", $text);
+
+}
+
+
+
+
+//====================================================================
+// LOG VIEW MENU
+//====================================================================
+
+if (($action == "rolllog") || ($action == "adminlog") || ($action == "auditlog"))
+{
+$from = intval(varset($qs[1], 0)); // First entry to display
+$amount = max(varset($pref['sys_log_perpage'], 20),5); // Number of entries per page
+
+// Array decides which filters are active for each log. There are 4 columns total. All but 'datetimes' occupy 2. Must specify multiple of 4 columns - add 'blank' if necessary
+$active_filters = array('adminlog' => array('datetimes'=>0,'ipfilter'=>0,'userfilter'=>0,'eventfilter'=>0,'priority'=>0),
+ 'auditlog' => array('datetimes'=>0,'ipfilter'=>0,'userfilter'=>0,'eventfilter'=>0,'blank'=>2),
+ 'rolllog' => array('datetimes'=>0,'ipfilter'=>0,'userfilter'=>0,'eventfilter'=>0,'priority'=>0,'callerfilter'=>0,'blank'=>2));
+
+// Arrays determine column widths, headings, displayed fields for each log
+$col_widths = array('adminlog' => array(18,4,14,7,15,8,14,20), // Date - Pri - IP - UID - User - Code - Event - Info
+ 'auditlog' => array(18,14,7,15,8,14,24),
+ 'rolllog' => array(15,4,12,6,12,7,13,13,18)); // Date - Pri - IP - UID - User - Code - Caller - Event - Info
+$col_titles = array('adminlog' => array(RL_LAN_019,RL_LAN_032,RL_LAN_020,RL_LAN_021,RL_LAN_022,RL_LAN_023,RL_LAN_025,RL_LAN_033),
+ 'auditlog' => array(RL_LAN_019,RL_LAN_020,RL_LAN_021,RL_LAN_022,RL_LAN_023,RL_LAN_025,RL_LAN_033),
+ 'rolllog' => array(RL_LAN_019,RL_LAN_032,RL_LAN_020,RL_LAN_021,RL_LAN_022,RL_LAN_023,RL_LAN_024,RL_LAN_025,RL_LAN_033));
+$col_fields = array('adminlog' => array('cf_datestring','dblog_type','dblog_ip','dblog_user_id','dblog_user_name','dblog_eventcode','dblog_title','dblog_remarks'),
+ 'auditlog' => array('cf_datestring','dblog_ip','dblog_user_id','dblog_user_name','dblog_eventcode','dblog_title','dblog_remarks'),
+ 'rolllog' => array('cf_datestring','dblog_type','dblog_ip','dblog_user_id','dblog_user_name','dblog_eventcode','dblog_caller','dblog_title','dblog_remarks'));
+
+
+
+// Check things
+ if ($start_time >= $end_time)
+ { // Make end time beginning of tomorrow
+ $tempdate = getdate();
+ $end_time = mktime(0,0,0,$tempdate['mon'],$tempdate['mday']+1,$tempdate['year']); // Seems odd, but mktime will work this out OK
+ // (or so the manual says)
+ }
+
+
+
+// Now work out the query - only use those filters which are displayed
+ $qry = '';
+ $and_array = array();
+ foreach ($active_filters[$action] as $fname=>$fpars)
+ {
+ switch ($fname)
+ {
+ case 'datetimes' :
+ if ($start_enabled && ($start_time > 0)) $and_array[] = "`dblog_datestamp` >= ".intval($start_time);
+ if ($end_enabled && ($end_time > 0)) $and_array[] = "`dblog_datestamp` <= ".intval($end_time);
+ break;
+ case 'ipfilter' :
+ if ($ipaddress_filter != "")
+ {
+ if (substr($ipaddress_filter,-1) == '*')
+ { // Wildcard to handle - mySQL uses %
+ $and_array[] = "`dblog_ip` LIKE '".substr($ipaddress_filter,0,-1)."%' ";
+ }
+ else
+ {
+ $and_array[] = "`dblog_ip`= '".$ipaddress_filter."' ";
+ }
+ }
+ break;
+ case 'userfilter' :
+ if ($user_filter != '') $and_array[] = "`dblog_user_id` = ".intval($user_filter);
+ break;
+ case 'eventfilter' :
+ if ($event_filter != '')
+ {
+ if (substr($event_filter,-1) == '*')
+ { // Wildcard to handle - mySQL uses %
+ $and_array[] = " `dblog_eventcode` LIKE '".substr($event_filter,0,-1)."%' ";
+ }
+ else
+ {
+ $and_array[] = "`dblog_eventcode`= '".$event_filter."' ";
+ }
+ }
+ break;
+ case 'callerfilter' :
+ if ($caller_filter != '')
+ {
+ if (substr($caller_filter,-1) == '*')
+ { // Wildcard to handle - mySQL uses %
+ $and_array[] = "`dblog_caller` LIKE '".substr($caller_filter,0,-1)."%' ";
+ }
+ else
+ {
+ $and_array[] = "`dblog_caller`= '".$caller_filter."' ";
+ }
+ }
+ break;
+ case 'priority' :
+ if (($pri_filter_val != "") && ($pri_filter_cond != "") && ($pri_filter_cond != "xx"))
+ {
+ switch ($pri_filter_cond)
+ {
+ case "lt" :
+ $and_array[] = "`dblog_type` <= '{$pri_filter_val}' ";
+ break;
+ case "eq" :
+ $and_array[] = "`dblog_type` = '{$pri_filter_val}' ";
+ break;
+ case "gt" :
+ $and_array[] = "`dblog_type` >= '{$pri_filter_val}' ";
+ break;
+ }
+ }
+ break;
+ }
+ }
+
+
+ if (count($and_array)) $qry = " WHERE ".implode(' AND ',$and_array);
+ $num_entry = $sql->db_Count($log_db_table[$action], "(*)", $qry);
+
+ if ($from > $num_entry) $from = 0; // We may be on a later page
+
+ $qry = "SELECT dbl.*,u.user_name FROM #".$log_db_table[$action]." AS dbl LEFT JOIN #user AS u ON dbl.dblog_user_id=u.user_id".$qry." ORDER BY {$sort_field} ".$sort_order." LIMIT {$from}, {$amount} ";
+// echo $qry.' ';
+
+
+// Start by putting up the filter boxes
+ $text = "
+
+
";
+
+
+// Next bit is the actual log display - the arrays define column widths, titles, fields etc for each log
+
+ $column_count = count($col_widths[$action]);
+ $text .= "
", $text);
+}
+
+
+function admin_log_adminmenu()
+{
+ if (e_QUERY) {
+ $tmp = explode(".", e_QUERY);
+ $action = $tmp[0];
+ }
+ if ($action == "") {
+ $action = "adminlog";
+ }
+ $var['adminlog']['text'] = RL_LAN_030;
+ $var['adminlog']['link'] = "admin_log.php?adminlog";
+
+ $var['auditlog']['text'] = RL_LAN_062;
+ $var['auditlog']['link'] = "admin_log.php?auditlog";
+
+ $var['rolllog']['text'] = RL_LAN_002;
+ $var['rolllog']['link'] = "admin_log.php?rolllog";
+
+ $var['config']['text'] = RL_LAN_027;
+ $var['config']['link'] ="admin_log.php?config";
+
+ show_admin_menu(RL_LAN_005, $action, $var);
+}
+
+
+require_once(e_ADMIN."footer.php");
+
+?>
\ No newline at end of file
diff --git a/e107_admin/administrator.php b/e107_admin/administrator.php
index aa85070a0..824ce93c1 100644
--- a/e107_admin/administrator.php
+++ b/e107_admin/administrator.php
@@ -11,9 +11,9 @@
| GNU General Public License (http://gnu.org).
