mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-08-01 20:30:39 +02:00
Code Issues Releases Wiki Activity

System logging core upgrade - admin section, viewer, user audit functions

Browse Source
This commit is contained in:
e107steved
2007-12-15 15:06:40 +00:00
parent de8dc6e0fd
commit dd187e313a
15 changed files with 1461 additions and 495 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
class2.php
View File

@@ -11,8 +11,8 @@
| GNU General Public License (http://gnu.org).
|
| $Source: /cvs_backup/e107_0.8/class2.php,v $
| $Revision: 1.33 $
| $Date: 2007-12-15 09:55:37 $
| $Revision: 1.34 $
| $Date: 2007-12-15 15:06:40 $
| $Author: e107steved $
+----------------------------------------------------------------------------+
*/
@@ -706,7 +706,16 @@ if (isset($_POST['userlogin']) || isset($_POST['userlogin_x'])) {
$usr = new userlogin($_POST['username'], $_POST['userpass'], $_POST['autologin']);
}
if (e_QUERY == 'logout') {
if (e_QUERY == 'logout')
{
if (USER)
{
if (check_class(varset($pref['user_audit_class'],'')))
{ // Need to note in user audit trail
$admin_log->user_audit(USER_AUDIT_LOGOUT,'');
}
}
$ip = $e107->getip();
$udata=(USER === TRUE) ? USERID.".".USERNAME : "0";
$sql->db_Update("online", "online_user_id = '0', online_pagecount=online_pagecount+1 WHERE online_user_id = '{$udata}' LIMIT 1");

31
e107_admin/ad_links.php
View File

@@ -11,9 +11,9 @@
| GNU General Public License (http://gnu.org).
|
| $Source: /cvs_backup/e107_0.8/e107_admin/ad_links.php,v $
| $Revision: 1.2 $
| $Date: 2006-12-07 15:41:49 $
| $Author: sweetas $
| $Revision: 1.3 $
| $Date: 2007-12-15 15:06:40 $
| $Author: e107steved $
+----------------------------------------------------------------------------+
*/
@@ -386,6 +386,7 @@ $e_icon_array = array(
'poll' => E_32_POLLS,
'prefs' => E_32_PREFS,
'search' => E_32_SEARCH,
'syslogs' => E_32_ADMINLOG,
'theme_manage' => E_32_THEMEMANAGER,
'maintain' => E_32_MAINTAIN,
'upload' => E_32_UPLOADS,
@@ -426,6 +427,11 @@ attribute 2 = title
attribute 3 = description
attribute 4 = perms
attribute 5 = category
1 - settings
2 - users
3 - content
4 - tools
5 - plugins
attribute 6 = 16 x 16 image
attribute 7 = 32 x 32 image
*/
@@ -452,14 +458,15 @@ $array_functions = array(
18 => array(e_ADMIN."phpinfo.php", ADLAN_68, ADLAN_69, "0", 4, E_16_PHP, E_32_PHP),
19 => array(e_ADMIN."prefs.php", ADLAN_4, ADLAN_5, "1", 1, E_16_PREFS, E_32_PREFS),
20 => array(e_ADMIN."search.php", ADLAN_142, ADLAN_143, "X", 1, E_16_SEARCH, E_32_SEARCH),
21 => array(e_ADMIN."theme.php", ADLAN_140, ADLAN_141, "1", 4, E_16_THEMEMANAGER, E_32_THEMEMANAGER),
22 => array(e_ADMIN."upload.php", ADLAN_72, ADLAN_73, "V", 3, E_16_UPLOADS, E_32_UPLOADS),
23 => array(e_ADMIN."users.php", ADLAN_36, ADLAN_37, "4", 2, E_16_USER, E_32_USER),
24 => array(e_ADMIN."userclass2.php", ADLAN_38, ADLAN_39, "4", 2, E_16_USERCLASS, E_32_USERCLASS),
25 => array(e_ADMIN."language.php", ADLAN_132, ADLAN_133, "0", 1, E_16_LANGUAGE, E_32_LANGUAGE),
26 => array(e_ADMIN."mailout.php", ADLAN_136, ADLAN_137, "W", 2, E_16_MAIL, E_32_MAIL),
27 => array(e_ADMIN."users_extended.php", ADLAN_78, ADLAN_79, "4", 2, E_16_USER_EXTENDED, E_32_USER_EXTENDED),
28 => array(e_ADMIN."fileinspector.php", ADLAN_147, ADLAN_148, "Y", 4, E_16_INSPECT, E_32_INSPECT),
29 => array(e_ADMIN."notify.php", ADLAN_149, ADLAN_150, "O", 4, E_16_NOTIFY, E_32_NOTIFY)
21 => array(e_ADMIN."admin_log.php", ADLAN_155, ADLAN_156, "S", 4, E_16_ADMINLOG, E_32_ADMINLOG),
22 => array(e_ADMIN."theme.php", ADLAN_140, ADLAN_141, "1", 4, E_16_THEMEMANAGER, E_32_THEMEMANAGER),
23 => array(e_ADMIN."upload.php", ADLAN_72, ADLAN_73, "V", 3, E_16_UPLOADS, E_32_UPLOADS),
24 => array(e_ADMIN."users.php", ADLAN_36, ADLAN_37, "4", 2, E_16_USER, E_32_USER),
25 => array(e_ADMIN."userclass2.php", ADLAN_38, ADLAN_39, "4", 2, E_16_USERCLASS, E_32_USERCLASS),
26 => array(e_ADMIN."language.php", ADLAN_132, ADLAN_133, "0", 1, E_16_LANGUAGE, E_32_LANGUAGE),
27 => array(e_ADMIN."mailout.php", ADLAN_136, ADLAN_137, "W", 2, E_16_MAIL, E_32_MAIL),
28 => array(e_ADMIN."users_extended.php", ADLAN_78, ADLAN_79, "4", 2, E_16_USER_EXTENDED, E_32_USER_EXTENDED),
29 => array(e_ADMIN."fileinspector.php", ADLAN_147, ADLAN_148, "Y", 4, E_16_INSPECT, E_32_INSPECT),
30 => array(e_ADMIN."notify.php", ADLAN_149, ADLAN_150, "O", 4, E_16_NOTIFY, E_32_NOTIFY)
);
?>

