tyler.durden/loganalyzer
1
0
Fork 0
mirror of https://github.com/rsyslog/loganalyzer.git synced 2025-09-26 03:09:21 +02:00
Code Issues Packages Projects Releases Wiki Activity

Added helper function to prompt user for verification of admin actions

Browse Source 
This function will be used on other positions in the admin center
as well, everytime the user wants to delete something which cannot
be undone.
This commit is contained in:
Andre Lorbach 2008-07-15 15:53:50 +02:00
parent 5804574bbf
commit e71e4b7d75
7 changed files with 149 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/admin/index.php
View File

@ -115,6 +115,11 @@ else
// --- END CREATE TITLE
*/
// --- BEGIN CREATE TITLE
$content['TITLE'] = InitPageTitle();
$content['TITLE'] .= " :: General Options";
// --- END CREATE TITLE
// --- Parsen and Output
InitTemplateParser();
$page -> parser($content, "admin/admin_index.html");

36
src/admin/users.php
View File

@ -53,19 +53,31 @@ InitFilterHelpers(); // Helpers for frontend filtering!
// Init admin langauge file now!
IncludeLanguageFile( $gl_root_path . '/lang/' . $LANG . '/admin.php' );
// --- CONTENT Vars
$content['TITLE'] = "Ultrastats - Admin Center - Users"; // Title of the Page
// ---
// --- BEGIN Custom Code
// Only if the user is an admin!
if ( !isset($_SESSION['SESSION_ISADMIN']) || $_SESSION['SESSION_ISADMIN'] == 0 )
DieWithFriendlyErrorMsg( $content['LN_ADMIN_ERROR_NOTALLOWED'] );
if ($_GET['miniop'] == "setisadmin")
{
if ( isset($_GET['id']) && isset($_GET['newval']) )
{
//PreInit these values
$content['USERID'] = intval(DB_RemoveBadChars($_GET['id']));
$iNewVal = intval(DB_RemoveBadChars($_GET['newval']));
// --- handle special case
if ( $content['USERID'] == $content['SESSION_USERID'] && (!isset($_GET['verify']) || $_GET['verify'] != "yes") && $iNewVal == 0)
{
// This will print an additional secure check which the user needs to confirm and exit the script execution.
PrintSecureUserCheck( $content['LN_USER_WARNREMOVEADMIN'], $content['LN_DELETEYES'], $content['LN_DELETENO'] );
}
// ---
// Perform SQL Query!
$sqlquery = "SELECT * " .
" FROM " . DB_USERS .
" WHERE ID = " . $content['USERID'];
@ -73,8 +85,6 @@ if ($_GET['miniop'] == "setisadmin")
$myuser = DB_GetSingleRow($result, true);
if ( isset($myuser['username']) )
{
$iNewVal = intval(DB_RemoveBadChars($_GET['newval']));
// Update is_admin setting!
$result = DB_Query("UPDATE " . DB_USERS . " SET
is_admin = $iNewVal
@ -181,6 +191,14 @@ if ( isset($_GET['op']) )
}
else
{
// --- Ask for deletion first!
if ( (!isset($_GET['verify']) || $_GET['verify'] != "yes") )
{
// This will print an additional secure check which the user needs to confirm and exit the script execution.
PrintSecureUserCheck( GetAndReplaceLangStr( $content['LN_USER_WARNDELETEUSER'], $myrow['username'] ), $content['LN_DELETEYES'], $content['LN_DELETENO'] );
}
// ---
// do the delete!
$result = DB_Query( "DELETE FROM " . DB_USERS . " WHERE ID = " . $content['USERID'] );
if ($result == FALSE)
@ -191,6 +209,8 @@ if ( isset($_GET['op']) )
else
DB_FreeQuery($result);
// TODO: DELETE PERSONAL SETTINGS, GROUP MEMBERSHIP ...
// Do the final redirect
RedirectResult( GetAndReplaceLangStr( $content['LN_USER_ERROR_HASBEENDEL'], $myrow['username'] ) , "users.php" );
}
@ -349,9 +369,13 @@ else
}
// ---
}
// --- END Custom Code
// --- BEGIN CREATE TITLE
$content['TITLE'] = InitPageTitle();
$content['TITLE'] .= " :: User Options";
// --- END CREATE TITLE
// --- Parsen and Output
InitTemplateParser();
$page -> parser($content, "admin/admin_users.html");