|
| $Source: /cvs_backup/e107_0.8/e107_admin/administrator.php,v $
-| $Revision: 1.2 $
-| $Date: 2006-12-07 15:41:49 $
-| $Author: sweetas $
+| $Revision: 1.3 $
+| $Date: 2007-12-15 15:06:40 $
+| $Author: e107steved $
+----------------------------------------------------------------------------+
*/
require_once('../class2.php');
@@ -200,7 +200,7 @@ function edit_administrator($row){
$text .= checkb("E", $a_perms).ADMSLAN_30." "; // Configure news feed headlines
$text .= checkb("F", $a_perms).ADMSLAN_31." "; // Configure emoticons
$text .= checkb("G", $a_perms).ADMSLAN_32." "; // Configure front page content
- $text .= checkb("S", $a_perms).ADMSLAN_33." "; // Configure log/stats
+ $text .= checkb("S", $a_perms).ADMSLAN_33." "; // Configure system logs (previously log/stats - now plugin)
$text .= checkb("T", $a_perms).ADMSLAN_34." "; // Configure meta tags
$text .= checkb("V", $a_perms).ADMSLAN_35." "; // Configure public file uploads
$text .= checkb("X", $a_perms).ADMSLAN_66." "; // Configure Search
diff --git a/e107_handlers/admin_log_class.php b/e107_handlers/admin_log_class.php
index 3b2399892..90b0a81b7 100644
--- a/e107_handlers/admin_log_class.php
+++ b/e107_handlers/admin_log_class.php
@@ -12,8 +12,8 @@
| GNU General Public License (http://gnu.org).
|
| $Source: /cvs_backup/e107_0.8/e107_handlers/admin_log_class.php,v $
-| $Revision: 1.4 $
-| $Date: 2007-12-09 16:42:23 $
+| $Revision: 1.5 $
+| $Date: 2007-12-15 15:06:40 $
| $Author: e107steved $
To do:
@@ -59,13 +59,25 @@ class e_admin_log {
define("E_LOG_INFORMATIVE", 0); // Minimal Log Level, including really minor stuff
define("E_LOG_NOTICE", 1); // More important than informative, but less important than notice
define("E_LOG_WARNING", 2); // Not anything serious, but important information
- define("E_LOG_FATAL", 3); // An event so bad your site ceased execution.
+ define("E_LOG_FATAL", 3); // An event so bad your site ceased execution.
define("E_LOG_PLUGIN", 4); // Plugin information
// Logging actions
define("LOG_TO_ADMIN", 1);
define("LOG_TO_AUDIT", 2);
define("LOG_TO_ROLLING", 4);
+
+ // User audit logging (intentionally start at 10 - stick to 2 digits)
+ define('USER_AUDIT_ADMIN',10); // User data changed by admin
+ define('USER_AUDIT_SIGNUP',11); // User signed up
+ define('USER_AUDIT_EMAILACK',12); // User responded to registration email
+ define('USER_AUDIT_LOGIN',13); // User logged in
+ define('USER_AUDIT_LOGOUT',14); // User logged out
+ define('USER_AUDIT_NEW_DN',15); // User changed display name
+ define('USER_AUDIT_NEW_PW',16); // User changed password
+ define('USER_AUDIT_NEW_EML',17); // User changed email
+ define('USER_AUDIT_PW_RES',18); // Password reset
+ define('USER_AUDIT_NEW_SET',19); // User changed other settings (intentional gap in numbering)
}
/**
@@ -136,9 +148,8 @@ class e_admin_log {
$importance = $tp->toDB($importance,true,false,'no_html');
$eventcode = $tp->toDB($eventcode,true,false,'no_html');
- $explain = $tp->toDB($explain,true,false,'no_html');
+ $explain = mysql_real_escape_string($tp->toDB($explain,true,false,'no_html'));
$event_title = $tp->toDB($event_title,true,false,'no_html');
- $source_call = $tp->toDB($source_call,true,false,'no_html');
//---------------------------------------
@@ -146,7 +157,8 @@ class e_admin_log {
//---------------------------------------
if ($target_logs & LOG_TO_ADMIN)
{ // Admin log - assume all fields valid
- $this->rldb->db_Insert("dblog", " 0, ".intval($time_usec).','.intval($time_sec).", '{$importance}', '{$eventcode}', {$userid}, '{$userIP}', '{$event_title}', '{$explain}' ");
+ $qry = " 0, ".intval($time_sec).','.intval($time_usec).", '{$importance}', '{$eventcode}', {$userid}, '{$userIP}', '{$event_title}', '{$explain}' ";
+ $this->rldb->db_Insert("dblog",$qry);
}
@@ -177,10 +189,10 @@ class e_admin_log {
}
- if (is_array($source_call))
- { // Print the debug_backtrace() array
- while ($i < $back_count)
- {
+ if (is_array($source_call))
+ { // Print the debug_backtrace() array
+ while ($i < $back_count)
+ {
$source_call[$i]['file'] = $e107->fix_windows_paths($source_call[$i]['file']); // Needed for Windoze hosts.