765
e107_admin/admin_log.php
View File

@@ -11,105 +11,706 @@
| GNU General Public License (http://gnu.org).
|
| $Source: /cvs_backup/e107_0.8/e107_admin/admin_log.php,v $
| $Revision: 1.2 $
| $Date: 2006-12-07 15:41:49 $
| $Author: sweetas $
| $Revision: 1.3 $
| $Date: 2007-12-15 15:06:40 $
| $Author: e107steved $
|
| Preferences:
| 'sys_log_perpage' - number of events per page
|
| 'user_audit_opts' - which user-related events to log
| 'user_audit_class' - user class whose actions can be logged
|
| 'roll_log_days' (default 7) - number of days for which entries retained in rolling log
| 'roll_log_active' - set to '1' to enable
|
|
Todo:
1. Change userclass dropdown once inherited userclasses in place
+----------------------------------------------------------------------------+
*/
require_once("../class2.php");
if (!getperms('0'))
if (!getperms("S"))
{
header('location:'.e_BASE.'index.php');
exit;
header("location:".e_BASE."index.php");
}
require_once("auth.php");
$text = "";
$amount = 30;
$from = ($_GET['fm']) ? intval($_GET['fm']) : 0;
if(e_QUERY == 'purge')
// Main language file should automatically be loaded
unset($qs);
require_once(e_ADMIN."auth.php");
if (isset($_POST['setoptions']))
{
$sql->db_Delete('dblog');
$pref['roll_log_active'] = intval($_POST['roll_log_active']);
$pref['roll_log_days'] = intval($_POST['roll_log_days']);
save_prefs();
$message = RL_LAN_006 ; // "Options updated.";
}
$total = $sql -> db_Select("dblog", "*", "ORDER BY `dblog_datestamp` DESC", "no_where");
$query = "SELECT l.*, u.user_name FROM #dblog AS l LEFT JOIN #user AS u ON l.dblog_user_id = u.user_id ORDER BY l.dblog_datestamp DESC LIMIT $from,$amount";
$sql -> db_Select_gen($query);
if(!is_object($gen)) {
$gen = new convert;
}
$parms = $total.",".$amount.",".$from.",".e_SELF.'?fm=[FROM]';
$text .= "<div style='text-align:center'><br />".$tp->parseTemplate("{NEXTPREV={$parms}}")."<br /><br /></div>";
$text .= "<div id='admin_log'><table>\n";
$text .= "
<tr>
<td class='fcaption'>&nbsp;</td>
<td class='fcaption' style='font-weight: bold;'>".LAN_ADMINLOG_1."</td>
<td class='fcaption' style='font-weight: bold;'>".LAN_ADMINLOG_2."</td>
<td class='fcaption' style='font-weight: bold;'>".LAN_ADMINLOG_3."</td>
<td class='fcaption' style='font-weight: bold;'>".LAN_ADMINLOG_4."</td>
<td class='fcaption' style='font-weight: bold;'>".LAN_ADMINLOG_5."</td>
</tr>\n";
while ($row = $sql -> db_Fetch()) {
$datestamp = $gen->convert_date($row['dblog_datestamp'], 'short');
$image = get_log_img($row['dblog_type']);
$text .= " <tr>\n";
$text .= " <td style='width: 16px;'>{$image}</td>\n";
$text .= " <td>{$datestamp}</td>\n";
$text .= " <td>".$tp->toHtml($row['dblog_title'],FALSE,"defs")."</td>\n";
$text .= " <td>".$tp->toHtml($row['dblog_remarks'],FALSE,"defs")."</td>\n";
$text .= " <td>{$row['dblog_ip']}</td>\n";
$text .= ($row['user_name']) ? " <td><a href='".e_BASE."user.php?id.{$row['dblog_user_id']}'>{$row['user_name']}</a></td>\n" : " <td>{$row['dblog_user_id']}</td>\n";
$text .= " </tr>\n";
if (isset($_POST['setcommonoptions']))
{
$pref['sys_log_perpage'] = intval($_POST['sys_log_perpage']);
save_prefs();
$message = RL_LAN_006 ; // "Options updated.";
}
$text .= "</table></div>\n";
$text .= "<div style='text-align:center'><br />".$tp->parseTemplate("{NEXTPREV={$parms}}")."</div>";
$ns->tablerender(LAN_ADMINLOG_0, $text);
require_once("footer.php");
if (e_QUERY)
{ // Must explode after calling auth.php
$qs = explode(".", e_QUERY);
}
function get_log_img($log_type) {
global $imode;
switch ($log_type) {
case E_LOG_INFORMATIVE:
return "<img src='".e_IMAGE_ABS."packs/".$imode."/admin_images/docs_16.png' alt='".LAN_ADMINLOG_6."' title='".LAN_ADMINLOG_7."' />";
break;
case E_LOG_NOTICE:
return "<img src='".e_IMAGE_ABS."packs/".$imode."/admin_images/notice_16.png' alt='".LAN_ADMINLOG_8."' title='".LAN_ADMINLOG_9."' />";
break;
case E_LOG_WARNING:
return "<img src='".e_IMAGE_ABS."packs/".$imode."/admin_images/blocked.png' alt='".LAN_ADMINLOG_10."' title='".LAN_ADMINLOG_11."' style='width:16p;height:16px' />";
break;
case E_LOG_FATAL:
return "<img src='".e_IMAGE_ABS."packs/".$imode."/admin_images/nopreview.png' alt='".LAN_ADMINLOG_12."' title='".LAN_ADMINLOG_13."' />";
break;
case E_LOG_PLUGIN;
return "<img src='".e_IMAGE_ABS."packs/".$imode."/admin_images/plugins_16.png' alt='".LAN_ADMINLOG_6."' title='".LAN_ADMINLOG_6."' />";
break;
$action = varset($qs[0],'adminlog');
include_lan(e_LANGUAGEDIR.e_LANGUAGE.'/admin/lan_log_messages.php');
// ****************** MAINTENANCE ******************
if (isset($_POST['deleteoldadmin']) && isset($_POST['rolllog_clearadmin']))
{
$back_count = $_POST['rolllog_clearadmin'];
if (($back_count >= 1) && ($back_count <= 90))
{
$temp_date = getdate();
$old_date = intval(mktime(0,0,0,$temp_date['mon'],$temp_date['mday']-$back_count,$temp_date['year']));
$old_string = strftime("%d %B %Y",$old_date);
// $message = "Back delete ".$back_count." days. Oldest date = ".$old_string;
$action = "confdel";
$qs[1] = $old_date;
$qs[2] = $back_count;
}
else
$message = RL_LAN_050;
}
if (!isset($admin_log)) $message .= " Admin Log not valid";
// Actually delete back events
if ($action == "backdel")
{
if (isset($_POST['confirmdeleteold']))
{
$old_date = intval($qs[1]);
$old_string = strftime("%d %B %Y",$old_date);
$qry = "dblog_datestamp < ".$old_date;
// $message = "Back delete, oldest date = {$old_string} Query = {$qry}";
if ($del_count = $sql -> db_Delete("dblog",$qry))
{
// Add in a log event
$admin_log->log_event ("db_Delete - earlier than {$old_string} (past {$qs[2]} days)", $qry, 4);
$message = RL_LAN_052.$old_string.RL_LAN_057.$del_count.RL_LAN_053;
}
return $log_type;
else
{
$message = RL_LAN_054." : ".$sql->mySQLresult;
}
}
if (isset($_POST['confirmcancelold']))
{
$message = RL_LAN_056;
}
$action = "config";
unset($qs[1]);
unset($qs[2]);
}
function headerjs() {
?>
<style type="text/css">
#admin_log td {
border: 1px solid #000000;
margin: 0px;
padding: 2px;
}
#admin_log table {
width: 99%;
/*border-spacing: 0px;
border-collapse: collapse;*/
}
</style>
<?php
// User audit prefs
if (isset($_POST['setauditoptions']))
{
$message = RL_LAN_063;
if (in_array((string)USER_AUDIT_LOGIN,$_POST['user_audit_opts']))
{
$_POST['user_audit_opts'][] = USER_AUDIT_LOGOUT;
}
$pref['user_audit_opts'] = implode(',',$_POST['user_audit_opts']);
$pref['user_audit_class'] = intval($_POST['user_audit_class']);
save_prefs();
}
?>
if (varsettrue($message))
{
$ns->tablerender("", "<div style='text-align:center'><b>$message</b></div>");
}
// Prompt to delete back events
if($action == "confdel")
{
$old_string = strftime("%d %B %Y",$qs[1]);
$text = "<div style='text-align:center'>
<form method='post' action='".e_SELF."?backdel.{$qs[1]}.{$qs[2]}'>
<table style='width:97%' class='fborder'>
<tr>
<td class='forumheader3' colspan='2' style='width:100%;vertical-align:top;rext-align:center;'><br /><strong>".RL_LAN_047.$old_string." </strong><br /><br /></td>
</tr>
<tr><td style='text-align:center' class='fcaption'><input class='button' type='submit' name='confirmdeleteold' value='".RL_LAN_049."' /></td>
<td style='text-align:center' class='fcaption'><input class='button' type='submit' name='confirmcancelold' value='".RL_LAN_055."' /></td></tr>
</table></form></div>";
$ns->tablerender("<div style='text-align:center'>".RL_LAN_051."</div>", $text);
}
// Arrays of options for the various logs
$log_db_table = array('adminlog' => 'dblog', 'auditlog' => 'audit_log', 'rolllog' => 'rl_history');
$back_day_count = array('adminlog' => 30, 'auditlog' => 30, 'rolllog' => max(intval($pref['roll_log_days']),1));
$page_title = array('adminlog' => RL_LAN_030, 'auditlog' => RL_LAN_062, 'rolllog' => RL_LAN_002);
$col_count = array('adminlog' => 8, 'auditlog' => 8, 'rolllog' => 9);
// Set all the defaults for the data filter
$start_enabled = FALSE;
$end_enabled = FALSE;
$start_time = 0;
$end_time = 0;
$user_filter = '';
$event_filter = '';
$pri_filter_cond = "xx";
$pri_filter_val = "";
$sort_field = "dblog_id";
$sort_order = "DESC";
// Maintain the log view filter across pages
$rl_cookiename = $pref['cookie_name']."_rl_admin";
if (isset($_POST['updatefilters']))
{ // Need to put the filter values into the cookie
$start_time = $_POST['starttimedate'] + $_POST['starttimehours']*3600 + $_POST['starttimemins']*60;
$start_enabled = isset($_POST['start_enabled']);
$end_time = $_POST['endtimedate'] + $_POST['endtimehours']*3600 + $_POST['endtimemins']*60;
$end_enabled = isset($_POST['end_enabled']);
$user_filter = $_POST['roll_user_filter'];
$event_filter = $_POST['roll_event_filter'];
$pri_filter_cond = $_POST['roll_pri_cond'];
$pri_filter_val = $_POST['roll_pri_val'];
$caller_filter = $_POST['roll_caller_filter'];
$ipaddress_filter = $_POST['roll_ipaddress_filter'];
$cookie_string = implode("|",array($start_time,$start_enabled,$end_time,$end_enabled,$user_filter,$event_filter,$pri_filter_cond,$pri_filter_val,$caller_filter,$ipaddress_filter));
// echo $cookie_string."<br />";
// Create session cookie to store values
cookie($rl_cookiename,$cookie_string,0); // Use session cookie
}
else
{
// Now try and get the filters from the cookie
if (isset($_COOKIE[$rl_cookiename]))
list($start_time,$start_enabled,$end_time,$end_enabled,$user_filter,$event_filter,$pri_filter_cond,$pri_filter_val, $caller_filter,$ipaddress_filter) = explode("|",$_COOKIE[$rl_cookiename]);
}
function time_box($boxname, $this_time, $day_count, $inc_tomorrow = FALSE)
{ // Generates boxes for date and time for today and the preceding days
// Appends 'date', 'hours', 'mins' to the specified boxname
$all_time = getdate(); // Date/time now
$sel_time = getdate($this_time); // Currently selected date/time
$sel_day = mktime(0,0,0,$sel_time['mon'],$sel_time['mday'],$sel_time['year']);
$today = mktime(0,0,0,$all_time['mon'],$all_time['mday'] + ($inc_tomorrow ? 1 : 0),$all_time['year']);
// Start with day
$ret = "<select name='{$boxname}date' class='tbox'>\n";
// Stick an extra day on the end, plus tomorrow if the flag set
for ($i = ($inc_tomorrow ? -2 : -1); $i <= $day_count; $i++)
{
$day_string = date("D d M",$today);
$sel = ($today == $sel_day) ? " selected='selected'" : "";
$ret.= "<option value='{$today}'{$sel}>{$day_string}</option>\n";
$today -= 86400; // Move to previous day
}
$ret .= "</select>\n";
// Hours
$ret .= "&nbsp;<select name='{$boxname}hours' class='tbox'>\n";
for ($i = 0; $i < 24; $i++)
{
$sel = ($sel_time['hours'] == $i) ? " selected='selected'" : "";
$ret.= "<option value='{$i}'{$sel}>{$i}</option>\n";
}
$ret .= "</select>\n";
// Minutes
$ret .= "&nbsp;<select name='{$boxname}mins' class='tbox'>\n";
for ($i = 0; $i < 60; $i+= 5)
{
$sel = ($sel_time['minutes'] == $i) ? " selected='selected'" : "";
$ret.= "<option value='{$i}'{$sel}>{$i}</option>\n";
}
$ret .= "</select>\n";
return $ret;
}
if(!defined("USER_WIDTH")) { define("USER_WIDTH","width:97%"); }
//====================================================================
// CONFIGURATION OPTIONS MENU
//====================================================================
if($action == "config")
{
// Common to all logs
$text = "<div style='text-align:center'>
<form method='post' action='".e_SELF."?config'>
<table style='".USERWIDTH."' class='fborder'>
<tr>
<td style='width:40%;vertical-align:top;' class='forumheader3'>".RL_LAN_044."<br /></td>
<td style='width:60%;vertical-align:top;' class='forumheader3'>
<select name='sys_log_perpage' class='tbox'>
<option value='10' ".($pref['sys_log_perpage']=='10'?" selected='selected' ":"")." >10</option>
<option value='20' ".($pref['sys_log_perpage']=='20'?" selected='selected' ":"")." >20</option>
<option value='30' ".($pref['sys_log_perpage']=='30'?" selected='selected' ":"")." >30</option>
<option value='40' ".($pref['sys_log_perpage']=='40'?" selected='selected' ":"")." >40</option>
<option value='50' ".($pref['sys_log_perpage']=='50'?" selected='selected' ":"")." >50</option>
</select>
</td>
</tr>
<tr><td colspan='2' style='text-align:center' class='fcaption'><input class='button' type='submit' name='setcommonoptions' value='".RL_LAN_010."' /></td></tr>
</table></form></div>";
$ns->tablerender("<div style='text-align:center'>".RL_LAN_064."</div>", $text);
// Admin log options
//==================
$text = "
<form method='post' action='".e_SELF."?config'>
<table style='width:97%' class='fborder'>
<tr>
<td style='width:40%;vertical-align:top;' class='forumheader3'>".RL_LAN_045." </td>
<td style='width:60%;vertical-align:top;' class='forumheader3'>
<select name='rolllog_clearadmin' class='tbox'>
<option value='90' selected='selected'>90</option>
<option value='60'>60</option>
<option value='30'>30</option>
<option value='21'>21</option>
<option value='20'>20</option>
<option value='14'>14</option>
<option value='10'>10</option>
<option value='7'>7</option>
<option value='6'>6</option>
<option value='5'>5</option>
<option value='4'>4</option>
<option value='3'>3</option>
<option value='2'>2</option>
<option value='1'>1</option>
</select>
".RL_LAN_046."
</td>
</tr>
<tr><td colspan='2' style='text-align:center' class='fcaption'><input class='button' type='submit' name='deleteoldadmin' value='".RL_LAN_049."' /></td></tr>
</table></form></div><br />";
$ns->tablerender("<div style='text-align:center'>".RL_LAN_048."</div>", $text);
// User Audit log options (for info)
//=======================
// define('USER_AUDIT_SIGNUP',11); // User signed up
// define('USER_AUDIT_EMAILACK',12); // User responded to registration email
// define('USER_AUDIT_LOGIN',13); // User logged in
// define('USER_AUDIT_LOGOUT',14); // User logged out
// define('USER_AUDIT_NEW_DN',15); // User changed display name
// define('USER_AUDIT_NEW_PW',16); // User changed password
// define('USER_AUDIT_NEW_EML',17); // User changed email
// define('USER_AUDIT_NEW_SET',19); // User changed other settings (intentional gap in numbering)
