
|
||||
// echo "Adding to audit log<br />";
|
||||
if ($_uid)
|
||||
{
|
||||
$log_action = USER_AUDIT_ADMIN; // If an admin did the mod, different heading
|
||||
// Embed a message saying who changed the data
|
||||
$changed_user_data['message'] = str_replace(array('--ID--','--LOGNAME--'),array(USERID,USERNAME),LAN_USET_18);
|
||||
$admin_log->user_audit($log_action,$do_log, $udata['user_id'],$udata['user_loginname']);
|
||||
}
|
||||
else
|
||||
{
|
||||
if (count($do_log) > 1) $log_action = USER_AUDIT_NEW_SET; // Log multiple entries to one record
|
||||
$admin_log->user_audit($log_action,$do_log);
|
||||
}
|
||||
}
|
||||
} // End of audit logging
|
||||
|
||||
|
||||
// Now tidy up
|
||||
if ($photo_to_delete)
|
||||
{ // Photo may be a flat file, or in the database
|
||||
delete_file($photo_to_delete);
|
||||
}
|
||||
if ($avatar_to_delete)
|
||||
{ // Avatar may be a flat file, or in the database
|
||||
delete_file($avatar_to_delete);
|
||||
}
|
||||
|
||||
|
||||
// If user has changed display name, update the record in the online table
|
||||
if(isset($changed_user_data['user_name']) && !$_uid)
|
||||
{
|
||||
$sql->db_Update("online", "online_user_id = '".USERID.".".$changed_user_data['user_name']."' WHERE online_user_id = '".USERID.".".USERNAME."'");
|
||||
}
|
||||
|
||||
|
||||
// Save extended field values
|
||||
if($ue_fields)
|
||||
{
|
||||
// ***** Next line creates a record which presumably should be there anyway, so could generate an error
|
||||
$sql->db_Select_gen("INSERT INTO #user_extended (user_extended_id, user_hidden_fields) values ('".intval($inp)."', '')");
|
||||
$sql->db_Update("user_extended", $ue_fields." WHERE user_extended_id = '".intval($inp)."'");
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
Needed - but check bits of the file first
|
||||
if(isset($changed_user_data['user_xup']))
|
||||
{
|
||||
require_once(e_HANDLER."login.php");
|
||||
userlogin::update_xup($inp, $_POST['user_xup']);
|
||||
userlogin::update_xup($inp, $changed_user_data['user_xup']);
|
||||
}
|
||||
*/
|
||||
|
||||
$e_event->trigger("postuserset", $_POST);
|
||||
|
||||
@@ -520,17 +686,19 @@ if ($error)
|
||||
$adref = $_POST['adminreturn'];
|
||||
}
|
||||
|
||||
// --- User data has been update here if appropriate ---
|
||||
// --- User data has been updated here if appropriate ---
|
||||
|
||||
if(isset($message))
|
||||
{
|
||||
$ns->tablerender($caption, $message);
|
||||
}
|
||||
|
||||
// ---------------------
|
||||
|
||||
//-----------------------------------------------------
|
||||
// Re-read the user data into curVal (ready for display)
|
||||
//-----------------------------------------------------
|
||||
|
||||
$uuid = ($_uid) ? $_uid : USERID;
|
||||
$uuid = ($_uid) ? $_uid : USERID; // If $_uid is set, its an admin changing another user's data
|
||||
|
||||
$qry = "
|
||||
SELECT u.*, ue.* FROM #user AS u
|
||||
@@ -555,15 +723,16 @@ if (strpos($curVal['user_perms'],'0') === 0)
|
||||
$curVal['userclass_list'] = implode(",", $tmp);
|
||||
|
||||
if($_POST)
|
||||
{ // Fix for all the values being lost when an error occurred.
|
||||
foreach($_POST as $key => $val)
|
||||
{
|
||||
$curVal["user_".$key] = $val;
|
||||
}
|
||||
foreach($_POST['ue'] as $key => $val)
|
||||
{
|
||||
$curVal[$key] = $val;
|
||||
}
|
||||
{ // Fix for all the values being lost when there was an error in a field - restore from the latest $_POST values
|
||||
// (Password fields have intentionally been cleared). If no error, there's an unset($_POST) to disable this block
|
||||
foreach($_POST as $key => $val)
|
||||
{
|
||||
$curVal["user_".$key] = $val;
|
||||
}
|
||||
foreach($_POST['ue'] as $key => $val)
|
||||
{
|
||||
$curVal[$key] = $val;
|
||||
}
|
||||
}
|
||||
|
||||
require_once(e_HANDLER."form_handler.php");
|
||||
@@ -588,9 +757,10 @@ $text .= "
|
||||
$ns->tablerender(LAN_155, $text);
|
||||
require_once(FOOTERF);
|
||||
|
||||
//------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------//
|
||||
|
||||
function req($field) {
|
||||
// If a field is required, returns a red asterisk
|
||||
function req($field)
|
||||
{
|
||||
global $pref;
|
||||
if ($field == 2)
|
||||
{
|
||||
@@ -602,7 +772,8 @@ function req($field) {
|
||||
}
|
||||
return $ret;
|
||||
}
|
||||
//---------------------------------------------------------------------------------
|
||||
|
||||
|
||||
|
||||
// Delete a file from the public directories. Return TRUE on success, FALSE on failure.
|
||||
// Also deletes from database if appropriate.
|
||||
@@ -624,7 +795,8 @@ function delete_file($fname, $dir = 'avatars/')
|
||||
}
|
||||
|
||||
|
||||
function headerjs() {
|
||||
function headerjs()
|
||||
{
|
||||
global $cal;
|
||||
$script = "<script type=\"text/javascript\">
|
||||
function addtext_us(sc){
|
||||
|
Reference in New Issue
Block a user