$source_call[$i]['file'] = str_replace($e107->file_path,"",$source_call[$i]['file']); // We really just want a e107 root-relative path. Strip out the root bit
$tmp = $source_call[$i]['file']."|".$source_call[$i]['class'].$source_call[$i]['type'].$source_call[$i]['function']."@".$source_call[$i]['line'];
@@ -191,14 +203,15 @@ class e_admin_log {
$i++;
if ($i < $back_count) $explain .= " -------------------";
if (!isset($tmp1)) $tmp1 = $tmp; // Pick off the immediate caller as the source
- }
- if (isset($tmp1)) $source_call = $tmp1; else $source_call = 'Root level';
- }
- else
- {
- $source_call = $e107->fix_windows_paths($source_call); // Needed for Windoze hosts.
- $source_call = str_replace($e107->file_path,"",$source_call); // We really just want a e107 root-relative path. Strip out the root bit
}
+ if (isset($tmp1)) $source_call = $tmp1; else $source_call = 'Root level';
+ }
+ else
+ {
+ $source_call = $e107->fix_windows_paths($source_call); // Needed for Windoze hosts.
+ $source_call = str_replace($e107->file_path,"",$source_call); // We really just want a e107 root-relative path. Strip out the root bit
+ $source_call = $tp->toDB($source_call,true,false,'no_html');
+ }
// else $source_call is a string
// Save new rolling log record
@@ -212,6 +225,40 @@ class e_admin_log {
}
+//--------------------------------------
+// USER AUDIT ENTRY
+//--------------------------------------
+// $event_code is a defined constant (see above) which specifies the event
+// $event_data is an array of data fields whose keys and values are logged (usually user data, but doesn't have to be - can add messages here)
+// $id and $u_name are left blank except for admin edits and user login, where they specify the id and login name of the 'target' user
+ function user_audit($event_type, $event_data, $id = '', $u_name = '')
+ {
+ global $e107, $tp;
+ list($time_usec, $time_sec) = explode(" ", microtime()); // Log event time immediately to minimise uncertainty
+
+ // See whether we should log this
+ $user_logging_opts = array_flip(explode(',',varset($pref['user_audit_opts'],'')));
+ if (!isset($user_logging_opts[$event_type])) return; // Finished if not set to log this event type
+
+
+ if ($this->rldb == NULL) $this->rldb = new db; // Better use our own db - don't know what else is going on
+
+ if ($id) $userid = $id; else $userid = (USER === TRUE) ? USERID : 0;
+ if ($u_name) $userstring = $u_name; else $userstring = ( USER === true ? USERNAME : "LAN_ANONYMOUS");
+ $userIP = $e107->getip();
+ $eventcode = 'USER_'.$event_type;
+
+ $title = 'LAN_AUDIT_LOG_0'.$event_type; // This creates a string which will be displayed as a constant
+ $spacer = '';
+ $detail = '';
+ foreach ($event_data as $k => $v)
+ {
+ $detail .= $spacer.$k.'=>'.$v;
+ $spacer = ' ';
+ }
+ $this->rldb->db_Insert("audit_log","0, ".intval($time_sec).', '.intval($time_usec).", '{$eventcode}', {$userid}, '{$userstring}', '{$userIP}', '{$title}', '{$detail}' ");
+ }
+
function get_log_events($count = 15, $offset)
{
diff --git a/e107_handlers/login.php b/e107_handlers/login.php
index f9eb2fe70..8bd534214 100644
--- a/e107_handlers/login.php
+++ b/e107_handlers/login.php
@@ -12,8 +12,8 @@
| GNU General Public License (http://gnu.org).
|
| $Source: /cvs_backup/e107_0.8/e107_handlers/login.php,v $
-| $Revision: 1.8 $
-| $Date: 2007-12-09 16:42:23 $
+| $Revision: 1.9 $
+| $Date: 2007-12-15 15:06:40 $
| $Author: e107steved $
+----------------------------------------------------------------------------+
*/
@@ -105,48 +105,79 @@ class userlogin {
else
{ // User is OK as far as core is concerned
// $admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","User login",'User passed basics',FALSE,LOG_TO_ROLLING);
- $ret = $e_event->trigger("preuserlogin", $username);
- if ($ret!='')
+ $ret = $e_event->trigger("preuserlogin", $username);
+ if ($ret!='')
+ {
+ define("LOGINMESSAGE", $ret."
");
+ return FALSE;
+ }
+ else
+ { // Trigger events happy as well
+ $lode = $sql -> db_Fetch(); // Get user info
+ $user_id = $lode['user_id'];
+ $user_name = $lode['user_name'];
+ $user_xup = $lode['user_xup'];
+
+ /* restrict more than one person logging in using same us/pw */
+ if($pref['disallowMultiLogin'])
{
- define("LOGINMESSAGE", $ret."
");
+ $sql -> db_Insert("generic", "0, 'failed_login', '".time()."', 0, '$fip', '$user_id', '".LAN_LOGIN_16." ::: ".LAN_LOGIN_1.": ".$tp -> toDB($username).", ".LAN_LOGIN_17.": ".md5($ouserpass)."' ");
+ $this -> checkibr($fip);
return FALSE;
- }
- else
- { // Trigger events happy as well
- $lode = $sql -> db_Fetch(); // Get user info
- $user_id = $lode['user_id'];
- $user_name = $lode['user_name'];
- $user_xup = $lode['user_xup'];
+ }
+ }
- /* restrict more than one person logging in using same us/pw */
- if($pref['disallowMultiLogin'])
+ $cookieval = $user_id.".".md5($userpass);
+ if($user_xup)
+ {
+ $this->update_xup($user_id, $user_xup);
+ }
+
+ if ($pref['user_tracking'] == "session")
+ {
+ $_SESSION[$pref['cookie_name']] = $cookieval;
+ }
+ else
+ {
+ if ($autologin == 1)
{
- if($sql -> db_Select("online", "online_ip", "online_user_id='".$user_id.".".$user_name."'"))
- {
- define("LOGINMESSAGE", LAN_304."