$audit_checkboxes = array(
USER_AUDIT_SIGNUP => RL_LAN_071,
USER_AUDIT_EMAILACK => RL_LAN_072,
USER_AUDIT_LOGIN => RL_LAN_073,
// USER_AUDIT_LOGOUT => RL_LAN_074, // Logout is lumped in with login
USER_AUDIT_NEW_DN => RL_LAN_075,
USER_AUDIT_NEW_PW => RL_LAN_076,
USER_AUDIT_PW_RES => RL_LAN_078,
USER_AUDIT_NEW_EML => RL_LAN_077,
USER_AUDIT_NEW_SET => RL_LAN_079
);
//Uncomment once inherited user classes
// if (!isset($e_userclass) && !is_object($e_userclass))
// {
require_once(e_HANDLER."userclass_class.php");
// $e_userclass = new user_class;
// }
$user_signup_opts = array_flip(explode(',',varset($pref['user_audit_opts'],'')));
$text = "<div style='text-align:center'>
<form method='post' action='".e_SELF."?config'>
<table style='".USERWIDTH."' class='fborder'>
<tr>
<td style='width:40%;vertical-align:top;' class='forumheader3'>".RL_LAN_026."</td>
<td style='width:60%;vertical-align:top;' class='forumheader3'>";
// Uncomment once inherited userclasses
// $text .= "<select name='class_select'>\n";
// $text .= $e_userclass->vetted_tree('user_audit_class',array($e_userclass,'select'), varset($pref['user_audit_class'],''),'force');
// $text .= "</select>\n";
$text .= r_userclass('user_audit_class', varset($pref['user_audit_class'],''),'off','nobody,admin,user,classes');
$text .= "</td>
</tr>
<tr>
<td style='width:40%;vertical-align:top;' class='forumheader3'>".RL_LAN_031."</td>
<td style='width:60%;vertical-align:top;' class='forumheader3'>";
$spacer = '';
foreach ($audit_checkboxes as $k => $t)
{
$text .= $spacer."
<input class='tbox' type='checkbox' name='user_audit_opts[]' value='{$k}' ".(isset($user_signup_opts[$k]) ? " checked='checked' ":"")." />".$t;
$spacer = '<br />';
}
$text .= "
</td>
</tr>
<tr><td colspan='2' style='text-align:center' class='fcaption'><input class='button' type='submit' name='setauditoptions' value='".RL_LAN_010."' /></td></tr>
</table></form></div>
<br />";
$ns->tablerender("<div style='text-align:center'>".RL_LAN_007."</div>", $text);
// Rolling log options
//====================
$text = "<div style='text-align:center'>
<form method='post' action='".e_SELF."?config'>
<table style='".USERWIDTH."' class='fborder'>
<tr>
<td style='width:40%;vertical-align:top;' class='forumheader3'>".RL_LAN_008."</td>
<td style='width:60%;vertical-align:top;' class='forumheader3'><input class='tbox' type='checkbox' name='roll_log_active' value='1' ".($pref['roll_log_active']==1?" checked='checked' ":"")." /></td>
</td>
</tr>
<tr>
<td style='width:40%;vertical-align:top;' class='forumheader3'>".RL_LAN_009."</td>
<td style='width:60%;vertical-align:top;' class='forumheader3'><input class='tbox' type='text' name='roll_log_days' size='10' value='".$pref['roll_log_days']."' maxlength='5' />
</td>
</tr>
<tr><td colspan='2' style='text-align:center' class='fcaption'><input class='button' type='submit' name='setoptions' value='".RL_LAN_010."' /></td></tr>
</table></form></div>";
$ns->tablerender("<div style='text-align:center'>".RL_LAN_011."</div>", $text);
}
//====================================================================
// LOG VIEW MENU
//====================================================================
if (($action == "rolllog") || ($action == "adminlog") || ($action == "auditlog"))
{
$from = intval(varset($qs[1], 0)); // First entry to display
$amount = max(varset($pref['sys_log_perpage'], 20),5); // Number of entries per page
// Array decides which filters are active for each log. There are 4 columns total. All but 'datetimes' occupy 2. Must specify multiple of 4 columns - add 'blank' if necessary
$active_filters = array('adminlog' => array('datetimes'=>0,'ipfilter'=>0,'userfilter'=>0,'eventfilter'=>0,'priority'=>0),
'auditlog' => array('datetimes'=>0,'ipfilter'=>0,'userfilter'=>0,'eventfilter'=>0,'blank'=>2),
'rolllog' => array('datetimes'=>0,'ipfilter'=>0,'userfilter'=>0,'eventfilter'=>0,'priority'=>0,'callerfilter'=>0,'blank'=>2));
// Arrays determine column widths, headings, displayed fields for each log
$col_widths = array('adminlog' => array(18,4,14,7,15,8,14,20), // Date - Pri - IP - UID - User - Code - Event - Info
'auditlog' => array(18,14,7,15,8,14,24),
'rolllog' => array(15,4,12,6,12,7,13,13,18)); // Date - Pri - IP - UID - User - Code - Caller - Event - Info
$col_titles = array('adminlog' => array(RL_LAN_019,RL_LAN_032,RL_LAN_020,RL_LAN_021,RL_LAN_022,RL_LAN_023,RL_LAN_025,RL_LAN_033),
'auditlog' => array(RL_LAN_019,RL_LAN_020,RL_LAN_021,RL_LAN_022,RL_LAN_023,RL_LAN_025,RL_LAN_033),
'rolllog' => array(RL_LAN_019,RL_LAN_032,RL_LAN_020,RL_LAN_021,RL_LAN_022,RL_LAN_023,RL_LAN_024,RL_LAN_025,RL_LAN_033));
$col_fields = array('adminlog' => array('cf_datestring','dblog_type','dblog_ip','dblog_user_id','dblog_user_name','dblog_eventcode','dblog_title','dblog_remarks'),
'auditlog' => array('cf_datestring','dblog_ip','dblog_user_id','dblog_user_name','dblog_eventcode','dblog_title','dblog_remarks'),
'rolllog' => array('cf_datestring','dblog_type','dblog_ip','dblog_user_id','dblog_user_name','dblog_eventcode','dblog_caller','dblog_title','dblog_remarks'));
// Check things
if ($start_time >= $end_time)
{ // Make end time beginning of tomorrow
$tempdate = getdate();
$end_time = mktime(0,0,0,$tempdate['mon'],$tempdate['mday']+1,$tempdate['year']); // Seems odd, but mktime will work this out OK
// (or so the manual says)
}
// Now work out the query - only use those filters which are displayed
$qry = '';
$and_array = array();
foreach ($active_filters[$action] as $fname=>$fpars)
{
switch ($fname)
{
case 'datetimes' :
if ($start_enabled && ($start_time > 0)) $and_array[] = "`dblog_datestamp` >= ".intval($start_time);
if ($end_enabled && ($end_time > 0)) $and_array[] = "`dblog_datestamp` <= ".intval($end_time);
break;
case 'ipfilter' :
if ($ipaddress_filter != "")
{
if (substr($ipaddress_filter,-1) == '*')
{ // Wildcard to handle - mySQL uses %
$and_array[] = "`dblog_ip` LIKE '".substr($ipaddress_filter,0,-1)."%' ";
}
else
{
$and_array[] = "`dblog_ip`= '".$ipaddress_filter."' ";
}
}
break;
case 'userfilter' :
if ($user_filter != '') $and_array[] = "`dblog_user_id` = ".intval($user_filter);
break;
case 'eventfilter' :
if ($event_filter != '')
{
if (substr($event_filter,-1) == '*')
{ // Wildcard to handle - mySQL uses %
$and_array[] = " `dblog_eventcode` LIKE '".substr($event_filter,0,-1)."%' ";
}
else
{
$and_array[] = "`dblog_eventcode`= '".$event_filter."' ";
}
}
break;
case 'callerfilter' :
if ($caller_filter != '')
{
if (substr($caller_filter,-1) == '*')
{ // Wildcard to handle - mySQL uses %
$and_array[] = "`dblog_caller` LIKE '".substr($caller_filter,0,-1)."%' ";
}
else
{
$and_array[] = "`dblog_caller`= '".$caller_filter."' ";
}
}
break;
case 'priority' :
if (($pri_filter_val != "") && ($pri_filter_cond != "") && ($pri_filter_cond != "xx"))
{
switch ($pri_filter_cond)
{
case "lt" :
$and_array[] = "`dblog_type` <= '{$pri_filter_val}' ";
break;
case "eq" :
$and_array[] = "`dblog_type` = '{$pri_filter_val}' ";
break;
case "gt" :
$and_array[] = "`dblog_type` >= '{$pri_filter_val}' ";
break;
}
}
break;
}
}
if (count($and_array)) $qry = " WHERE ".implode(' AND ',$and_array);
$num_entry = $sql->db_Count($log_db_table[$action], "(*)", $qry);
if ($from > $num_entry) $from = 0; // We may be on a later page
$qry = "SELECT dbl.*,u.user_name FROM #".$log_db_table[$action]." AS dbl LEFT JOIN #user AS u ON dbl.dblog_user_id=u.user_id".$qry." ORDER BY {$sort_field} ".$sort_order." LIMIT {$from}, {$amount} ";
// echo $qry.'<br />';
// Start by putting up the filter boxes
$text = "<div style='text-align:center'>
<form method='post' action='".e_SELF."?".e_QUERY."'>
<table style='".USERWIDTH."' class='fborder'>
<colgroup>
<col width = '20%';vertical-align:top; />
<col width = '30%';vertical-align:top; />
<col width = '20%';vertical-align:top; />
<col width = '30%';vertical-align:top; />
</colgroup>
<tr><td colspan='4' class='fcaption'>".RL_LAN_012." </td></tr>";
$filter_cols = 0;
foreach ($active_filters[$action] as $fname=>$fpars)
{
if ($filter_cols == 0) $text .= '<tr>';
switch ($fname)
{
case 'datetimes' :
$text .= "
<td class='forumheader3'><input class='tbox' type='checkbox' name='start_enabled' value='1' ".($start_enabled==1?" checked='checked' ":"").
"/>&nbsp;".RL_LAN_013."</td><td class='forumheader3'>".time_box("starttime",$start_time,$back_day_count[$action],FALSE)."</td>
<td class='forumheader3'><input class='tbox' type='checkbox' name='end_enabled' value='1' ".($end_enabled==1?" checked='checked' ":"").
"/>&nbsp;".RL_LAN_014."</td><td class='forumheader3'>".time_box("endtime",$end_time,$back_day_count[$action],TRUE).
"</td>";
$filter_cols = 4;
break;
case 'priority' :
$text .= " <td class='forumheader3'>".RL_LAN_058."</td>
<td class='forumheader3'><select name='roll_pri_cond' class='tbox'>
<option value='xx' ".($pri_filter_cond=='xx'?" selected='selected' ":"")." >&nbsp;</option>
<option value='gt' ".($pri_filter_cond=='gt'?" selected='selected' ":"")." >&gt;=</option>
<option value='eq' ".($pri_filter_cond=='eq'?" selected='selected' ":"")." >==</option>
<option value='lt' ".($pri_filter_cond=='lt'?" selected='selected' ":"")." >&lt;=</option>
</select>
&nbsp;
<input class='tbox' type='text' name='roll_pri_val' size='20' value='".$pri_filter_val."' maxlength='10' /></td>";
$filter_cols += 2;
break;
case 'ipfilter' :
$text .= "<td class='forumheader3'>".RL_LAN_060."<br /><span class='smalltext'><em>".RL_LAN_061."</em></span></td>
<td class='forumheader3'><input class='tbox' type='text' name='roll_ipaddress_filter' size='20' value='".$ipaddress_filter."' maxlength='20' /></td>";
$filter_cols += 2;
break;
case 'userfilter' :
$text .= "<td class='forumheader3'>".RL_LAN_015."<br /><span class='smalltext'><em>".RL_LAN_016."</em></span></td>
<td class='forumheader3'><input class='tbox' type='text' name='roll_user_filter' size='20' value='".$user_filter."' maxlength='10' /></td>";
$filter_cols += 2;
break;
case 'eventfilter' :
$text .= "<td class='forumheader3'>".RL_LAN_029."<br /><span class='smalltext'><em>".RL_LAN_061."</em></span></td>
<td class='forumheader3'><input class='tbox' type='text' name='roll_event_filter' size='20' value='".$event_filter."' maxlength='10' /></td>";
$filter_cols += 2;
break;
case 'callerfilter' :
$text .= "<td class='forumheader3'>".RL_LAN_059."<br /><span class='smalltext'><em>".RL_LAN_061."</em></span></td>
<td class='forumheader3'><input class='tbox' type='text' name='roll_caller_filter' size='40' value='".$caller_filter."' maxlength='40' /></td>";
$filter_cols += 2;
break;
case 'blank' : // Any number of blank cells
$text .= Str_repeat("<td class='forumheader3'>&nbsp;</td>",$fpars);
$filter_cols += $fpars;
break;
}
if ($filter_cols >= 4) { $text .= '</tr>'; $filter_cols = 0; }
}
// $text .= "<tr><td colspan='4'>Query = {$qry}<br />{$_COOKIE[$rl_cookiename]}</td></tr>";
$text .= "
<tr><td colspan='4' style='text-align:center' class='forumheader3'><input class='button' type='submit' name='updatefilters' value='".RL_LAN_028."' /></td></tr>
</table>
</form>
</div><br />";
// Next bit is the actual log display - the arrays define column widths, titles, fields etc for each log
$column_count = count($col_widths[$action]);
$text .= "<div style='text-align:center'>
<form method='post' action='".e_SELF."?".e_QUERY."'>
<table style='".USERWIDTH."' class='fborder'>
<colgroup>";
foreach($col_widths[$action] as $i)
{
$text .= "<col width = '{$i}%';vertical-align:top; />\n";
}
$text .= "</colgroup>\n";
if (!$sql->db_Select_gen($qry))
{
$text .= "<tr><td colspan='{$column_count}'>".RL_LAN_017."</td></tr>";
$num_entry = 0;
}
else
{// Start with header
$text .= '<tr>';
foreach ($col_titles[$action] as $ct)
{
$text .= " <td class='forumheader'>{$ct}</td>";
}
$text .= "</tr>\n";
// Now put up the events
while ($row = $sql->db_Fetch())
{
$text .= '<tr>';
foreach ($col_fields[$action] as $cf)
{
switch ($cf)
{
case 'cf_datestring' :
$val = date("d-m-y H:i:s",$row['dblog_datestamp']);
break;
case 'cf_eventcode' :
$val = 'ADMIN'.$row['dblog_eventcode'];
break;
case 'dblog_title' : // Look up constants to give multi-language viewing
$val = trim($row['dblog_title']);
// $val = $tp->toHTML($row['dblog_title'],FALSE,'RAWTEXT,defs');
if (defined($val)) $val = constant($val);
break;
case 'dblog_username' :
$val = $row['dblog_userid'] ? $row['dblog_username'] : 'Anonymous';
break;
case 'dblog_caller' :
$val = $row['dblog_caller'];
if ((strpos($val,'|') !== FALSE) && (strpos($val,'@') !== FALSE))
{
list($file,$rest) = explode('|',$val);
list($routine,$rest) = explode('@',$rest);
$val = $file.'<br />Routine: '.$routine.'<br />Line: '.$rest;
}
break;
default :
$val = $row[$cf];
}
$text .= "<td class='forumheader3'>{$val}</td>";
}
$text .= "</tr>\n";
}
}
$text .= "
<tr><td colspan='{$column_count}' style='text-align:center' class='fcaption'><input class='button' type='submit' name='refreshlog' value='".RL_LAN_018."' /></td></tr>
</table>
</form>
</div>";
// Next-Previous. ==========================
if ($num_entry > $amount)
{
$parms = "{$num_entry},{$amount},{$from},".e_SELF."?".$action.".[FROM]";
$text .= "<br />".$tp->parseTemplate("{NEXTPREV={$parms}}");
}
$text .= "&nbsp;&nbsp;&nbsp;Total {$num_entry} entries matching search condition";
$ns->tablerender("<div style='text-align:center'>{$page_title[$action]}</div>", $text);
}
function admin_log_adminmenu()
{
if (e_QUERY) {
$tmp = explode(".", e_QUERY);
$action = $tmp[0];
}
if ($action == "") {
$action = "adminlog";
}
$var['adminlog']['text'] = RL_LAN_030;
$var['adminlog']['link'] = "admin_log.php?adminlog";
$var['auditlog']['text'] = RL_LAN_062;
$var['auditlog']['link'] = "admin_log.php?auditlog";
$var['rolllog']['text'] = RL_LAN_002;
$var['rolllog']['link'] = "admin_log.php?rolllog";
$var['config']['text'] = RL_LAN_027;
$var['config']['link'] ="admin_log.php?config";
show_admin_menu(RL_LAN_005, $action, $var);
}
require_once(e_ADMIN."footer.php");
?>