67
src/include/functions_common.php
View File

@ -541,12 +541,17 @@ function InitConfigurationValues()
// Now we init the user session stuff
InitUserSession();
if ( isset($CFG["UserDBLoginRequired"]) && $CFG["UserDBLoginRequired"] == true && !$content['SESSION_LOGGEDIN'] )
{
// User needs to be logged in, redirect to login page
if ( !defined("IS_LOGINPAGE") )
RedirectToUserLogin();
}
if ( isset($CFG["UserDBLoginRequired"]) && $CFG["UserDBLoginRequired"] == true )
{
if ( !$content['SESSION_LOGGEDIN'] )
{
// User needs to be logged in, redirect to login page
if ( !defined("IS_LOGINPAGE") )
RedirectToUserLogin();
}
}
else if ( defined('IS_ADMINPAGE') ) // Language System not initialized yet
DieWithFriendlyErrorMsg( "You need to be logged in in order to access the admin pages." );
// General defaults
// // --- Language Handling
@ -559,6 +564,11 @@ function InitConfigurationValues()
$content['database_forcedatabaseupdate'] = "yes";
}
}
else
{
if ( defined('IS_ADMINPAGE') || defined("IS_LOGINPAGE") ) // Language System not initialized yet
DieWithFriendlyErrorMsg( "The phpLogCon user system is currently disabled or not installed." );
}
// --- Language Handling
if ( isset($_SESSION['CUSTOM_LANG']) && VerifyLanguage($_SESSION['CUSTOM_LANG']) )
@ -711,17 +721,22 @@ function InitPageTitle()
else
$szReturn = "";
if ( isset($currentSourceID) && isset($content['Sources'][$currentSourceID]['Name']) )
$szReturn .= "Source '" . $content['Sources'][$currentSourceID]['Name'] . "' :: ";
if ( !defined('IS_ADMINPAGE') )
{
if ( isset($currentSourceID) && isset($content['Sources'][$currentSourceID]['Name']) )
$szReturn .= "Source '" . $content['Sources'][$currentSourceID]['Name'] . "' :: ";
}
// Append phpLogCon
$szReturn .= "phpLogCon";
if ( defined('IS_ADMINPAGE') )
$szReturn .= " :: " . $content['LN_ADMIN_CENTER'] . " :: ";
// return result
return $szReturn;
}
function GetStringWithHTMLCodes($myStr)
{
// Replace all special characters with valid html representations
@ -982,4 +997,38 @@ function StartPHPSession()
}
}
function PrintSecureUserCheck( $warningtext, $yesmsg, $nomsg )
{
global $content, $page;
// Copy properties
$content['warningtext'] = $warningtext;
$content['yesmsg'] = $yesmsg;
$content['nomsg'] = $nomsg;
// Handle GET and POST input!
$content['form_url'] = $_SERVER['SCRIPT_NAME'] . "?";
foreach ($_GET as $varname => $varvalue)
$content['form_url'] .= $varname . "=" . $varvalue . "&";
$content['form_url'] .= "verify=yes"; // Append verify!
foreach ($_POST as $varname => $varvalue)
$content['POST_VARIABLES'][] = array( "varname" => $varname, "varvalue" => $varvalue );
// --- BEGIN CREATE TITLE
$content['TITLE'] = InitPageTitle();
$content['TITLE'] .= " :: Confirm Action";
// --- END CREATE TITLE
// --- Parsen and Output
InitTemplateParser();
$page -> parser($content, "admin/admin_securecheck.html");
$page -> output();
// ---
// Exit script execution
exit;
}
?>