");
- $sql -> db_Insert("generic", "0, 'failed_login', '".time()."', 0, '$fip', '$user_id', '".LAN_LOGIN_16." ::: ".LAN_LOGIN_1.": ".$tp -> toDB($username).", ".LAN_LOGIN_17.": ".md5($ouserpass)."' ");
- $this -> checkibr($fip);
- return FALSE;
- }
+ cookie($pref['cookie_name'], $cookieval, (time() + 3600 * 24 * 30));
+ }
+ else
+ {
+ cookie($pref['cookie_name'], $cookieval);
}
+ }
+
+ // User login definitely accepted here
- $cookieval = $user_id.".".md5($userpass);
- if($user_xup) {
- $this->update_xup($user_id, $user_xup);
- }
- if ($pref['user_tracking'] == "session") {
- $_SESSION[$pref['cookie_name']] = $cookieval;
- } else {
- if ($autologin == 1) {
- cookie($pref['cookie_name'], $cookieval, (time() + 3600 * 24 * 30));
- } else {
- cookie($pref['cookie_name'], $cookieval);
- }
+ // Calculate class membership - needed for a couple of things
+ $class_list = explode(',',$lode['user_class']);
+ if ($lode['user_admin'] && strlen($lode['user_perms']))
+ {
+ $class_list[] = e_UC_ADMIN;
+ if (strpos($lode['user_perms'],'0') === 0)
+ {
+ $class_list[] = e_UC_MAINADMIN;
}
- $edata_li = array("user_id" => $user_id, "user_name" => $username);
- $e_event->trigger("login", $edata_li);
- $redir = (e_QUERY ? e_SELF."?".e_QUERY : e_SELF);
+ }
+ $class_list[] = e_UC_MEMBER;
+ $class_list[] = e_UC_PUBLIC;
+
+ $user_logging_opts = array_flip(explode(',',varset($pref['user_audit_opts'],'')));
+ if (isset($user_logging_opts[USER_AUDIT_LOGIN]) && in_array(varset($pref['user_audit_class'],''),$class_list))
+ { // Need to note in user audit trail
+ $admin_log->user_audit(USER_AUDIT_LOGIN,'', $user_id,$user_name);
+ }
+
+ $edata_li = array("user_id" => $user_id, "user_name" => $username);
+ $e_event->trigger("login", $edata_li);
+ $redir = (e_QUERY ? e_SELF."?".e_QUERY : e_SELF);
+
if (isset($pref['frontpage_force']) && is_array($pref['frontpage_force']))
@@ -155,17 +186,6 @@ class userlogin {
$lode['user_perms'] = trim($lode['user_perms']);
// $log_info = "New user: ".$lode['user_name']." Class: ".$lode['user_class']." Admin: ".$lode['user_admin']." Perms: ".$lode['user_perms'];
// $admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","Login Start",$log_info,FALSE,FALSE);
- $class_list = explode(',',$lode['user_class']);
- if ($lode['user_admin'] && strlen($lode['user_perms']))
- {
- $class_list[] = e_UC_ADMIN;
- if (('0'==$lode['user_perms']) || ('0.' == $lode['user_perms']))
- {
- $class_list[] = e_UC_MAINADMIN;
- }
- }
- $class_list[] = e_UC_MEMBER;
- $class_list[] = e_UC_PUBLIC;
// $admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","New User class",implode(',',$class_list),FALSE,FALSE);
foreach ($pref['frontpage_force'] as $fk=>$fp)
{
diff --git a/e107_languages/English/admin/lan_admin.php b/e107_languages/English/admin/lan_admin.php
index 197289bce..df336035e 100644
--- a/e107_languages/English/admin/lan_admin.php
+++ b/e107_languages/English/admin/lan_admin.php
@@ -4,8 +4,8 @@
| e107 website system - Language File.
|
| $Source: /cvs_backup/e107_0.8/e107_languages/English/admin/lan_admin.php,v $
-| $Revision: 1.5 $
-| $Date: 2007-07-03 19:22:08 $
+| $Revision: 1.6 $
+| $Date: 2007-12-15 15:06:40 $
| $Author: e107steved $
+----------------------------------------------------------------------------+
*/
@@ -175,6 +175,9 @@ define("ADLAN_152", "Enter Code");
define("ADLAN_153", "Administration Area");
define('ADLAN_154', "Error contacting Sourceforge to check for new version");
+define('ADLAN_155', 'System Logs');
+define('ADLAN_156', 'Admin log, user audit, rolling log');
+
define('ADLAN_CL_1', 'Settings');
define('ADLAN_CL_2', 'Users');
define('ADLAN_CL_3', 'Content');
@@ -255,7 +258,6 @@ define("LAN_INACTIVE","Inactive");
define("LAN_BAN","Ban");
define("LAN_RATING", "Rating");
-define("LAN_UPLOAD", "Upload");
define("LAN_UPLOAD_IMAGES","Upload Images");
define("LAN_UPLOAD_FILES","Upload Files");
define("LAN_UPLOAD_ADDFILE","Add Another File");
diff --git a/e107_languages/English/admin/lan_admin_log.php b/e107_languages/English/admin/lan_admin_log.php
index 0ed7cb9c9..11717c221 100644
--- a/e107_languages/English/admin/lan_admin_log.php
+++ b/e107_languages/English/admin/lan_admin_log.php
@@ -1,27 +1,71 @@
\ No newline at end of file
diff --git a/e107_languages/English/admin/lan_administrator.php b/e107_languages/English/admin/lan_administrator.php
index fbf57b169..470b8e0d1 100644
--- a/e107_languages/English/admin/lan_administrator.php
+++ b/e107_languages/English/admin/lan_administrator.php
@@ -4,9 +4,9 @@
| e107 website system - Language File.
|
| $Source: /cvs_backup/e107_0.8/e107_languages/English/admin/lan_administrator.php,v $
-| $Revision: 1.1.1.1 $
-| $Date: 2006-12-02 04:34:40 $
-| $Author: mcfly_e107 $
+| $Revision: 1.2 $
+| $Date: 2007-12-15 15:06:40 $
+| $Author: e107steved $
+----------------------------------------------------------------------------+
*/
define("ADMSLAN_0", "New user/admin entry created for");
@@ -37,7 +37,7 @@ define("ADMSLAN_29", "Manage banners");
define("ADMSLAN_30", "Configure news feed headlines");
define("ADMSLAN_31", "Configure emoticons");
define("ADMSLAN_32", "Configure front page content");
-define("ADMSLAN_33", "Configure log/stats");
+define("ADMSLAN_33", "Configure system logging");
define("ADMSLAN_34", "Configure meta tags");
define("ADMSLAN_35", "Configure public file uploads");
define("ADMSLAN_36", "Configure Image Settings");
diff --git a/e107_languages/English/lan_fpw.php b/e107_languages/English/lan_fpw.php
index a0d058882..0aa13afad 100644
--- a/e107_languages/English/lan_fpw.php
+++ b/e107_languages/English/lan_fpw.php
@@ -4,9 +4,9 @@
| e107 website system - Language File.