8
e107_admin/administrator.php
View File

@@ -11,9 +11,9 @@
| GNU General Public License (http://gnu.org).
|
| $Source: /cvs_backup/e107_0.8/e107_admin/administrator.php,v $
| $Revision: 1.2 $
| $Date: 2006-12-07 15:41:49 $
| $Author: sweetas $
| $Revision: 1.3 $
| $Date: 2007-12-15 15:06:40 $
| $Author: e107steved $
+----------------------------------------------------------------------------+
*/
require_once('../class2.php');
@@ -200,7 +200,7 @@ function edit_administrator($row){
$text .= checkb("E", $a_perms).ADMSLAN_30."<br />"; // Configure news feed headlines
$text .= checkb("F", $a_perms).ADMSLAN_31."<br />"; // Configure emoticons
$text .= checkb("G", $a_perms).ADMSLAN_32."<br />"; // Configure front page content
$text .= checkb("S", $a_perms).ADMSLAN_33."<br />"; // Configure log/stats
$text .= checkb("S", $a_perms).ADMSLAN_33."<br />"; // Configure system logs (previously log/stats - now plugin)
$text .= checkb("T", $a_perms).ADMSLAN_34."<br />"; // Configure meta tags
$text .= checkb("V", $a_perms).ADMSLAN_35."<br />"; // Configure public file uploads
$text .= checkb("X", $a_perms).ADMSLAN_66."<br />"; // Configure Search

