# HG changeset patch # User Dan # Date 1182641261 14400 # Node ID 40105681f4958158ab5803a14d9ad2db8a403f3b # Parent 5d003b6c9e89ad2221c29202c84d6208c4c2eb48 Demo mode: security logs are now recorded but not publicly displayed diff -r 5d003b6c9e89 -r 40105681f495 plugins/SpecialAdmin.php --- a/plugins/SpecialAdmin.php Sat Jun 23 18:54:16 2007 -0400 +++ b/plugins/SpecialAdmin.php Sat Jun 23 19:27:41 2007 -0400 @@ -107,34 +107,45 @@ echo '
'; $cls = 'row2'; echo ''; - if(isset($_GET['fulllog'])) + require('config.php'); + $hash = md5($dbpasswd); + unset($dbname, $dbhost, $dbuser, $dbpasswd); + unset($dbname, $dbhost, $dbuser, $dbpasswd); // PHP5 Zend bug + if ( defined('ENANO_DEMO_MODE') && !isset($_GET[ $hash ]) ) { - $l = 'SELECT action,date_string,author,edit_summary,time_id,page_text FROM '.table_prefix.'logs WHERE log_type=\'security\' ORDER BY time_id DESC, action ASC;'; + echo ''; } else { - $l = 'SELECT action,date_string,author,edit_summary,time_id,page_text FROM '.table_prefix.'logs WHERE log_type=\'security\' ORDER BY time_id DESC, action ASC LIMIT 5'; + if(isset($_GET['fulllog'])) + { + $l = 'SELECT action,date_string,author,edit_summary,time_id,page_text FROM '.table_prefix.'logs WHERE log_type=\'security\' ORDER BY time_id DESC, action ASC;'; + } + else + { + $l = 'SELECT action,date_string,author,edit_summary,time_id,page_text FROM '.table_prefix.'logs WHERE log_type=\'security\' ORDER BY time_id DESC, action ASC LIMIT 5'; + } + $q = $db->sql_query($l); + while($r = $db->fetchrow()) + { + if($cls == 'row2') $cls = 'row1'; + else $cls = 'row2'; + echo ''; + } + $db->free_result(); } - $q = $db->sql_query($l); - while($r = $db->fetchrow()) - { - if($cls == 'row2') $cls = 'row1'; - else $cls = 'row2'; - echo ''; - } - $db->free_result(); echo '
TypeDateUsernameIP Address
Logs are recorded but not displayed for privacy purposes in the demo.
'; + switch($r['action']) { + case "admin_auth_good": echo 'Successful elevated authentication'; if ( !empty($r['page_text']) ) { $level = $session->userlevel_to_string( intval($r['page_text']) ); echo "
Authentication level: $level"; } break; + case "admin_auth_bad": echo 'Failed elevated authentication'; if ( !empty($r['page_text']) ) { $level = $session->userlevel_to_string( intval($r['page_text']) ); echo "
Attempted auth level: $level"; } break; + case "activ_good": echo 'Successful account activation'; break; + case "auth_good": echo 'Successful regular user logon'; break; + case "activ_bad": echo 'Failed account activation'; break; + case "auth_bad": echo 'Failed regular user logon'; break; + case "sql_inject": echo 'SQL injection attempt
Offending query: ' . htmlspecialchars($r['page_text']) . '
'; break; + case "db_backup": echo 'Database backup created
Tables: ' . $r['page_text'] . ''; break; + case "install_enano": echo "Installed Enano version {$r['page_text']}"; break; + } + echo '
'.date('d M Y h:i a', $r['time_id']).''.$r['author'].''.$r['edit_summary'].'
'; - switch($r['action']) { - case "admin_auth_good": echo 'Successful elevated authentication'; if ( !empty($r['page_text']) ) { $level = $session->userlevel_to_string( intval($r['page_text']) ); echo "
Authentication level: $level"; } break; - case "admin_auth_bad": echo 'Failed elevated authentication'; if ( !empty($r['page_text']) ) { $level = $session->userlevel_to_string( intval($r['page_text']) ); echo "
Attempted auth level: $level"; } break; - case "activ_good": echo 'Successful account activation'; break; - case "auth_good": echo 'Successful regular user logon'; break; - case "activ_bad": echo 'Failed account activation'; break; - case "auth_bad": echo 'Failed regular user logon'; break; - case "sql_inject": echo 'SQL injection attempt
Offending query: ' . htmlspecialchars($r['page_text']) . '
'; break; - case "db_backup": echo 'Database backup created
Tables: ' . $r['page_text'] . ''; break; - case "install_enano": echo "Installed Enano version {$r['page_text']}"; break; - } - echo '
'.date('d M Y h:i a', $r['time_id']).''.$r['author'].''.$r['edit_summary'].'
'; if(!isset($_GET['fulllog'])) echo '

Full security log

';