|
| $Source: /cvs_backup/e107_0.8/e107_languages/English/lan_fpw.php,v $
-| $Revision: 1.2 $
-| $Date: 2007-12-13 01:01:35 $
-| $Author: e107coders $
+| $Revision: 1.3 $
+| $Date: 2007-12-15 15:06:40 $
+| $Author: e107steved $
+----------------------------------------------------------------------------+
*/
define("PAGE_NAME", "Password Reset");
@@ -18,7 +18,7 @@ define("LAN_06", "Attempted password reset");
define("LAN_07", "Someone with IP address ");
define("LAN_08", "attempted to reset the main admin password.");
define("LAN_09", "Password reset from ");
-define("LAN_112", "Email address used when signing up");
+define("LAN_112", 'Email address registered on this site');
define("LAN_156", "Submit");
define("LAN_213", "That username/email address was not found in database.");
define("LAN_214", "Unable to reset password");
@@ -44,5 +44,11 @@ define("LAN_FPW14", "has been submitted by someone with the IP of");
define("LAN_FPW15", "This does not mean your password has yet been reset. You must navigate to the link shown below to complete the reset process.");
define("LAN_FPW16", "If you did not request to have your password reset and you do NOT want it reset, you may simply ignore this email");
define("LAN_FPW17", "The link below will be valid for 48 hours.");
+define('LAN_FPW18','Password reset requested');
+define('LAN_FPW19','Email send failed');
+define('LAN_FPW20','Email send succeeded');
+define('LAN_FPW21','User clicked on password reset link');
+define('LAN_FPW22','');
+
?>
\ No newline at end of file
diff --git a/e107_languages/English/lan_signup.php b/e107_languages/English/lan_signup.php
index c1d55490f..1d431bb97 100644
--- a/e107_languages/English/lan_signup.php
+++ b/e107_languages/English/lan_signup.php
@@ -4,8 +4,8 @@
| e107 website system - Language File.
|
| $Source: /cvs_backup/e107_0.8/e107_languages/English/lan_signup.php,v $
-| $Revision: 1.9 $
-| $Date: 2007-11-11 21:52:37 $
+| $Revision: 1.10 $
+| $Date: 2007-12-15 15:06:40 $
| $Author: e107steved $
+----------------------------------------------------------------------------+
*/
@@ -44,6 +44,18 @@ define("LAN_405", "This stage of registration is complete. You will receive a co
define("LAN_406", "Thank you!");
define("LAN_407", "Please keep this email for your own information. Your password has been encrypted and cannot be retrieved if you misplace or forget it. You can however request a new password if this happens.\n\nThanks for your registration.\n\nFrom");
define("LAN_408", "A user with that email address already exists. Please use the 'forgot password' screen to retrieve your password.");
+
+define("LAN_409", "Invalid characters in username");
+define("LAN_410", "Enter code visible in the image");
+define("LAN_411", "That display name already exists in the database, please choose a different display name");
+
+
+define("LAN_EMAIL_01", "Dear");
+define("LAN_EMAIL_04", "Please keep this email for your own information.");
+define("LAN_EMAIL_05", "Your password has been encrypted and cannot be retrieved if you misplace or forget it. You can however request a new password if this happens.");
+define("LAN_EMAIL_06", "Thanks for your registration.");
+
+
define("LAN_SIGNUP_1", "Min.");
define("LAN_SIGNUP_2", "chars.");
define("LAN_SIGNUP_3", "Code verification failed.");
@@ -55,12 +67,6 @@ define("LAN_SIGNUP_8", "Thank you!");
define("LAN_SIGNUP_9", "Unable to proceed.");
define("LAN_SIGNUP_10", "Yes");
define("LAN_SIGNUP_11", ".");
-
-define("LAN_409", "Invalid characters in username");
-define("LAN_410", "Enter code visible in the image");
-define("LAN_411", "That display name already exists in the database, please choose a different display name");
-
-
define("LAN_SIGNUP_12", "please keep your username and password written down in a safe place as if lost they cannot be retrieved.");
define("LAN_SIGNUP_13", "You can now log in from the Login box, or from here.");
define("LAN_SIGNUP_14", "here");
@@ -80,27 +86,15 @@ define("LAN_SIGNUP_27", "Show");
define("LAN_SIGNUP_28", "choice of Content/Mail-lists");
define("LAN_SIGNUP_29", "A verification email will be sent to the email address you enter here so it must be valid.");
define("LAN_SIGNUP_30", "If you do not wish to display your email address on this site, please tick the 'hide email address' box.");
-
define("LAN_SIGNUP_31", "URL to your XUP file");
define("LAN_SIGNUP_32", "What's an XUP file?");
define("LAN_SIGNUP_33", "Type path or choose avatar");
define("LAN_SIGNUP_34", "Please note: Any image uploaded to this server that is deemed inappropriate by the administrators will be deleted immediately.");
define("LAN_SIGNUP_35", "Click here to register using an XUP file");
define("LAN_SIGNUP_36", "An error has occurred creating your user information, please contact the site admin");
-
-define("LAN_LOGINNAME", "Username");
-define("LAN_PASSWORD", "Password");
-define("LAN_USERNAME", "Display Name");
-define("LAN_EMAIL_01", "Dear");
-define("LAN_EMAIL_04", "Please keep this email for your own information.");
-define("LAN_EMAIL_05", "Your password has been encrypted and cannot be retrieved if you misplace or forget it. You can however request a new password if this happens.");
-define("LAN_EMAIL_06", "Thanks for your registration.");
-
define("LAN_SIGNUP_37", "This stage of registration is complete. The site admin will need to approve your membership. Once this has been done you will receive a confirmation email alerting you that your membership has been approved.");
define("LAN_SIGNUP_38", "You entered two different email addresses. Please enter a valid email address in the two fields provided");
define("LAN_SIGNUP_39", "Re-type Email Address:");
-
-// 0.7.6
define("LAN_SIGNUP_40", "Activation not necessary");
define("LAN_SIGNUP_41", "Your account is already activated.");
define("LAN_SIGNUP_42", "There was a problem, the registration mail was not sent, please contact the website administrator.");
@@ -120,6 +114,21 @@ define("LAN_SIGNUP_56", "That display name is too short. Please choose another")
define("LAN_SIGNUP_57", "That login name is too long. Please choose another");
define("LAN_SIGNUP_58", "Signup Preview");
define("LAN_SIGNUP_59","**** If the link doesn't work, please check that part of it has not overflowed onto the next line. ****");
+define('LAN_SIGNUP_60','Signup email resend requested');
+define('LAN_SIGNUP_61','Send succeeded');
+define('LAN_SIGNUP_62','Send failed');
+define('LAN_SIGNUP_63','Password reset email resent requested');
+define('LAN_SIGNUP_64','');
+define('LAN_SIGNUP_65','');
+define('LAN_SIGNUP_66','');
+define('LAN_SIGNUP_67','');
+define('LAN_SIGNUP_68','');
+define('LAN_SIGNUP_69','');
+define('LAN_SIGNUP_70','');
+
+define("LAN_LOGINNAME", "Username");
+define("LAN_PASSWORD", "Password");
+define("LAN_USERNAME", "Display Name");
?>
diff --git a/e107_languages/English/lan_usersettings.php b/e107_languages/English/lan_usersettings.php
index 052215bf7..3bcad1173 100644
--- a/e107_languages/English/lan_usersettings.php
+++ b/e107_languages/English/lan_usersettings.php
@@ -4,8 +4,8 @@
| e107 website system - Language File.