81
e107_handlers/admin_log_class.php
View File

@@ -12,8 +12,8 @@
| GNU General Public License (http://gnu.org).
|
| $Source: /cvs_backup/e107_0.8/e107_handlers/admin_log_class.php,v $
| $Revision: 1.4 $
| $Date: 2007-12-09 16:42:23 $
| $Revision: 1.5 $
| $Date: 2007-12-15 15:06:40 $
| $Author: e107steved $
To do:
@@ -59,13 +59,25 @@ class e_admin_log {
define("E_LOG_INFORMATIVE", 0); // Minimal Log Level, including really minor stuff
define("E_LOG_NOTICE", 1); // More important than informative, but less important than notice
define("E_LOG_WARNING", 2); // Not anything serious, but important information
define("E_LOG_FATAL", 3); // An event so bad your site ceased execution.
define("E_LOG_FATAL", 3); // An event so bad your site ceased execution.
define("E_LOG_PLUGIN", 4); // Plugin information
// Logging actions
define("LOG_TO_ADMIN", 1);
define("LOG_TO_AUDIT", 2);
define("LOG_TO_ROLLING", 4);
// User audit logging (intentionally start at 10 - stick to 2 digits)
define('USER_AUDIT_ADMIN',10); // User data changed by admin
define('USER_AUDIT_SIGNUP',11); // User signed up
define('USER_AUDIT_EMAILACK',12); // User responded to registration email
define('USER_AUDIT_LOGIN',13); // User logged in
define('USER_AUDIT_LOGOUT',14); // User logged out
define('USER_AUDIT_NEW_DN',15); // User changed display name
define('USER_AUDIT_NEW_PW',16); // User changed password
define('USER_AUDIT_NEW_EML',17); // User changed email
define('USER_AUDIT_PW_RES',18); // Password reset
define('USER_AUDIT_NEW_SET',19); // User changed other settings (intentional gap in numbering)
}
/**
@@ -136,9 +148,8 @@ class e_admin_log {
$importance = $tp->toDB($importance,true,false,'no_html');
$eventcode = $tp->toDB($eventcode,true,false,'no_html');
$explain = $tp->toDB($explain,true,false,'no_html');
$explain = mysql_real_escape_string($tp->toDB($explain,true,false,'no_html'));
$event_title = $tp->toDB($event_title,true,false,'no_html');
$source_call = $tp->toDB($source_call,true,false,'no_html');
//---------------------------------------
@@ -146,7 +157,8 @@ class e_admin_log {
//---------------------------------------
if ($target_logs & LOG_TO_ADMIN)
{ // Admin log - assume all fields valid
$this->rldb->db_Insert("dblog", " 0, ".intval($time_usec).','.intval($time_sec).", '{$importance}', '{$eventcode}', {$userid}, '{$userIP}', '{$event_title}', '{$explain}' ");
$qry = " 0, ".intval($time_sec).','.intval($time_usec).", '{$importance}', '{$eventcode}', {$userid}, '{$userIP}', '{$event_title}', '{$explain}' ";
$this->rldb->db_Insert("dblog",$qry);
}
@@ -177,10 +189,10 @@ class e_admin_log {
}
if (is_array($source_call))
{ // Print the debug_backtrace() array
while ($i < $back_count)
{
if (is_array($source_call))
{ // Print the debug_backtrace() array
while ($i < $back_count)
{
$source_call[$i]['file'] = $e107->fix_windows_paths($source_call[$i]['file']); // Needed for Windoze hosts.
$source_call[$i]['file'] = str_replace($e107->file_path,"",$source_call[$i]['file']); // We really just want a e107 root-relative path. Strip out the root bit
$tmp = $source_call[$i]['file']."|".$source_call[$i]['class'].$source_call[$i]['type'].$source_call[$i]['function']."@".$source_call[$i]['line'];
@@ -191,14 +203,15 @@ class e_admin_log {
$i++;
if ($i < $back_count) $explain .= "<br />-------------------";
if (!isset($tmp1)) $tmp1 = $tmp; // Pick off the immediate caller as the source
}
if (isset($tmp1)) $source_call = $tmp1; else $source_call = 'Root level';
}
else
{
$source_call = $e107->fix_windows_paths($source_call); // Needed for Windoze hosts.
$source_call = str_replace($e107->file_path,"",$source_call); // We really just want a e107 root-relative path. Strip out the root bit
}
if (isset($tmp1)) $source_call = $tmp1; else $source_call = 'Root level';
}
else
{
$source_call = $e107->fix_windows_paths($source_call); // Needed for Windoze hosts.
$source_call = str_replace($e107->file_path,"",$source_call); // We really just want a e107 root-relative path. Strip out the root bit
$source_call = $tp->toDB($source_call,true,false,'no_html');
}
// else $source_call is a string
// Save new rolling log record
@@ -212,6 +225,40 @@ class e_admin_log {
}
//--------------------------------------
// USER AUDIT ENTRY
//--------------------------------------
// $event_code is a defined constant (see above) which specifies the event
// $event_data is an array of data fields whose keys and values are logged (usually user data, but doesn't have to be - can add messages here)
// $id and $u_name are left blank except for admin edits and user login, where they specify the id and login name of the 'target' user
function user_audit($event_type, $event_data, $id = '', $u_name = '')
{
global $e107, $tp;
list($time_usec, $time_sec) = explode(" ", microtime()); // Log event time immediately to minimise uncertainty
// See whether we should log this
$user_logging_opts = array_flip(explode(',',varset($pref['user_audit_opts'],'')));
if (!isset($user_logging_opts[$event_type])) return; // Finished if not set to log this event type
if ($this->rldb == NULL) $this->rldb = new db; // Better use our own db - don't know what else is going on
if ($id) $userid = $id; else $userid = (USER === TRUE) ? USERID : 0;
if ($u_name) $userstring = $u_name; else $userstring = ( USER === true ? USERNAME : "LAN_ANONYMOUS");
$userIP = $e107->getip();
$eventcode = 'USER_'.$event_type;
$title = 'LAN_AUDIT_LOG_0'.$event_type; // This creates a string which will be displayed as a constant
$spacer = '';
$detail = '';
foreach ($event_data as $k => $v)
{
$detail .= $spacer.$k.'=>'.$v;
$spacer = '<br />';
}
$this->rldb->db_Insert("audit_log","0, ".intval($time_sec).', '.intval($time_usec).", '{$eventcode}', {$userid}, '{$userstring}', '{$userIP}', '{$title}', '{$detail}' ");
}
function get_log_events($count = 15, $offset)
{

114
e107_handlers/login.php
View File

@@ -12,8 +12,8 @@
| GNU General Public License (http://gnu.org).
|
| $Source: /cvs_backup/e107_0.8/e107_handlers/login.php,v $
| $Revision: 1.8 $
| $Date: 2007-12-09 16:42:23 $
| $Revision: 1.9 $
| $Date: 2007-12-15 15:06:40 $
| $Author: e107steved $
+----------------------------------------------------------------------------+
*/
@@ -105,48 +105,79 @@ class userlogin {
else
{ // User is OK as far as core is concerned
// $admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","User login",'User passed basics',FALSE,LOG_TO_ROLLING);
$ret = $e_event->trigger("preuserlogin", $username);
if ($ret!='')
$ret = $e_event->trigger("preuserlogin", $username);
if ($ret!='')
{
define("LOGINMESSAGE", $ret."<br /><br />");
return FALSE;
}
else
{ // Trigger events happy as well
$lode = $sql -> db_Fetch(); // Get user info
$user_id = $lode['user_id'];
$user_name = $lode['user_name'];
$user_xup = $lode['user_xup'];
/* restrict more than one person logging in using same us/pw */
if($pref['disallowMultiLogin'])
{
define("LOGINMESSAGE", $ret."<br /><br />");
if($sql -> db_Select("online", "online_ip", "online_user_id='".$user_id.".".$user_name."'"))
{
define("LOGINMESSAGE", LAN_304."<br /><br />");
$sql -> db_Insert("generic", "0, 'failed_login', '".time()."', 0, '$fip', '$user_id', '".LAN_LOGIN_16." ::: ".LAN_LOGIN_1.": ".$tp -> toDB($username).", ".LAN_LOGIN_17.": ".md5($ouserpass)."' ");
$this -> checkibr($fip);
return FALSE;
}
else
{ // Trigger events happy as well
$lode = $sql -> db_Fetch(); // Get user info
$user_id = $lode['user_id'];
$user_name = $lode['user_name'];
$user_xup = $lode['user_xup'];
}
}
/* restrict more than one person logging in using same us/pw */
if($pref['disallowMultiLogin'])
$cookieval = $user_id.".".md5($userpass);
if($user_xup)
{
$this->update_xup($user_id, $user_xup);
}
if ($pref['user_tracking'] == "session")
{
$_SESSION[$pref['cookie_name']] = $cookieval;
}
else
{
if ($autologin == 1)
{
if($sql -> db_Select("online", "online_ip", "online_user_id='".$user_id.".".$user_name."'"))
{
define("LOGINMESSAGE", LAN_304."<br /><br />");
$sql -> db_Insert("generic", "0, 'failed_login', '".time()."', 0, '$fip', '$user_id', '".LAN_LOGIN_16." ::: ".LAN_LOGIN_1.": ".$tp -> toDB($username).", ".LAN_LOGIN_17.": ".md5($ouserpass)."' ");
$this -> checkibr($fip);
return FALSE;
}
cookie($pref['cookie_name'], $cookieval, (time() + 3600 * 24 * 30));
}
else
{
cookie($pref['cookie_name'], $cookieval);
}
}
// User login definitely accepted here
$cookieval = $user_id.".".md5($userpass);
if($user_xup) {
$this->update_xup($user_id, $user_xup);
}
if ($pref['user_tracking'] == "session") {
$_SESSION[$pref['cookie_name']] = $cookieval;
} else {
if ($autologin == 1) {
cookie($pref['cookie_name'], $cookieval, (time() + 3600 * 24 * 30));
} else {
cookie($pref['cookie_name'], $cookieval);
}
// Calculate class membership - needed for a couple of things
$class_list = explode(',',$lode['user_class']);
if ($lode['user_admin'] && strlen($lode['user_perms']))
{
$class_list[] = e_UC_ADMIN;
if (strpos($lode['user_perms'],'0') === 0)
{
$class_list[] = e_UC_MAINADMIN;
}
$edata_li = array("user_id" => $user_id, "user_name" => $username);
$e_event->trigger("login", $edata_li);
$redir = (e_QUERY ? e_SELF."?".e_QUERY : e_SELF);
}
$class_list[] = e_UC_MEMBER;
$class_list[] = e_UC_PUBLIC;
$user_logging_opts = array_flip(explode(',',varset($pref['user_audit_opts'],'')));
if (isset($user_logging_opts[USER_AUDIT_LOGIN]) && in_array(varset($pref['user_audit_class'],''),$class_list))
{ // Need to note in user audit trail
$admin_log->user_audit(USER_AUDIT_LOGIN,'', $user_id,$user_name);
}
$edata_li = array("user_id" => $user_id, "user_name" => $username);
$e_event->trigger("login", $edata_li);
$redir = (e_QUERY ? e_SELF."?".e_QUERY : e_SELF);
if (isset($pref['frontpage_force']) && is_array($pref['frontpage_force']))
@@ -155,17 +186,6 @@ class userlogin {
$lode['user_perms'] = trim($lode['user_perms']);
// $log_info = "New user: ".$lode['user_name']." Class: ".$lode['user_class']." Admin: ".$lode['user_admin']." Perms: ".$lode['user_perms'];
// $admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","Login Start",$log_info,FALSE,FALSE);
$class_list = explode(',',$lode['user_class']);
if ($lode['user_admin'] && strlen($lode['user_perms']))
{
$class_list[] = e_UC_ADMIN;
if (('0'==$lode['user_perms']) || ('0.' == $lode['user_perms']))
{
$class_list[] = e_UC_MAINADMIN;
}
}
$class_list[] = e_UC_MEMBER;
$class_list[] = e_UC_PUBLIC;
// $admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","New User class",implode(',',$class_list),FALSE,FALSE);
foreach ($pref['frontpage_force'] as $fk=>$fp)
{

8
e107_languages/English/admin/lan_admin.php
View File

@@ -4,8 +4,8 @@
| e107 website system - Language File.
|
| $Source: /cvs_backup/e107_0.8/e107_languages/English/admin/lan_admin.php,v $
| $Revision: 1.5 $
| $Date: 2007-07-03 19:22:08 $
| $Revision: 1.6 $
| $Date: 2007-12-15 15:06:40 $
| $Author: e107steved $
+----------------------------------------------------------------------------+
*/
@@ -175,6 +175,9 @@ define("ADLAN_152", "Enter Code");
define("ADLAN_153", "Administration Area");
define('ADLAN_154', "Error contacting Sourceforge to check for new version");
define('ADLAN_155', 'System Logs');
define('ADLAN_156', 'Admin log, user audit, rolling log');
define('ADLAN_CL_1', 'Settings');
define('ADLAN_CL_2', 'Users');
define('ADLAN_CL_3', 'Content');
@@ -255,7 +258,6 @@ define("LAN_INACTIVE","Inactive");
define("LAN_BAN","Ban");
define("LAN_RATING", "Rating");
define("LAN_UPLOAD", "Upload");
define("LAN_UPLOAD_IMAGES","Upload Images");
define("LAN_UPLOAD_FILES","Upload Files");
define("LAN_UPLOAD_ADDFILE","Add Another File");