11
src/include/functions_users.php
View File

@ -44,6 +44,11 @@ if ( !defined('IN_PHPLOGCON') )
///include($gl_root_path . 'include/constants_logstream.php');
// ---
// --- Define User System initialized!
define('IS_USERSYSTEMENABLED', true);
$content['IS_USERSYSTEMENABLED'] = true;
// ---
// --- BEGIN Usermanagement Function ---
function InitUserSession()
{
@ -62,8 +67,9 @@ function InitUserSession()
{
$content['SESSION_LOGGEDIN'] = true;
$content['SESSION_USERNAME'] = $_SESSION['SESSION_USERNAME'];
$content['SESSION_USERID'] = $_SESSION['SESSION_USERID'];
$content['SESSION_ISADMIN'] = $_SESSION['SESSION_ISADMIN'];
// Successfully logged in
return true;
}
@ -125,10 +131,12 @@ function CheckUserLogin( $username, $password )
{
$_SESSION['SESSION_LOGGEDIN'] = true;
$_SESSION['SESSION_USERNAME'] = $username;
$_SESSION['SESSION_USERID'] = $myrow['ID'];
$_SESSION['SESSION_ISADMIN'] = $myrow['is_admin'];
$content['SESSION_LOGGEDIN'] = $_SESSION['SESSION_LOGGEDIN'];
$content['SESSION_USERNAME'] = $_SESSION['SESSION_USERNAME'];
$content['SESSION_USERID'] = $_SESSION['SESSION_USERID'];
$content['SESSION_ISADMIN'] = $_SESSION['SESSION_ISADMIN'];
// TODO SET LAST LOGIN TIME!
@ -152,6 +160,7 @@ function DoLogOff()
unset( $_SESSION['SESSION_LOGGEDIN'] );
unset( $_SESSION['SESSION_USERNAME'] );
unset( $_SESSION['SESSION_USERID'] );
unset( $_SESSION['SESSION_ACCESSLEVEL'] );
// Redir to Index Page

8
src/lang/en/admin.php
View File

@ -37,6 +37,9 @@ $content['LN_ADMINMENU_USEROPT'] = "User Options";
$content['LN_ADMINMENU_GROUPOPT'] = "Group Options";
$content['LN_ADMIN_CENTER'] = "Admin center";
$content['LN_ADMIN_UNKNOWNSTATE'] = "Unknown State";
$content['LN_ADMIN_ERROR_NOTALLOWED'] = "You are not allowed to access this page with your user level.";
$content['LN_DELETEYES'] = "Yes";
$content['LN_DELETENO'] = "No";
// User Center
$content['LN_USER_CENTER'] = "User Options";
@ -61,6 +64,11 @@ $content['LN_USER_ERROR_HASBEENADDED'] = "User '%1' has been successfully added"
$content['LN_USER_ERROR_HASBEENEDIT'] = "User '%1' has been successfully edited";
$content['LN_USER_ISADMIN'] = "Is Admin?";
$content['LN_USER_ADDEDIT'] = "Add/Edit User";
$content['LN_USER_WARNREMOVEADMIN'] = "You are about to revoke your own administrative priviledges. Are you sure to remove your admin status?";
$content['LN_USER_WARNDELETEUSER'] = "Are you sure that you want to delete the User '%1'? All his personal settings will be deleted as well.";
$content['LN_USER_'] = "";
$content['LN_USER_'] = "";
$content['LN_USER_'] = "";
$content['LN_USER_'] = "";

32
src/templates/admin/admin_securecheck.html Normal file
View File

@ -0,0 +1,32 @@
<!-- INCLUDE include_header.html -->
<br><br>
<table width="600" cellpadding="2" cellspacing="1" border="0" align="center" class="with_border">
<tr>
<td align="center" valign="top" class="line0 ErrorMsg" colspan="2">{warningtext}</td>
</tr>
<tr>
<td align="center" class="line1" width="50%">
<br>
<form action="{form_url}" method="post" name="confirmform">
<!-- BEGIN POST_VARIABLES -->
<input type="hidden" name="{varname}" value="{varvalue}">
<!-- END POST_VARIABLES -->
<input type="image" src="{BASEPATH}images/icons/check.png" alt="{yesmsg}" class="borderless" width="16">
<br>
<input type="submit" value="{yesmsg}" class="borderless">
</form>
</td>
<td align="center" class="line2" width="50%">
<br>
<a HREF="javascript:history.back();">
<img src="{BASEPATH}images/icons/redo.png" class="borderless" width="16">
<br>{nomsg}
</a>
</td>
</tr>
</table>
<br>
<!-- INCLUDE include_footer.html -->

6
src/themes/default/main.css
View File

@ -445,3 +445,9 @@ select, input, button, textarea
font: bold 8pt Arial,Helvetica,sans-serif;
color: #BB0000
}
.borderless
{
border:0px solid;
background-color: transparent;
}