|
| $Source: /cvs_backup/e107_0.8/e107_languages/English/lan_usersettings.php,v $
-| $Revision: 1.9 $
-| $Date: 2007-08-16 19:19:43 $
+| $Revision: 1.10 $
+| $Date: 2007-12-15 15:06:40 $
| $Author: e107steved $
+----------------------------------------------------------------------------+
*/
@@ -82,10 +82,6 @@ define("LAN_SIGNUP_5", " characters long.");
define("LAN_SIGNUP_6", "Your ");
define("LAN_SIGNUP_7", " is required");
-define("LAN_USET_1", "Your avatar is too wide");
-define("LAN_USET_2", "Maximum allowable width is");
-define("LAN_USET_3", "Your avatar is too high");
-define("LAN_USET_4", "Maximum allowable height is");
// v.616
define("LAN_CUSTOMTITLE", "Custom Title");
@@ -99,6 +95,10 @@ define("MAX_AVHEIGHT", " x ");
define("RESIZE_NOT_SUPPORTED", "Resize method not supported by this server. Please resize image or choose another. File has been deleted.");
// v0.7
+define("LAN_USET_1", "Your avatar is too wide");
+define("LAN_USET_2", "Maximum allowable width is");
+define("LAN_USET_3", "Your avatar is too high");
+define("LAN_USET_4", "Maximum allowable height is");
define("LAN_USET_5", "Subscribed to");
define("LAN_USET_6", "Subscribe to our mailing-list(s) and/or sections of this site.");
define("LAN_USET_7", "Miscellaneous");
@@ -112,5 +112,8 @@ define("LAN_USET_14", "Login name too long. Please choose another");
define("LAN_USET_15", "Display name too long. Please choose another");
define("LAN_USET_16", "Tick box to delete existing photo without uploading another");
define("LAN_USET_17", "Display name already used. Please choose another");
+define('LAN_USET_18', 'User data changed by admin: --ID--, login name: --LOGNAME--');
+define('LAN_USET_19', '');
+define('LAN_USET_20', '');
?>
\ No newline at end of file
diff --git a/fpw.php b/fpw.php
index 57c3488f6..dc66f13fa 100644
--- a/fpw.php
+++ b/fpw.php
@@ -11,9 +11,9 @@
| GNU General Public License (http://gnu.org).
|
| $Source: /cvs_backup/e107_0.8/fpw.php,v $
-| $Revision: 1.3 $
-| $Date: 2007-12-13 01:01:35 $
-| $Author: e107coders $
+| $Revision: 1.4 $
+| $Date: 2007-12-15 15:06:40 $
+| $Author: e107steved $
+----------------------------------------------------------------------------+
*/
require_once("class2.php");
@@ -58,14 +58,18 @@ function fpw_error($txt) {
exit;
}
-//the seperator character used
+//the separator character used
$fpw_sep = "#";
-if (e_QUERY) {
+
+
+if (e_QUERY)
+{ // User has clicked on link to reset password
define("FPW_ACTIVE","TRUE");
$tmp = explode($fpw_sep, e_QUERY);
$tmpinfo = preg_replace("#[\W_]#", "", $tp -> toDB($tmp[0], true));
- if ($sql->db_Select("tmp", "*", "tmp_info LIKE '%{$fpw_sep}{$tmpinfo}' ")) {
+ if ($sql->db_Select("tmp", "*", "tmp_info LIKE '%{$fpw_sep}{$tmpinfo}' "))
+ {
$row = $sql->db_Fetch();
extract($row);
$sql->db_Delete("tmp", "tmp_info LIKE '%{$fpw_sep}{$tmpinfo}' ");
@@ -76,8 +80,15 @@ if (e_QUERY) {
}
$mdnewpw = md5($newpw);
+ // Details for admin log
+ $do_log['password_action'] = LAN_FPW21;
+ $do_log['user_name'] = $tp -> toDB($username, true);
+ $do_log['activation_code'] = $tmpinfo;
+ $do_log['user_password'] = $mdnewpw;
+ $admin_log->user_audit(USER_AUDIT_PW_RES,$do_log,0,$do_log['user_name']);
+
list($username, $md5) = explode($fpw_sep, $tmp_info);
- $sql->db_Update("user", "user_password='$mdnewpw', user_viewed='' WHERE user_name='".$tp -> toDB($username, true)."' ");
+ $sql->db_Update("user", "user_password='{$mdnewpw}', user_viewed='' WHERE user_name='".$tp -> toDB($username, true)."' ");
cookie($pref['cookie_name'], "", (time()-2592000));
$_SESSION[$pref['cookie_name']] = "";
@@ -94,11 +105,16 @@ if (e_QUERY) {
}
}
-if (isset($_POST['pwsubmit'])) {
+
+// Request to reset password
+//--------------------------
+if (isset($_POST['pwsubmit']))
+{
require_once(e_HANDLER."mail.php");
$email = $_POST['email'];
- if ($pref['fpwcode'] && extension_loaded("gd")) {
+ if ($pref['fpwcode'] && extension_loaded("gd"))
+ {
if (!$sec_img->verify_code($_POST['rand_num'], $_POST['code_verify'])) {
fpw_error(LAN_FPW3);
}
@@ -110,19 +126,22 @@ if (isset($_POST['pwsubmit'])) {
// Allow admins to remove 'username' from fpw_template.php if they wish.