92
e107_languages/English/admin/lan_admin_log.php
View File

@@ -1,27 +1,71 @@
<?php
/*
+ ----------------------------------------------------------------------------+
| e107 website system - Language File.
|
| $Source: /cvs_backup/e107_0.8/e107_languages/English/admin/lan_admin_log.php,v $
| $Revision: 1.1.1.1 $
| $Date: 2006-12-02 04:34:40 $
| $Author: lisa_
+----------------------------------------------------------------------------+
*/
define("LAN_ADMINLOG_0", "Admin Log");
define("LAN_ADMINLOG_1", "Date");
define("LAN_ADMINLOG_2", "Title");
define("LAN_ADMINLOG_3", "Description");
define("LAN_ADMINLOG_4", "User IP");
define("LAN_ADMINLOG_5", "User ID");
define("LAN_ADMINLOG_6", "Informative Icon");
define("LAN_ADMINLOG_7", "Informative Message");
define("LAN_ADMINLOG_8", "Notice Icon");
define("LAN_ADMINLOG_9", "Notice Message");
define("LAN_ADMINLOG_10", "Warning Icon");
define("LAN_ADMINLOG_11", "Warning Message");
define("LAN_ADMINLOG_12", "Fatal Icon");
define("LAN_ADMINLOG_13", "Fatal Error Message");
// e107 Language File.
// $Id: lan_admin_log.php,v 1.2 2007-12-15 15:06:40 e107steved Exp $
define('RL_LAN_001', 'System Logs');
define('RL_LAN_002', "Rolling Log");
//define('RL_LAN_003', "Admin/Rolling Log Installed.");
//define('RL_LAN_004', "Admin/Rolling Log Upgraded");
define('RL_LAN_005', "Configure/View system logs");
define('RL_LAN_006', "Options Updated");
define('RL_LAN_007', "User Audit Trail Options");
define('RL_LAN_008', "Rolling Log is active:");
define('RL_LAN_009', "Rolling Log History length in days");
define('RL_LAN_010', "Update Options");
define('RL_LAN_011', 'Rolling Log Configuration and Maintenance Options');
define('RL_LAN_012', "Filter Options");
define('RL_LAN_013', "Start date/time");
define('RL_LAN_014', "End date/time");
define('RL_LAN_015', "User ID filter");
define('RL_LAN_016', "Blank for none, zero for guest");
define('RL_LAN_017', "No log entries, or none match filter");
define('RL_LAN_018', "Refresh log");
define('RL_LAN_019', "Date");
define('RL_LAN_020', "IP");
define('RL_LAN_021', "ID");
define('RL_LAN_022', "User");
define('RL_LAN_023', "Type");
define('RL_LAN_024', "From");
define('RL_LAN_025', "Event Title");
define('RL_LAN_026', "Class for which user actions logged");
define('RL_LAN_027', "Options");
define('RL_LAN_028', "Update Filters");
define('RL_LAN_029', "Event type filter");
define('RL_LAN_030', "Admin Log");
define('RL_LAN_031', "Actions to log");
define('RL_LAN_032', "Pri"); // Event importance
define('RL_LAN_033', "Further Information");
define('RL_LAN_044', "Log events to display per page");
define('RL_LAN_045', "Delete admin log events older than ");
define('RL_LAN_046', " days");
define('RL_LAN_047', "Confirm delete admin log events older than ");
define('RL_LAN_048', "Admin log maintenance");
define('RL_LAN_049', "Delete old entries");
define('RL_LAN_050', "Parameter error - nothing deleted");
define('RL_LAN_051', "Confirm Delete");
define('RL_LAN_052', "Admin log events older than ");
define('RL_LAN_053', " entries) deleted");
define('RL_LAN_054', "Nothing to delete, or database error");
define('RL_LAN_055', "Cancel");
define('RL_LAN_056', "Nothing deleted");
define('RL_LAN_057', " (");
define('RL_LAN_058', "Priority Filter:");
define('RL_LAN_059', "Caller Filter:");
define('RL_LAN_060', "IP Address Filter:");
define('RL_LAN_061', "Wildcard (*) at end acceptable");
define('RL_LAN_062', 'User Audit Log');
define('RL_LAN_063', 'User audit settings updated');
define('RL_LAN_064', 'Applicable to all logs');
// Messages for checkbox options in audit log - correspond to audit log event codes
define('RL_LAN_071', 'User registration (ignores class setting above)');
define('RL_LAN_072', 'Signup email acknowledgement (ignores class setting above)');
define('RL_LAN_073', 'Login/Logout');
define('RL_LAN_075', 'Change display name');
define('RL_LAN_076', 'Change password');
define('RL_LAN_077', 'Change email address');
define('RL_LAN_078', 'Password Reset');
define('RL_LAN_079', 'Change other user settings');
?>

8
e107_languages/English/admin/lan_administrator.php
View File

@@ -4,9 +4,9 @@
| e107 website system - Language File.
|
| $Source: /cvs_backup/e107_0.8/e107_languages/English/admin/lan_administrator.php,v $
| $Revision: 1.1.1.1 $
| $Date: 2006-12-02 04:34:40 $
| $Author: mcfly_e107 $
| $Revision: 1.2 $
| $Date: 2007-12-15 15:06:40 $
| $Author: e107steved $
+----------------------------------------------------------------------------+
*/
define("ADMSLAN_0", "New user/admin entry created for");
@@ -37,7 +37,7 @@ define("ADMSLAN_29", "Manage banners");
define("ADMSLAN_30", "Configure news feed headlines");
define("ADMSLAN_31", "Configure emoticons");
define("ADMSLAN_32", "Configure front page content");
define("ADMSLAN_33", "Configure log/stats");
define("ADMSLAN_33", "Configure system logging");
define("ADMSLAN_34", "Configure meta tags");
define("ADMSLAN_35", "Configure public file uploads");
define("ADMSLAN_36", "Configure Image Settings");

14
e107_languages/English/lan_fpw.php
View File

@@ -4,9 +4,9 @@
| e107 website system - Language File.
|
| $Source: /cvs_backup/e107_0.8/e107_languages/English/lan_fpw.php,v $
| $Revision: 1.2 $
| $Date: 2007-12-13 01:01:35 $
| $Author: e107coders $
| $Revision: 1.3 $
| $Date: 2007-12-15 15:06:40 $
| $Author: e107steved $
+----------------------------------------------------------------------------+
*/
define("PAGE_NAME", "Password Reset");
@@ -18,7 +18,7 @@ define("LAN_06", "Attempted password reset");
define("LAN_07", "Someone with IP address ");
define("LAN_08", "attempted to reset the main admin password.");
define("LAN_09", "Password reset from ");
define("LAN_112", "Email address used when signing up");
define("LAN_112", 'Email address registered on this site');
define("LAN_156", "Submit");
define("LAN_213", "That username/email address was not found in database.");
define("LAN_214", "Unable to reset password");
@@ -44,5 +44,11 @@ define("LAN_FPW14", "has been submitted by someone with the IP of");
define("LAN_FPW15", "This does not mean your password has yet been reset. You must navigate to the link shown below to complete the reset process.");
define("LAN_FPW16", "If you did not request to have your password reset and you do NOT want it reset, you may simply ignore this email");
define("LAN_FPW17", "The link below will be valid for 48 hours.");
define('LAN_FPW18','Password reset requested');
define('LAN_FPW19','Email send failed');
define('LAN_FPW20','Email send succeeded');
define('LAN_FPW21','User clicked on password reset link');
define('LAN_FPW22','');
?>

49
e107_languages/English/lan_signup.php
View File

@@ -4,8 +4,8 @@
| e107 website system - Language File.
|
| $Source: /cvs_backup/e107_0.8/e107_languages/English/lan_signup.php,v $
| $Revision: 1.9 $
| $Date: 2007-11-11 21:52:37 $
| $Revision: 1.10 $
| $Date: 2007-12-15 15:06:40 $
| $Author: e107steved $
+----------------------------------------------------------------------------+
*/
@@ -44,6 +44,18 @@ define("LAN_405", "This stage of registration is complete. You will receive a co
define("LAN_406", "Thank you!");
define("LAN_407", "Please keep this email for your own information. Your password has been encrypted and cannot be retrieved if you misplace or forget it. You can however request a new password if this happens.\n\nThanks for your registration.\n\nFrom");
define("LAN_408", "A user with that email address already exists. Please use the 'forgot password' screen to retrieve your password.");
define("LAN_409", "Invalid characters in username");
define("LAN_410", "Enter code visible in the image");
define("LAN_411", "That display name already exists in the database, please choose a different display name");
define("LAN_EMAIL_01", "Dear");
define("LAN_EMAIL_04", "Please keep this email for your own information.");
define("LAN_EMAIL_05", "Your password has been encrypted and cannot be retrieved if you misplace or forget it. You can however request a new password if this happens.");
define("LAN_EMAIL_06", "Thanks for your registration.");
define("LAN_SIGNUP_1", "Min.");
define("LAN_SIGNUP_2", "chars.");
define("LAN_SIGNUP_3", "Code verification failed.");
@@ -55,12 +67,6 @@ define("LAN_SIGNUP_8", "Thank you!");
define("LAN_SIGNUP_9", "Unable to proceed.");
define("LAN_SIGNUP_10", "Yes");
define("LAN_SIGNUP_11", ".");
define("LAN_409", "Invalid characters in username");
define("LAN_410", "Enter code visible in the image");
define("LAN_411", "That display name already exists in the database, please choose a different display name");
define("LAN_SIGNUP_12", "please keep your username and password written down in a safe place as if lost they cannot be retrieved.");
define("LAN_SIGNUP_13", "You can now log in from the Login box, or from <a href='".e_BASE."login.php'>here</a>.");
define("LAN_SIGNUP_14", "here");
@@ -80,27 +86,15 @@ define("LAN_SIGNUP_27", "Show");
define("LAN_SIGNUP_28", "choice of Content/Mail-lists");
define("LAN_SIGNUP_29", "A verification email will be sent to the email address you enter here so it must be valid.");
define("LAN_SIGNUP_30", "If you do not wish to display your email address on this site, please tick the 'hide email address' box.");
define("LAN_SIGNUP_31", "URL to your XUP file");
define("LAN_SIGNUP_32", "What's an XUP file?");
define("LAN_SIGNUP_33", "Type path or choose avatar");
define("LAN_SIGNUP_34", "Please note: Any image uploaded to this server that is deemed inappropriate by the administrators will be deleted immediately.");
define("LAN_SIGNUP_35", "Click here to register using an XUP file");
define("LAN_SIGNUP_36", "An error has occurred creating your user information, please contact the site admin");
define("LAN_LOGINNAME", "Username");
define("LAN_PASSWORD", "Password");
define("LAN_USERNAME", "Display Name");
define("LAN_EMAIL_01", "Dear");
define("LAN_EMAIL_04", "Please keep this email for your own information.");
define("LAN_EMAIL_05", "Your password has been encrypted and cannot be retrieved if you misplace or forget it. You can however request a new password if this happens.");
define("LAN_EMAIL_06", "Thanks for your registration.");
define("LAN_SIGNUP_37", "This stage of registration is complete. The site admin will need to approve your membership. Once this has been done you will receive a confirmation email alerting you that your membership has been approved.");
define("LAN_SIGNUP_38", "You entered two different email addresses. Please enter a valid email address in the two fields provided");
define("LAN_SIGNUP_39", "Re-type Email Address:");
// 0.7.6
define("LAN_SIGNUP_40", "Activation not necessary");
define("LAN_SIGNUP_41", "Your account is already activated.");
define("LAN_SIGNUP_42", "There was a problem, the registration mail was not sent, please contact the website administrator.");
@@ -120,6 +114,21 @@ define("LAN_SIGNUP_56", "That display name is too short. Please choose another")
define("LAN_SIGNUP_57", "That login name is too long. Please choose another");
define("LAN_SIGNUP_58", "Signup Preview");
define("LAN_SIGNUP_59","**** If the link doesn't work, please check that part of it has not overflowed onto the next line. ****");
define('LAN_SIGNUP_60','Signup email resend requested');
define('LAN_SIGNUP_61','Send succeeded');
define('LAN_SIGNUP_62','Send failed');
define('LAN_SIGNUP_63','Password reset email resent requested');
define('LAN_SIGNUP_64','');
define('LAN_SIGNUP_65','');
define('LAN_SIGNUP_66','');
define('LAN_SIGNUP_67','');
define('LAN_SIGNUP_68','');
define('LAN_SIGNUP_69','');
define('LAN_SIGNUP_70','');
define("LAN_LOGINNAME", "Username");
define("LAN_PASSWORD", "Password");
define("LAN_USERNAME", "Display Name");
?>

15
e107_languages/English/lan_usersettings.php
View File

@@ -4,8 +4,8 @@
| e107 website system - Language File.
|
| $Source: /cvs_backup/e107_0.8/e107_languages/English/lan_usersettings.php,v $
| $Revision: 1.9 $
| $Date: 2007-08-16 19:19:43 $
| $Revision: 1.10 $
| $Date: 2007-12-15 15:06:40 $
| $Author: e107steved $
+----------------------------------------------------------------------------+
*/
@@ -82,10 +82,6 @@ define("LAN_SIGNUP_5", " characters long.");
define("LAN_SIGNUP_6", "Your ");
define("LAN_SIGNUP_7", " is required");
define("LAN_USET_1", "Your avatar is too wide");
define("LAN_USET_2", "Maximum allowable width is");
define("LAN_USET_3", "Your avatar is too high");
define("LAN_USET_4", "Maximum allowable height is");
// v.616
define("LAN_CUSTOMTITLE", "Custom Title");
@@ -99,6 +95,10 @@ define("MAX_AVHEIGHT", " x ");
define("RESIZE_NOT_SUPPORTED", "Resize method not supported by this server. Please resize image or choose another. File has been deleted.");
// v0.7
define("LAN_USET_1", "Your avatar is too wide");
define("LAN_USET_2", "Maximum allowable width is");
define("LAN_USET_3", "Your avatar is too high");
define("LAN_USET_4", "Maximum allowable height is");
define("LAN_USET_5", "Subscribed to");
define("LAN_USET_6", "Subscribe to our mailing-list(s) and/or sections of this site.");
define("LAN_USET_7", "Miscellaneous");
@@ -112,5 +112,8 @@ define("LAN_USET_14", "Login name too long. Please choose another");
define("LAN_USET_15", "Display name too long. Please choose another");
define("LAN_USET_16", "Tick box to delete existing photo without uploading another");
define("LAN_USET_17", "Display name already used. Please choose another");
define('LAN_USET_18', 'User data changed by admin: --ID--, login name: --LOGNAME--');
define('LAN_USET_19', '');
define('LAN_USET_20', '');
?>

72
fpw.php
View File

@@ -11,9 +11,9 @@
| GNU General Public License (http://gnu.org).
|
| $Source: /cvs_backup/e107_0.8/fpw.php,v $
| $Revision: 1.3 $
| $Date: 2007-12-13 01:01:35 $
| $Author: e107coders $
| $Revision: 1.4 $
| $Date: 2007-12-15 15:06:40 $
| $Author: e107steved $
+----------------------------------------------------------------------------+
*/
require_once("class2.php");
@@ -58,14 +58,18 @@ function fpw_error($txt) {
exit;
}
//the seperator character used
//the separator character used
$fpw_sep = "#";
if (e_QUERY) {
if (e_QUERY)
{ // User has clicked on link to reset password
define("FPW_ACTIVE","TRUE");
$tmp = explode($fpw_sep, e_QUERY);
$tmpinfo = preg_replace("#[\W_]#", "", $tp -> toDB($tmp[0], true));
if ($sql->db_Select("tmp", "*", "tmp_info LIKE '%{$fpw_sep}{$tmpinfo}' ")) {
if ($sql->db_Select("tmp", "*", "tmp_info LIKE '%{$fpw_sep}{$tmpinfo}' "))
{
$row = $sql->db_Fetch();
extract($row);
$sql->db_Delete("tmp", "tmp_info LIKE '%{$fpw_sep}{$tmpinfo}' ");
@@ -76,8 +80,15 @@ if (e_QUERY) {
}
$mdnewpw = md5($newpw);
// Details for admin log
$do_log['password_action'] = LAN_FPW21;
$do_log['user_name'] = $tp -> toDB($username, true);
$do_log['activation_code'] = $tmpinfo;
$do_log['user_password'] = $mdnewpw;
$admin_log->user_audit(USER_AUDIT_PW_RES,$do_log,0,$do_log['user_name']);
list($username, $md5) = explode($fpw_sep, $tmp_info);
$sql->db_Update("user", "user_password='$mdnewpw', user_viewed='' WHERE user_name='".$tp -> toDB($username, true)."' ");
$sql->db_Update("user", "user_password='{$mdnewpw}', user_viewed='' WHERE user_name='".$tp -> toDB($username, true)."' ");
cookie($pref['cookie_name'], "", (time()-2592000));
$_SESSION[$pref['cookie_name']] = "";
@@ -94,11 +105,16 @@ if (e_QUERY) {
}
}
if (isset($_POST['pwsubmit'])) {
// Request to reset password
//--------------------------
if (isset($_POST['pwsubmit']))
{
require_once(e_HANDLER."mail.php");
$email = $_POST['email'];
if ($pref['fpwcode'] && extension_loaded("gd")) {
if ($pref['fpwcode'] && extension_loaded("gd"))
{
if (!$sec_img->verify_code($_POST['rand_num'], $_POST['code_verify'])) {
fpw_error(LAN_FPW3);
}
@@ -110,19 +126,22 @@ if (isset($_POST['pwsubmit'])) {
// Allow admins to remove 'username' from fpw_template.php if they wish.
$query .= (isset($_POST['username'])) ? " AND user_loginname='{$clean_username}'" : "";
if ($sql->db_Select("user", "*", $query)) {
if ($sql->db_Select("user", "*", $query))
{
$row = $sql->db_Fetch();
extract($row);
extract($row);
if ($user_admin == 1 && $user_perms == "0") {
if ($user_admin == 1 && $user_perms == "0")
{ // Main admin expected to be competent enough to never forget password! (And its a security check - so warn them)
sendemail($pref['siteadminemail'], LAN_06, LAN_07."".$e107->getip()." ".LAN_08);
echo "<script type='text/javascript'>document.location.href='index.php'</script>\n";
die();
}
if ($sql->db_Select("tmp", "*", "tmp_ip = 'pwreset' AND tmp_info LIKE '{$user_name}{$fpw_sep}%'")) {
fpw_error(LAN_FPW4);
exit;
if ($sql->db_Select("tmp", "*", "tmp_ip = 'pwreset' AND tmp_info LIKE '{$user_name}{$fpw_sep}%'"))
{
fpw_error(LAN_FPW4);
exit;
}
mt_srand ((double)microtime() * 1000000);
@@ -139,17 +158,30 @@ if (isset($_POST['pwsubmit'])) {
//Set timestamp two days ahead so it doesn't get auto-deleted
$sql->db_Insert("tmp", "'pwreset',{$deltime},'{$user_name}{$fpw_sep}{$rcode}'");
$do_log['password_action'] = LAN_FPW18;
$do_log['user_id'] = $row['user_id'];
$do_log['user_name'] = $row['user_name'];
$do_log['user_loginname'] = $row['user_loginname'];
$do_log['activation_code'] = $rcode;
if (sendemail($_POST['email'], "".LAN_09."".SITENAME, $message)) {
$text = "<div style='text-align:center'>".LAN_FPW6."</div>";
} else {
$text = "<div style='text-align:center'>".LAN_02."</div>";
if (sendemail($_POST['email'], "".LAN_09."".SITENAME, $message))
{
$text = "<div style='text-align:center'>".LAN_FPW6."</div>";
$do_log['password_result'] = LAN_FPW20;
}
else
{
$text = "<div style='text-align:center'>".LAN_02."</div>";
$do_log['password_result'] = LAN_FPW19;
}
$admin_log->user_audit(USER_AUDIT_PW_RES,$do_log,$row['user_id'],$row['user_name']);
$ns->tablerender(LAN_03, $text);
require_once(FOOTERF);
exit;
} else {
}
else
{
$text = LAN_213;
$ns->tablerender(LAN_214, "<div style='text-align:center'>".$text."</div>");
}

40
signup.php
View File

@@ -11,8 +11,8 @@
| GNU General Public License (http://gnu.org).
|
| $Source: /cvs_backup/e107_0.8/signup.php,v $
| $Revision: 1.12 $
| $Date: 2007-12-09 16:42:22 $
| $Revision: 1.13 $
| $Date: 2007-12-15 15:06:40 $
| $Author: e107steved $
+----------------------------------------------------------------------------+
*/
@@ -40,6 +40,7 @@ include_once(e_FILE."shortcode/batch/signup_shortcodes.php");
$signup_imagecode = ($pref['signcode'] && extension_loaded("gd"));
//-------------------------------
// Resend Activation Email
//-------------------------------
@@ -100,24 +101,22 @@ if(e_QUERY == "resend" && !USER && ($pref['user_reg_veri'] == 1))
$mailheader_e107id = $nid;
require_once(e_HANDLER."mail.php");
/*
echo "Sending to: ".$row['user_email'];
require_once(FOOTERF);
exit;
*/
$do_log['signup_action'] = LAN_SIGNUP_63;
if(!sendemail($row['user_email'], $eml['subject'], $eml['message'], $row['user_name'], "", "", $eml['attachments'], $eml['cc'], $eml['bcc'], $returnpath, $returnreceipt,$eml['inline-images']))
{
$ns -> tablerender(LAN_ERROR,LAN_SIGNUP_42);
require_once(FOOTERF);
exit;
$ns -> tablerender(LAN_ERROR,LAN_SIGNUP_42);
$do_log['signup_result'] = LAN_SIGNUP_62;
}
else
{
$ns -> tablerender(LAN_SIGNUP_43,LAN_SIGNUP_44." ".$row['user_email']." - ".LAN_SIGNUP_45."<br /><br />");
require_once(FOOTERF);
exit;
$do_log['signup_result'] = LAN_SIGNUP_61;
}
// Now log this (log will ignore if its disabled)
$admin_log->user_audit(USER_AUDIT_PW_RES,$do_log,$row['user_id'],$row['user_name']);
require_once(FOOTERF);
exit;
}
require_once(e_HANDLER."message_handler.php");
@@ -284,7 +283,7 @@ if (e_QUERY)
if ($qs[0] == "activate" && (count($qs) == 3 || count($qs) == 4) && $qs[2])
{
// return the message in the correct language.
if($qs[3] && strlen($qs[3]) == 2 )
if(isset($qs[3]) && strlen($qs[3]) == 2 )
{
require_once(e_HANDLER."language_class.php");
$lng = new language;
@@ -321,6 +320,10 @@ if (e_QUERY)
}
}
$sql->db_Update("user", "user_ban='0', user_sess=''{$init_classes} WHERE user_sess='".$tp -> toDB($qs[2], true)."' ");
// Log to user audit log if enabled
$admin_log->user_audit(USER_AUDIT_EMAILACK,$row);
$e_event->trigger("userveri", $row);
require_once(HEADERF);
$text = LAN_401." <a href='index.php'>".LAN_SIGNUP_22."</a> ".LAN_SIGNUP_23."<br />".LAN_SIGNUP_24." ".SITENAME;
@@ -688,6 +691,17 @@ global $db_debug;
$u_key = md5(uniqid(rand(), 1));
// ************* Possible class insert
$nid = $sql->db_Insert("user", "0, '{$username}', '{$loginname}', '', '".md5($_POST['password1'])."', '{$u_key}', '".$tp -> toDB($_POST['email'])."', '".$tp -> toDB($_POST['signature'])."', '".$tp -> toDB($_POST['image'])."', '".$tp -> toDB($_POST['timezone'])."', '".$tp -> toDB($_POST['hideemail'])."', '".$time."', '0', '".$time."', '0', '0', '0', '0', '".$ip."', '2', '0', '', '', '0', '0', '".$tp -> toDB($_POST['realname'])."', '', '', '', '0', '".$tp -> toDB($_POST['xupexist'])."' ");
// Log to user audit log if enabled
$admin_log->user_audit(USER_AUDIT_SIGNUP,array(
'user_id' => $nid,
'user_name' => $username,
'user_loginname' => $loginname,
'user_email' => $tp -> toDB($_POST['email']),
'user_realname' => $tp -> toDB($_POST['realname']),
'signup_key' => $u_key
));
if(!$nid)
{
require_once(HEADERF);