$query .= (isset($_POST['username'])) ? " AND user_loginname='{$clean_username}'" : "";
- if ($sql->db_Select("user", "*", $query)) {
+ if ($sql->db_Select("user", "*", $query))
+ {
$row = $sql->db_Fetch();
- extract($row);
+ extract($row);
- if ($user_admin == 1 && $user_perms == "0") {
+ if ($user_admin == 1 && $user_perms == "0")
+ { // Main admin expected to be competent enough to never forget password! (And its a security check - so warn them)
sendemail($pref['siteadminemail'], LAN_06, LAN_07."".$e107->getip()." ".LAN_08);
echo "\n";
die();
}
- if ($sql->db_Select("tmp", "*", "tmp_ip = 'pwreset' AND tmp_info LIKE '{$user_name}{$fpw_sep}%'")) {
- fpw_error(LAN_FPW4);
- exit;
+ if ($sql->db_Select("tmp", "*", "tmp_ip = 'pwreset' AND tmp_info LIKE '{$user_name}{$fpw_sep}%'"))
+ {
+ fpw_error(LAN_FPW4);
+ exit;
}
mt_srand ((double)microtime() * 1000000);
@@ -139,17 +158,30 @@ if (isset($_POST['pwsubmit'])) {
//Set timestamp two days ahead so it doesn't get auto-deleted
$sql->db_Insert("tmp", "'pwreset',{$deltime},'{$user_name}{$fpw_sep}{$rcode}'");
+ $do_log['password_action'] = LAN_FPW18;
+ $do_log['user_id'] = $row['user_id'];
+ $do_log['user_name'] = $row['user_name'];
+ $do_log['user_loginname'] = $row['user_loginname'];
+ $do_log['activation_code'] = $rcode;
- if (sendemail($_POST['email'], "".LAN_09."".SITENAME, $message)) {
- $text = "
");
- require_once(FOOTERF);
- exit;
+ $do_log['signup_result'] = LAN_SIGNUP_61;
}
+ // Now log this (log will ignore if its disabled)
+ $admin_log->user_audit(USER_AUDIT_PW_RES,$do_log,$row['user_id'],$row['user_name']);
+ require_once(FOOTERF);
+ exit;
}
require_once(e_HANDLER."message_handler.php");
@@ -284,7 +283,7 @@ if (e_QUERY)
if ($qs[0] == "activate" && (count($qs) == 3 || count($qs) == 4) && $qs[2])
{
// return the message in the correct language.
- if($qs[3] && strlen($qs[3]) == 2 )
+ if(isset($qs[3]) && strlen($qs[3]) == 2 )
{
require_once(e_HANDLER."language_class.php");
$lng = new language;
@@ -321,6 +320,10 @@ if (e_QUERY)
}
}
$sql->db_Update("user", "user_ban='0', user_sess=''{$init_classes} WHERE user_sess='".$tp -> toDB($qs[2], true)."' ");
+
+ // Log to user audit log if enabled
+ $admin_log->user_audit(USER_AUDIT_EMAILACK,$row);
+
$e_event->trigger("userveri", $row);
require_once(HEADERF);
$text = LAN_401." ".LAN_SIGNUP_22." ".LAN_SIGNUP_23." ".LAN_SIGNUP_24." ".SITENAME;
@@ -688,6 +691,17 @@ global $db_debug;
$u_key = md5(uniqid(rand(), 1));
// ************* Possible class insert
$nid = $sql->db_Insert("user", "0, '{$username}', '{$loginname}', '', '".md5($_POST['password1'])."', '{$u_key}', '".$tp -> toDB($_POST['email'])."', '".$tp -> toDB($_POST['signature'])."', '".$tp -> toDB($_POST['image'])."', '".$tp -> toDB($_POST['timezone'])."', '".$tp -> toDB($_POST['hideemail'])."', '".$time."', '0', '".$time."', '0', '0', '0', '0', '".$ip."', '2', '0', '', '', '0', '0', '".$tp -> toDB($_POST['realname'])."', '', '', '', '0', '".$tp -> toDB($_POST['xupexist'])."' ");
+
+ // Log to user audit log if enabled
+ $admin_log->user_audit(USER_AUDIT_SIGNUP,array(
+ 'user_id' => $nid,
+ 'user_name' => $username,
+ 'user_loginname' => $loginname,
+ 'user_email' => $tp -> toDB($_POST['email']),
+ 'user_realname' => $tp -> toDB($_POST['realname']),
+ 'signup_key' => $u_key
+ ));
+
if(!$nid)
{
require_once(HEADERF);
diff --git a/usersettings.php b/usersettings.php
index 1de988c83..8459da8c9 100644
--- a/usersettings.php
+++ b/usersettings.php
@@ -11,12 +11,39 @@
| GNU General Public License (http://gnu.org).
|
| $Source: /cvs_backup/e107_0.8/usersettings.php,v $
-| $Revision: 1.17 $
-| $Date: 2007-12-09 22:38:27 $
+| $Revision: 1.18 $
+| $Date: 2007-12-15 15:06:40 $
| $Author: e107steved $
+
+Mods to give a uniform interface.
+
+
+To do:
+1. Check that photo can be updated/deleted OK
+3. Make sure all $_POST values go through $tp->toDB - currently display name, login name don't - that's the way it was
+4. Make sure displayname and loginname kept in sync where not permitted to be different
+5. Check whether customtitle needs a special look to obey an option - currently updated in two places; check which is required
+6. XUP update - there's a bit of code which calls userlogin::update_xup() which looks relevant - BUT:
+ a) It allows update of user_login field
+ b) Possible error on {EMAILHIDE} - should it be {$EMAILHIDE} ?
+ c) That code will update the user record regardless of whether there are values in the XUP file - so could become null
+7. When restoring $_POST values after an error (just before display) they should all have been vetted - should be done, but double check
+8. Check the use of 'class' around line 190 - if left, the message doesn't make total sense. Not sure the feature makes sense anyway.
+9. No means of retaining name of photo file through an error?
+10. Can get editable classes from the userclass object in 0.8
+11. Check its acceptable to, on the whole, not update a field which is empty but for which $_POST[] value exists
+12. Run through list of fields in DB; make sure all can be updated where needed
+14. Add admin log entry for when admin changing data
+15. Check class memberships - possible that main admin made a member of all (may be an inherited userclass issue)
+
+Notes:
+$pref['forum_user_customtitle'] - used and saved in central record; set in forum interface
+Uses $udata initially, later curVal to hold current user data
+----------------------------------------------------------------------------+
*/
+//echo "Starting usersettings ";
+
require_once("class2.php");
require_once(e_HANDLER."ren_help.php");
require_once(e_HANDLER."user_extended_class.php");
@@ -24,8 +51,11 @@ $ue = new e107_user_extended;
//define("US_DEBUG",TRUE);
define("US_DEBUG",FALSE);
+//echo "Loaded includes ";
+/*
+These links look redundant
if (isset($_POST['sub_news']))
{
header("location:".e_BASE."submitnews.php");
@@ -51,26 +81,30 @@ if (isset($_POST['sub_review'])) {
header("location:".e_BASE."subcontent.php?review");
exit;
}
+*/
-if (!USER) {
- header("location:".e_BASE."index.php");
- exit;
+
+if (!USER)
+{ // Must be logged in to change settings
+ header("location:".e_BASE."index.php");
+ exit;
}
-if (!ADMIN && e_QUERY && e_QUERY != "update") {
- header("location:".e_BASE."usersettings.php");
- exit;
+if (!ADMIN && e_QUERY && e_QUERY != "update")
+{
+ header("location:".e_BASE."usersettings.php");
+ exit;
}
require_once(e_HANDLER."ren_help.php");
if(is_readable(THEME."usersettings_template.php"))
{
- include_once(THEME."usersettings_template.php");
+ include_once(THEME."usersettings_template.php");
}
else
{
- include_once(e_THEME."templates/usersettings_template.php");
+ include_once(e_THEME."templates/usersettings_template.php");
}
include_once(e_FILE."shortcode/batch/usersettings_shortcodes.php");
@@ -80,27 +114,29 @@ $_uid = is_numeric(e_QUERY) ? intval(e_QUERY) : "";
$sesschange = ''; // Notice removal
$photo_to_delete = '';
$avatar_to_delete = '';
+$changed_user_data = array();
require_once(HEADERF);
-// Save user settings (whether or not changed)
-//---------------------------------------------
+// Save user settings (changes only)
+//-----------------------------------
$error = "";
if (isset($_POST['updatesettings']))
{
if(!varsettrue($pref['auth_method']) || $pref['auth_method'] == '>e107')
{
- $pref['auth_method'] = 'e107';
+ $pref['auth_method'] = 'e107';
}
if($pref['auth_method'] != 'e107')
{
- $_POST['password1'] = '';
- $_POST['password2'] = '';
+ $_POST['password1'] = '';
+ $_POST['password2'] = '';
}
+
if ($_uid && ADMIN)
{ // Admin logged in and editing another user's settings - so editing a different ID
$inp = $_uid;
@@ -112,31 +148,59 @@ if (isset($_POST['updatesettings']))
}
+ $udata = get_user_data($inp); // Get all the existing user data, including any extended fields
+ $peer = ($inp == USERID ? false : true);
+
+
+
+
// Check external avatar
- $_POST['image'] = str_replace(array('\'', '"', '(', ')'), '', $_POST['image']); // these are invalid anyway, so why allow them? (XSS Fix)
- if ($_POST['image'] && $size = getimagesize($_POST['image'])) {
+ if ($_POST['image'])
+ {
+ $_POST['image'] = str_replace(array('\'', '"', '(', ')'), '', $_POST['image']); // these are invalid anyway, so why allow them? (XSS Fix)
+ if ($size = getimagesize($_POST['image']))
+ {
$avwidth = $size[0];
$avheight = $size[1];
$avmsg = "";
- $pref['im_width'] = ($pref['im_width']) ? $pref['im_width'] : 120;
- $pref['im_height'] = ($pref['im_height']) ? $pref['im_height'] : 100;
- if ($avwidth > $pref['im_width']) {
- $avmsg .= LAN_USET_1." ($avwidth) ".LAN_USET_2.": {$pref['im_width']}
![".LAN_ADMINLOG_6."](".e_IMAGE_ABS."packs/".$imode."/admin_images/docs_16.png "\".LAN_ADMINLOG_7.\"")
";
- break;
- case E_LOG_NOTICE:
- return "![".LAN_ADMINLOG_8."](".e_IMAGE_ABS."packs/".$imode."/admin_images/notice_16.png "\".LAN_ADMINLOG_9.\"")
";
- break;
- case E_LOG_WARNING:
- return "![".LAN_ADMINLOG_10."](".e_IMAGE_ABS."packs/".$imode."/admin_images/blocked.png "\".LAN_ADMINLOG_11.\"")
";
- break;
- case E_LOG_FATAL:
- return "![".LAN_ADMINLOG_12."](".e_IMAGE_ABS."packs/".$imode."/admin_images/nopreview.png "\".LAN_ADMINLOG_13.\"")
";
- break;
- case E_LOG_PLUGIN;
- return "![".LAN_ADMINLOG_6."](".e_IMAGE_ABS."packs/".$imode."/admin_images/plugins_16.png "\".LAN_ADMINLOG_6.\"")
";
- break;
+$action = varset($qs[0],'adminlog');
+
+include_lan(e_LANGUAGEDIR.e_LANGUAGE.'/admin/lan_log_messages.php');
+
+// ****************** MAINTENANCE ******************
+if (isset($_POST['deleteoldadmin']) && isset($_POST['rolllog_clearadmin']))
+{
+ $back_count = $_POST['rolllog_clearadmin'];
+ if (($back_count >= 1) && ($back_count <= 90))
+ {
+ $temp_date = getdate();
+ $old_date = intval(mktime(0,0,0,$temp_date['mon'],$temp_date['mday']-$back_count,$temp_date['year']));
+ $old_string = strftime("%d %B %Y",$old_date);
+// $message = "Back delete ".$back_count." days. Oldest date = ".$old_string;
+ $action = "confdel";
+ $qs[1] = $old_date;
+ $qs[2] = $back_count;
+ }
+ else
+ $message = RL_LAN_050;
+}
+
+if (!isset($admin_log)) $message .= " Admin Log not valid";
+
+
+// Actually delete back events
+if ($action == "backdel")
+{
+if (isset($_POST['confirmdeleteold']))
+ {
+ $old_date = intval($qs[1]);
+ $old_string = strftime("%d %B %Y",$old_date);
+ $qry = "dblog_datestamp < ".$old_date;
+// $message = "Back delete, oldest date = {$old_string} Query = {$qry}";
+ if ($del_count = $sql -> db_Delete("dblog",$qry))
+ {
+ // Add in a log event
+ $admin_log->log_event ("db_Delete - earlier than {$old_string} (past {$qs[2]} days)", $qry, 4);
+ $message = RL_LAN_052.$old_string.RL_LAN_057.$del_count.RL_LAN_053;
}
- return $log_type;
+ else
+ {
+ $message = RL_LAN_054." : ".$sql->mySQLresult;
+ }
+ }
+
+ if (isset($_POST['confirmcancelold']))
+ {
+ $message = RL_LAN_056;
+ }
+ $action = "config";
+ unset($qs[1]);
+ unset($qs[2]);
}
-function headerjs() {
-?>
-
-
+
+if (varsettrue($message))
+{
+ $ns->tablerender("", "