644
usersettings.php
View File

@@ -11,12 +11,39 @@
| GNU General Public License (http://gnu.org).
|
| $Source: /cvs_backup/e107_0.8/usersettings.php,v $
| $Revision: 1.17 $
| $Date: 2007-12-09 22:38:27 $
| $Revision: 1.18 $
| $Date: 2007-12-15 15:06:40 $
| $Author: e107steved $
Mods to give a uniform interface.
To do:
1. Check that photo can be updated/deleted OK
3. Make sure all $_POST values go through $tp->toDB - currently display name, login name don't - that's the way it was
4. Make sure displayname and loginname kept in sync where not permitted to be different
5. Check whether customtitle needs a special look to obey an option - currently updated in two places; check which is required
6. XUP update - there's a bit of code which calls userlogin::update_xup() which looks relevant - BUT:
a) It allows update of user_login field
b) Possible error on {EMAILHIDE} - should it be {$EMAILHIDE} ?
c) That code will update the user record regardless of whether there are values in the XUP file - so could become null
7. When restoring $_POST values after an error (just before display) they should all have been vetted - should be done, but double check
8. Check the use of 'class' around line 190 - if left, the message doesn't make total sense. Not sure the feature makes sense anyway.
9. No means of retaining name of photo file through an error?
10. Can get editable classes from the userclass object in 0.8
11. Check its acceptable to, on the whole, not update a field which is empty but for which $_POST[] value exists
12. Run through list of fields in DB; make sure all can be updated where needed
14. Add admin log entry for when admin changing data
15. Check class memberships - possible that main admin made a member of all (may be an inherited userclass issue)
Notes:
$pref['forum_user_customtitle'] - used and saved in central record; set in forum interface
Uses $udata initially, later curVal to hold current user data
+----------------------------------------------------------------------------+
*/
//echo "Starting usersettings<br />";
require_once("class2.php");
require_once(e_HANDLER."ren_help.php");
require_once(e_HANDLER."user_extended_class.php");
@@ -24,8 +51,11 @@ $ue = new e107_user_extended;
//define("US_DEBUG",TRUE);
define("US_DEBUG",FALSE);
//echo "Loaded includes<br />";
/*
These links look redundant
if (isset($_POST['sub_news']))
{
header("location:".e_BASE."submitnews.php");
@@ -51,26 +81,30 @@ if (isset($_POST['sub_review'])) {
header("location:".e_BASE."subcontent.php?review");
exit;
}
*/
if (!USER) {
header("location:".e_BASE."index.php");
exit;
if (!USER)
{ // Must be logged in to change settings
header("location:".e_BASE."index.php");
exit;
}
if (!ADMIN && e_QUERY && e_QUERY != "update") {
header("location:".e_BASE."usersettings.php");
exit;
if (!ADMIN && e_QUERY && e_QUERY != "update")
{
header("location:".e_BASE."usersettings.php");
exit;
}
require_once(e_HANDLER."ren_help.php");
if(is_readable(THEME."usersettings_template.php"))
{
include_once(THEME."usersettings_template.php");
include_once(THEME."usersettings_template.php");
}
else
{
include_once(e_THEME."templates/usersettings_template.php");
include_once(e_THEME."templates/usersettings_template.php");
}
include_once(e_FILE."shortcode/batch/usersettings_shortcodes.php");
@@ -80,27 +114,29 @@ $_uid = is_numeric(e_QUERY) ? intval(e_QUERY) : "";
$sesschange = ''; // Notice removal
$photo_to_delete = '';
$avatar_to_delete = '';
$changed_user_data = array();
require_once(HEADERF);
// Save user settings (whether or not changed)
//---------------------------------------------
// Save user settings (changes only)
//-----------------------------------
$error = "";
if (isset($_POST['updatesettings']))
{
if(!varsettrue($pref['auth_method']) || $pref['auth_method'] == '>e107')
{
$pref['auth_method'] = 'e107';
$pref['auth_method'] = 'e107';
}
if($pref['auth_method'] != 'e107')
{
$_POST['password1'] = '';
$_POST['password2'] = '';
$_POST['password1'] = '';
$_POST['password2'] = '';
}
if ($_uid && ADMIN)
{ // Admin logged in and editing another user's settings - so editing a different ID
$inp = $_uid;
@@ -112,31 +148,59 @@ if (isset($_POST['updatesettings']))
}
$udata = get_user_data($inp); // Get all the existing user data, including any extended fields
$peer = ($inp == USERID ? false : true);
// Check external avatar
$_POST['image'] = str_replace(array('\'', '"', '(', ')'), '', $_POST['image']); // these are invalid anyway, so why allow them? (XSS Fix)
if ($_POST['image'] && $size = getimagesize($_POST['image'])) {
if ($_POST['image'])
{
$_POST['image'] = str_replace(array('\'', '"', '(', ')'), '', $_POST['image']); // these are invalid anyway, so why allow them? (XSS Fix)
if ($size = getimagesize($_POST['image']))
{
$avwidth = $size[0];
$avheight = $size[1];
$avmsg = "";
$pref['im_width'] = ($pref['im_width']) ? $pref['im_width'] : 120;
$pref['im_height'] = ($pref['im_height']) ? $pref['im_height'] : 100;
if ($avwidth > $pref['im_width']) {
$avmsg .= LAN_USET_1." ($avwidth)<br />".LAN_USET_2.": {$pref['im_width']}<br /><br />";
$pref['im_width'] = varsettrue($pref['im_width'], 120);
$pref['im_height'] = varsettrue($pref['im_height'], 100);
if ($avwidth > $pref['im_width'])
{
$avmsg .= LAN_USET_1." ({$avwidth})<br />".LAN_USET_2.": {$pref['im_width']}<br /><br />";
}
if ($avheight > $pref['im_height']) {
$avmsg .= LAN_USET_3." ($avheight)<br />".LAN_USET_4.": {$pref['im_height']}";
if ($avheight > $pref['im_height'])
{
$avmsg .= LAN_USET_3." ({$avheight})<br />".LAN_USET_4.": {$pref['im_height']}";
}
if ($avmsg) {
$_POST['image'] = "";
$error = $avmsg;
if ($avmsg)
{
$_POST['image'] = "";
$error = $avmsg;
}
else
{
if ($_POST['image'] != $udata['user_image'])
{
$changed_user_data['user_image'] = $_POST['image'];
}
}
}
else
{ // Invalid image file - we could just put up a message
}
}
// The 'class' option doesn't really make sense to me, but left it for now
// $signup_option_title = array(LAN_308, LAN_120, LAN_121, LAN_122);
// $signup_option_names = array("realname", "signature", "image", "timezone");
$signup_option_title = array(LAN_308, LAN_120, LAN_121, LAN_122, LAN_USET_6);
$signup_option_names = array("realname", "signature", "image", "timezone", "class");
foreach($signup_option_names as $key => $value)
{ // Check required signup fields
if ($pref['signup_option_'.$value] == 2 && !$_POST[$value] && !$_uid)
@@ -146,74 +210,56 @@ if (isset($_POST['updatesettings']))
}
// Login Name checks
if (isset($_POST['loginname']))
// Login Name checks - only admin can change login name
if (isset($_POST['loginname']) && ADMIN && getperms("4"))
{ // Only check if its been edited
$temp_name = trim(preg_replace('/&nbsp;|\#|\=|\$/', "", strip_tags($_POST['loginname'])));
if ($temp_name != $_POST['loginname'])
$loginname = trim(preg_replace('/&nbsp;|\#|\=|\$/', "", strip_tags($_POST['loginname'])));
if ($loginname != $_POST['loginname'])
{
$error .= LAN_USET_13."\\n";
}
// Check if login name exceeds maximum allowed length
if (strlen($temp_name) > varset($pref['loginname_maxlength'],30))
if (strlen($loginname) > varset($pref['loginname_maxlength'],30))
{
$error .= LAN_USET_14."\\n";
}
if ($udata['user_loginname'] != $loginname)
{
$changed_user_data['user_loginname'] = $loginname;
}
else
{
unset($loginname);
}
}
$_POST['loginname'] = $temp_name;
}
if (isset($loginname)) $_POST['loginname'] = $loginname; else unset($_POST['loginname']); // Make sure no change of the $_POST value staying set inappropriately
// Password checks
$pwreset = "";
if ($_POST['password1'] != $_POST['password2']) {
$error .= LAN_105."\\n";
// Display name checks
// If display name == login name, it has to meet the criteria for both login name and display name
echo "Check_class: {$pref['displayname_class']}; {$udata['user_class']}; {$peer}<br />";
if (check_class($pref['displayname_class'], $udata['user_class'], $peer))
{ // Display name can be different to login name - check display name if its been entered
if (isset($_POST['username']))
{
$username = trim(strip_tags($_POST['username']));
$_POST['username'] = $username;
echo "Found new display name: {$username}<br />";
}
}
else
{
if(trim($_POST['password1']) != "")
{
$pwreset = "user_password = '".md5(trim($_POST['password1']))."', ";
}
}
if(isset($pref['signup_disallow_text']))
{
$tmp = explode(",", $pref['signup_disallow_text']);
foreach($tmp as $disallow){
if(strstr($_POST['username'], $disallow)){
$error .= LAN_USET_11."\\n";
}
}
}
if (strlen(trim($_POST['password1'])) < $pref['signup_pass_len'] && trim($_POST['password1']) != "") {
$error .= LAN_SIGNUP_4.$pref['signup_pass_len'].LAN_SIGNUP_5."\\n";
$password1 = "";
$password2 = "";
{ // Display name and login name must be the same - check only if the login name has been changed
if (varsettrue($loginname)) $username = $loginname;
}
if (isset($pref['disable_emailcheck']) && $pref['disable_emailcheck']==1)
{
} else {
if (!check_email($_POST['email']))
{
$error .= LAN_106."\\n";
}
}
// Check for duplicate of email address
if ($sql->db_Select("user", "user_name, user_email", "user_email='".$tp -> toDB($_POST['email'])."' AND user_id !='".intval($inp)."' "))
{
$error .= LAN_408."\\n";
}
// Display name checks
if (isset($_POST['username']))
if (varsettrue($username))
{
echo "Checking user name<br />";
// Impose a minimum length on display name
$username = trim(strip_tags($_POST['username']));
if (strlen($username) < 2)
{
$error .= LAN_USET_12."\\n";
@@ -223,95 +269,141 @@ if (isset($_POST['updatesettings']))
$error .= LAN_USET_15."\\n";
}
if(isset($pref['signup_disallow_text']))
{
$tmp = explode(",", $pref['signup_disallow_text']);
foreach($tmp as $disallow)
{
if(stristr($username, trim($disallow)))
{
$error .= LAN_USET_11."\\n";
}
}
}
// Display Name exists.
if ($sql->db_Count("user", "(*)", "WHERE `user_name`='".$username."' AND `user_id` != '".intval($inp)."' "))
{
$error .= LAN_USET_17;
}
if ($username != $udata['user_name']) $changed_user_data['user_name'] = $username;
unset($username);
}
// Password checks
if ($_POST['password1'] != $_POST['password2'])
{
$error .= LAN_105."\\n";
}
else
{
if(trim($_POST['password1']) != "")
{
if (strlen(trim($_POST['password1'])) < $pref['signup_pass_len'])
{
$error .= LAN_SIGNUP_4.$pref['signup_pass_len'].LAN_SIGNUP_5."\\n";
}
$changed_user_data['user_password'] = md5(trim($_POST['password1']));
}
}
// Email address checks
if (!varsettrue($pref['disable_emailcheck']))
{
if (!check_email($_POST['email']))
{
$error .= LAN_106."\\n";
}
}
// Check for duplicate of email address
if ($sql->db_Select("user", "user_name, user_email", "user_email='".$tp -> toDB($_POST['email'])."' AND user_id !='".intval($inp)."' "))
{
$error .= LAN_408."\\n";
}
// Uploaded avatar and/or photo
$user_sess = "";
if ($file_userfile['error'] != 4)
{
require_once(e_HANDLER."upload_handler.php");
require_once(e_HANDLER."resize_handler.php");
require_once(e_HANDLER."upload_handler.php");
require_once(e_HANDLER."resize_handler.php");
if ($uploaded = file_upload(e_FILE."public/avatars/", "avatar"))
{
foreach ($uploaded as $upload)
{ // Needs the latest upload handler (with legacy and 'future' interfaces) to work
if ($upload['name'] && ($upload['index'] == 'avatar') && $pref['avatar_upload'])
if ($uploaded = file_upload(e_FILE."public/avatars/", "avatar"))
{
foreach ($uploaded as $upload)
{ // Needs the latest upload handler (with legacy and 'future' interfaces) to work
if ($upload['name'] && ($upload['index'] == 'avatar') && $pref['avatar_upload'])
{
// avatar uploaded - give it a reference which identifies it as server-stored
$_POST['image'] = "-upload-".$upload['name'];
if ($_POST['image'] != $udata['user_image'])
{
// avatar uploaded - give it a reference which identifies it as server-stored
$_POST['image'] = "-upload-".$upload['name'];
if ($_POST['image'] != $currentUser['user_image'])
{
$avatar_to_delete = str_replace("-upload-", "", $currentUser['user_image']);
// echo "Avatar change; deleting {$avatar_to_delete}<br />";
}
if (!resize_image(e_FILE."public/avatars/".$upload['name'], e_FILE."public/avatars/".$upload['name'], "avatar"))
{
unset($message);
$error .= RESIZE_NOT_SUPPORTED."\\n";
@unlink(e_FILE."public/avatars/".$upload['name']);
$_POST['image'] = '';
}
$avatar_to_delete = str_replace("-upload-", "", $udata['user_image']);
// echo "Avatar change; deleting {$avatar_to_delete}<br />";
$changed_user_data['user_image'] = $_POST['image'];
}
if ($upload['name'] && ($upload['index'] == 'photo') && $pref['photo_upload'] )
if (!resize_image(e_FILE."public/avatars/".$upload['name'], e_FILE."public/avatars/".$upload['name'], "avatar"))
{
// photograph uploaded
$user_sess = $upload['name'];
if (!resize_image(e_FILE."public/avatars/".$user_sess, e_FILE."public/avatars/".$user_sess, 180))
{
unset($message);
$error .= RESIZE_NOT_SUPPORTED."\\n";
@unlink(e_FILE."public/avatars/".$user_sess);
$user_sess = '';
}
unset($message);
$error .= RESIZE_NOT_SUPPORTED."\\n";
@unlink(e_FILE."public/avatars/".$upload['name']);
$_POST['image'] = '';
unset($changed_user_data['user_image']);
}
}
if ($upload['name'] && ($upload['index'] == 'photo') && $pref['photo_upload'] )
{
// photograph uploaded
if ($udata['user_sess'] != $upload['name'])
{
$photo_to_delete = $udata['user_sess'];
$changed_user_data['user_sess'] = $upload['name'];
}
if (!resize_image(e_FILE."public/avatars/".$upload['name'], e_FILE."public/avatars/".$upload['name'], 180))
{
unset($message);
$error .= RESIZE_NOT_SUPPORTED."\\n";
@unlink(e_FILE."public/avatars/".$upload['name']);
unset($changed_user_data['user_sess']);
}
}
}
}
}
// See if user just wants to delete existing photo
if (isset($_POST['user_delete_photo']))
{
$photo_to_delete = $currentUser['user_sess'];
$sesschange = "user_sess = '', ";
$photo_to_delete = $udata['user_sess'];
$changed_user_data['user_sess'] = '';
// echo "Just delete old photo: {$photo_to_delete}<br />";
}
elseif ($user_sess != "")
{ // Update DB with photo
$sesschange = "user_sess = '".$tp->toDB($user_sess)."', ";
if ($currentUser['user_sess'] == $tp->toDB($user_sess))
{
$sesschange = ''; // Same photo - do nothing
// echo "Photo not changed<br />";
}
else
{
$photo_to_delete = $currentUser['user_sess'];
// echo "New photo: {$user_sess} Delete old photo: {$photo_to_delete}<br />";
}
}
// Validate Extended User Fields.
if($_POST['ue'])
{
if($sql->db_Select('user_extended_struct')) {
while($row = $sql->db_Fetch())
{
$extList["user_".$row['user_extended_struct_name']] = $row;
}
}
$ue_fields = "";
foreach($_POST['ue'] as $key => $val)
if($sql->db_Select('user_extended_struct'))
{
while($row = $sql->db_Fetch())
{
$extList["user_".$row['user_extended_struct_name']] = $row;
}
}
$ue_fields = "";
foreach($_POST['ue'] as $key => $val)
{
$err = false;
$parms = explode("^,^", $extList[$key]['user_extended_struct_parms']);
$regex = $tp->toText($parms[1]);
@@ -336,12 +428,13 @@ if (isset($_POST['updatesettings']))
$ue_fields .= ($ue_fields) ? ", " : "";
$ue_fields .= $key."='".$val."'";
}
}
}
}
// All validated here
// ------------------
// All key fields validated here
// -----------------------------
// $inp - UID of user whose data is being changed (may not be the currently logged in user)
if (!$error)
@@ -355,52 +448,14 @@ if (isset($_POST['updatesettings']))
$ret = $e_event->trigger("preuserset", $_POST);
if(trim($_POST['user_xup']) != "")
{
if($sql->db_Select('user', 'user_xup', "user_id = '".intval($inp)."'"))
{
$row = $sql->db_Fetch();
$update_xup = ($row['user_xup'] != $_POST['user_xup']) ? TRUE : FALSE;
}
}
if ($ret == '')
{
$udata = get_user_data($inp); // Get all the user data, including any extended fields
$peer = ($inp == USERID ? false : true);
$loginname = strip_tags($_POST['loginname']);
if (!$loginname)
{
// $sql->db_Select("user", "user_loginname", "user_id='".intval($inp)."'");
// $row = $sql -> db_Fetch();
$loginname = $udata['user_loginname'];
}
else
{
if(!check_class($pref['displayname_class'], $udata['user_class'], $peer))
{
$new_username = "user_name = '{$loginname}', ";
$username = $loginname;
}
}
// if (isset($_POST['username']) && check_class($pref['displayname_class']))
if (isset($_POST['username']) && check_class($pref['displayname_class'], $udata['user_class'], $peer))
{ // Allow change of display name if in right class
$username = strip_tags($_POST['username']);
$username = $tp->toDB(substr($username, 0, $pref['displayname_maxlength']));
$new_username = "user_name = '{$username}', ";
}
$_POST['signature'] = $tp->toDB($_POST['signature']);
$_POST['realname'] = $tp->toDB($_POST['realname']);
// Either delete this block, or delete user_customtitle from the later loop for non-vetted fields
$new_customtitle = "";
if(isset($_POST['customtitle']) && ($pref['forum_user_customtitle'] || ADMIN))
{
$new_customtitle = ", user_customtitle = '".$tp->toDB($_POST['customtitle'])."' ";
$new_customtitle = $tp->toDB($_POST['customtitle']);
if ($new_customtitle != $udata['user_customtitle']) $changed_user_data['user_customtitle'] = $new_customtitle;
}
@@ -416,51 +471,39 @@ if (isset($_POST['updatesettings']))
}
// We can update the basic user record now
$sql->db_Update("user", "{$new_username} {$pwreset} {$sesschange} user_email='".$tp -> toDB($_POST['email'])."', user_signature='".$_POST['signature']."', user_image='".$tp -> toDB($_POST['image'])."', user_timezone='".$tp -> toDB($_POST['timezone'])."', user_hideemail='".intval($tp -> toDB($_POST['hideemail']))."', user_login='".$_POST['realname']."' {$new_customtitle}, user_xup='".$tp -> toDB($_POST['user_xup'])."' WHERE user_id='".intval($inp)."' ");
if ($photo_to_delete)
{ // Photo may be a flat file, or in the database
delete_file($photo_to_delete);
}
if ($avatar_to_delete)
{ // Avatar may be a flat file, or in the database
delete_file($avatar_to_delete);
}
// If user has changed display name, update the record in the online table
if(isset($username) && ($username != USERNAME) && !$_uid)
// Handle fields which are just transferred without vetting (but are subject to toDB() for exploit restriction)
$copy_list = array('user_signature' => 'signature',
'user_login' => 'realname',
'user_email' => 'email',
'user_timezone' => 'timezone',
'user_customtitle' => 'customtitle',
'user_hideemail' =>'hideemail',
'user_xup' => 'user_xup');
// Next list identifies numerics which might take a value of 0
$non_text_list = array(
'user_hideemail' =>'hideemail'
);
foreach ($copy_list as $k => $v)
{
$sql->db_Update("online", "online_user_id = '".USERID.".".$username."' WHERE online_user_id = '".USERID.".".USERNAME."'");
}
// Only admins can update login name
if(ADMIN && getperms("4"))
{
$sql -> db_Update("user", "user_loginname='".$tp -> toDB($loginname)."' WHERE user_id='".intval($inp)."' ");
}
// Save extended field values
if($ue_fields)
{
// ***** Next line creates a record which presumably should be there anyway, so could generate an error
$sql->db_Select_gen("INSERT INTO #user_extended (user_extended_id, user_hidden_fields) values ('".intval($inp)."', '')");
$sql->db_Update("user_extended", $ue_fields." WHERE user_extended_id = '".intval($inp)."'");
if (isset($_POST[$v]) && (trim($_POST[$v]) || isset($non_text_list[$k])))
{
$_POST[$v] = $tp->toDB(trim($_POST[$v]));
if ($_POST[$v] != $udata[$k])
{
$changed_user_data[$k] = $_POST[$v];
// echo "Changed {$k}, {$v} from {$udata[$k]} to {$_POST[$v]}<br />";
}
}
}
// Update Userclass - only if its the user changing their own data (admins can do it another way)
// if (!$_uid && $sql->db_Select("userclass_classes", "*", "userclass_editclass IN (".USERCLASS_LIST.")"))
if (!$_uid && $sql->db_Select("userclass_classes", "userclass_id", "userclass_editclass IN (".USERCLASS_LIST.")"))
{
$ucList = $sql->db_getList(); // List of classes which this user can edit
if (US_DEBUG) $admin_log->e_log_event(10,debug_backtrace(),"DEBUG","Usersettings test","Read editable list. Current user classes: ".$udata['user_class'],FALSE,LOG_TO_ROLLING);
// if ($sql->db_Select("user", "user_class", "user_id = '".intval($inp)."'"))
// {
// $row = $sql->db_Fetch();
// $cur_classes = explode(",", $row['user_class']);
$cur_classes = explode(",", $udata['user_class']); // Current class membership
$newclist = array_flip($cur_classes); // Array keys are now the class IDs
@@ -479,20 +522,143 @@ if (isset($_POST['updatesettings']))
}
$newclist = array_keys($newclist);
$nid = implode(',', array_diff($newclist, array('')));
// echo "Userclass data - new: {$nid}, old: {$udata['user_class']}<br />";
if ($nid != $udata['user_class'])
{
if (US_DEBUG) $admin_log->e_log_event(10,debug_backtrace(),"DEBUG","Usersettings test","Write back classes; new list: ".$nid,FALSE,LOG_TO_ROLLING);
$sql->db_Update("user", "user_class='".$nid."' WHERE user_id=".intval($inp));
if (US_DEBUG) $admin_log->e_log_event(10,debug_backtrace(),"DEBUG","Usersettings test","Write back classes; old list: {$udata['user_class']}; new list: ".$nid,FALSE,LOG_TO_ROLLING);
$changed_user_data['user_class'] = $nid;
}
// }
}
if($update_xup == TRUE)
// Only admins can update login name - do this just in case one of the event triggers has mucked it about
if (!(ADMIN && getperms("4")))
{
unset($changed_user_data['user_loginname']);
}
// We can update the basic user record now - can just update fields from $changed_user_data
$new_data = array();
foreach ($changed_user_data as $fn => $fv)
{
$new_data[] = "`{$fn}`='{$fv}'";
}
if (US_DEBUG) $admin_log->e_log_event(10,debug_backtrace(),"DEBUG","Usersettings test","Changed data:<br> ".var_export($changed_user_data,TRUE),FALSE,LOG_TO_ROLLING);
$sql->db_Update("user",implode(', ',$new_data)." WHERE user_id='".intval($inp)."' ");
// Now see if we need to log anything. First check the options and class membership
// (Normally we would leave logging decision to the log class. But this one's a bit more complicated)
$user_logging_opts = array_flip(explode(',',varset($pref['user_audit_opts'],'')));
$do_log = array();
$log_action = '';
if ($_uid)
{ // Its an admin changing someone elses data - add an admin log entry here
echo "Admin changing user data<br />";
// Check against the class of the target user, not the admin!
if (!check_class(varset($pref['user_audit_class'],''),$udata['user_class'])) $user_logging_opts = array();
}
else
{
if (!check_class(varset($pref['user_audit_class'],''))) $user_logging_opts = array();
}
// Now log changes if required
if (count($user_logging_opts))
{
// Start with any specific fields we're changing
if (isset($changed_user_data['user_name']))
{
if (isset($user_logging_opts[USER_AUDIT_NEW_DN]))
{
$do_log['user_name'] = $changed_user_data['user_name'];
$log_action = USER_AUDIT_NEW_DN;
}
unset($changed_user_data['user_name']);
}
if (isset($changed_user_data['user_password']))
{
if (isset($user_logging_opts[USER_AUDIT_NEW_PW]))
{ // Password has already been changed to an md5(), so OK to leave the data
$do_log['user_password'] = $changed_user_data['user_password'];
$log_action = USER_AUDIT_NEW_PW;
}
unset($changed_user_data['user_password']);
}
if (isset($changed_user_data['user_email']))
{
if (isset($user_logging_opts[USER_AUDIT_NEW_EML]))
{
$do_log['user_email'] = $changed_user_data['user_email'];
$log_action = USER_AUDIT_NEW_EML;
}
unset($changed_user_data['user_email']);
}
if (count($changed_user_data) && isset($user_logging_opts[USER_AUDIT_NEW_SET]))
{
$do_log = array_merge($do_log,$changed_user_data);
$log_action = USER_AUDIT_NEW_SET;
}
if (count($do_log))
{ // Got some changes to audit
// echo "Adding to audit log<br />";
if ($_uid)
{
$log_action = USER_AUDIT_ADMIN; // If an admin did the mod, different heading
// Embed a message saying who changed the data
$changed_user_data['message'] = str_replace(array('--ID--','--LOGNAME--'),array(USERID,USERNAME),LAN_USET_18);
$admin_log->user_audit($log_action,$do_log, $udata['user_id'],$udata['user_loginname']);
}
else
{
if (count($do_log) > 1) $log_action = USER_AUDIT_NEW_SET; // Log multiple entries to one record
$admin_log->user_audit($log_action,$do_log);
}
}
} // End of audit logging
// Now tidy up
if ($photo_to_delete)
{ // Photo may be a flat file, or in the database
delete_file($photo_to_delete);
}
if ($avatar_to_delete)
{ // Avatar may be a flat file, or in the database
delete_file($avatar_to_delete);
}
// If user has changed display name, update the record in the online table
if(isset($changed_user_data['user_name']) && !$_uid)
{
$sql->db_Update("online", "online_user_id = '".USERID.".".$changed_user_data['user_name']."' WHERE online_user_id = '".USERID.".".USERNAME."'");
}
// Save extended field values
if($ue_fields)
{
// ***** Next line creates a record which presumably should be there anyway, so could generate an error
$sql->db_Select_gen("INSERT INTO #user_extended (user_extended_id, user_hidden_fields) values ('".intval($inp)."', '')");
$sql->db_Update("user_extended", $ue_fields." WHERE user_extended_id = '".intval($inp)."'");
}
/*
Needed - but check bits of the file first
if(isset($changed_user_data['user_xup']))
{
require_once(e_HANDLER."login.php");
userlogin::update_xup($inp, $_POST['user_xup']);
userlogin::update_xup($inp, $changed_user_data['user_xup']);
}
*/
$e_event->trigger("postuserset", $_POST);
@@ -520,17 +686,19 @@ if ($error)
$adref = $_POST['adminreturn'];
}
// --- User data has been update here if appropriate ---
// --- User data has been updated here if appropriate ---
if(isset($message))
{
$ns->tablerender($caption, $message);
}
// ---------------------
//-----------------------------------------------------
// Re-read the user data into curVal (ready for display)
//-----------------------------------------------------
$uuid = ($_uid) ? $_uid : USERID;
$uuid = ($_uid) ? $_uid : USERID; // If $_uid is set, its an admin changing another user's data
$qry = "
SELECT u.*, ue.* FROM #user AS u
@@ -555,15 +723,16 @@ if (strpos($curVal['user_perms'],'0') === 0)
$curVal['userclass_list'] = implode(",", $tmp);
if($_POST)
{ // Fix for all the values being lost when an error occurred.
foreach($_POST as $key => $val)
{
$curVal["user_".$key] = $val;
}
foreach($_POST['ue'] as $key => $val)
{
$curVal[$key] = $val;
}
{ // Fix for all the values being lost when there was an error in a field - restore from the latest $_POST values
// (Password fields have intentionally been cleared). If no error, there's an unset($_POST) to disable this block
foreach($_POST as $key => $val)
{
$curVal["user_".$key] = $val;
}
foreach($_POST['ue'] as $key => $val)
{
$curVal[$key] = $val;
}
}
require_once(e_HANDLER."form_handler.php");
@@ -588,9 +757,10 @@ $text .= "
$ns->tablerender(LAN_155, $text);
require_once(FOOTERF);
//------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------//
function req($field) {
// If a field is required, returns a red asterisk
function req($field)
{
global $pref;
if ($field == 2)
{
@@ -602,7 +772,8 @@ function req($field) {
}
return $ret;
}
//---------------------------------------------------------------------------------
// Delete a file from the public directories. Return TRUE on success, FALSE on failure.
// Also deletes from database if appropriate.
@@ -624,7 +795,8 @@ function delete_file($fname, $dir = 'avatars/')
}
function headerjs() {
function headerjs()
{
global $cal;
$script = "<script type=\"text/javascript\">
function addtext_us(sc){