tyler.durden/loganalyzer
1
0
Fork 0
mirror of https://github.com/rsyslog/loganalyzer.git synced 2025-09-26 11:19:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

Added helper function to prompt user for verification of admin actions

Browse Source 
This function will be used on other positions in the admin center
as well, everytime the user wants to delete something which cannot
be undone.
This commit is contained in:
Andre Lorbach 2008-07-15 15:53:50 +02:00
parent 5804574bbf
commit e71e4b7d75
7 changed files with 149 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/admin/index.php
View File

@ -115,6 +115,11 @@ else
// --- END CREATE TITLE // --- END CREATE TITLE
*/ */
// --- BEGIN CREATE TITLE
$content['TITLE'] = InitPageTitle();
$content['TITLE'] .= " :: General Options";
// --- END CREATE TITLE
// --- Parsen and Output // --- Parsen and Output
InitTemplateParser(); InitTemplateParser();
$page -> parser($content, "admin/admin_index.html"); $page -> parser($content, "admin/admin_index.html");

36
src/admin/users.php
View File

@ -53,19 +53,31 @@ InitFilterHelpers(); // Helpers for frontend filtering!
// Init admin langauge file now! // Init admin langauge file now!
IncludeLanguageFile( $gl_root_path . '/lang/' . $LANG . '/admin.php' ); IncludeLanguageFile( $gl_root_path . '/lang/' . $LANG . '/admin.php' );
// --- CONTENT Vars
$content['TITLE'] = "Ultrastats - Admin Center - Users"; // Title of the Page
// --- // ---
// --- BEGIN Custom Code // --- BEGIN Custom Code
// Only if the user is an admin!
if ( !isset($_SESSION['SESSION_ISADMIN']) || $_SESSION['SESSION_ISADMIN'] == 0 )
DieWithFriendlyErrorMsg( $content['LN_ADMIN_ERROR_NOTALLOWED'] );
if ($_GET['miniop'] == "setisadmin") if ($_GET['miniop'] == "setisadmin")
{ {
if ( isset($_GET['id']) && isset($_GET['newval']) ) if ( isset($_GET['id']) && isset($_GET['newval']) )
{ {
//PreInit these values //PreInit these values
$content['USERID'] = intval(DB_RemoveBadChars($_GET['id'])); $content['USERID'] = intval(DB_RemoveBadChars($_GET['id']));
$iNewVal = intval(DB_RemoveBadChars($_GET['newval']));
// --- handle special case
if ( $content['USERID'] == $content['SESSION_USERID'] && (!isset($_GET['verify']) || $_GET['verify'] != "yes") && $iNewVal == 0)
{
// This will print an additional secure check which the user needs to confirm and exit the script execution.
PrintSecureUserCheck( $content['LN_USER_WARNREMOVEADMIN'], $content['LN_DELETEYES'], $content['LN_DELETENO'] );
}
// ---
// Perform SQL Query!
$sqlquery = "SELECT * " . $sqlquery = "SELECT * " .
" FROM " . DB_USERS . " FROM " . DB_USERS .
" WHERE ID = " . $content['USERID']; " WHERE ID = " . $content['USERID'];
@ -73,8 +85,6 @@ if ($_GET['miniop'] == "setisadmin")
$myuser = DB_GetSingleRow($result, true); $myuser = DB_GetSingleRow($result, true);
if ( isset($myuser['username']) ) if ( isset($myuser['username']) )
{ {
$iNewVal = intval(DB_RemoveBadChars($_GET['newval']));
// Update is_admin setting! // Update is_admin setting!
$result = DB_Query("UPDATE " . DB_USERS . " SET $result = DB_Query("UPDATE " . DB_USERS . " SET
is_admin = $iNewVal is_admin = $iNewVal
@ -181,6 +191,14 @@ if ( isset($_GET['op']) )
} }
else else
{ {
// --- Ask for deletion first!
if ( (!isset($_GET['verify']) || $_GET['verify'] != "yes") )
{
// This will print an additional secure check which the user needs to confirm and exit the script execution.
PrintSecureUserCheck( GetAndReplaceLangStr( $content['LN_USER_WARNDELETEUSER'], $myrow['username'] ), $content['LN_DELETEYES'], $content['LN_DELETENO'] );
}
// ---
// do the delete! // do the delete!
$result = DB_Query( "DELETE FROM " . DB_USERS . " WHERE ID = " . $content['USERID'] ); $result = DB_Query( "DELETE FROM " . DB_USERS . " WHERE ID = " . $content['USERID'] );
if ($result == FALSE) if ($result == FALSE)
@ -191,6 +209,8 @@ if ( isset($_GET['op']) )
else else
DB_FreeQuery($result); DB_FreeQuery($result);
// TODO: DELETE PERSONAL SETTINGS, GROUP MEMBERSHIP ...
// Do the final redirect // Do the final redirect
RedirectResult( GetAndReplaceLangStr( $content['LN_USER_ERROR_HASBEENDEL'], $myrow['username'] ) , "users.php" ); RedirectResult( GetAndReplaceLangStr( $content['LN_USER_ERROR_HASBEENDEL'], $myrow['username'] ) , "users.php" );
} }
@ -349,9 +369,13 @@ else
} }
// --- // ---
} }
// --- END Custom Code // --- END Custom Code
// --- BEGIN CREATE TITLE
$content['TITLE'] = InitPageTitle();
$content['TITLE'] .= " :: User Options";
// --- END CREATE TITLE
// --- Parsen and Output // --- Parsen and Output
InitTemplateParser(); InitTemplateParser();
$page -> parser($content, "admin/admin_users.html"); $page -> parser($content, "admin/admin_users.html");

67
src/include/functions_common.php
View File

@ -541,12 +541,17 @@ function InitConfigurationValues()
// Now we init the user session stuff // Now we init the user session stuff
InitUserSession(); InitUserSession();
if ( isset($CFG["UserDBLoginRequired"]) && $CFG["UserDBLoginRequired"] == true && !$content['SESSION_LOGGEDIN'] ) if ( isset($CFG["UserDBLoginRequired"]) && $CFG["UserDBLoginRequired"] == true )
{ {
// User needs to be logged in, redirect to login page if ( !$content['SESSION_LOGGEDIN'] )
if ( !defined("IS_LOGINPAGE") ) {
RedirectToUserLogin(); // User needs to be logged in, redirect to login page
} if ( !defined("IS_LOGINPAGE") )
RedirectToUserLogin();
}
}
else if ( defined('IS_ADMINPAGE') ) // Language System not initialized yet
DieWithFriendlyErrorMsg( "You need to be logged in in order to access the admin pages." );
// General defaults // General defaults
// // --- Language Handling // // --- Language Handling
@ -559,6 +564,11 @@ function InitConfigurationValues()
$content['database_forcedatabaseupdate'] = "yes"; $content['database_forcedatabaseupdate'] = "yes";
} }
} }
else
{
if ( defined('IS_ADMINPAGE') || defined("IS_LOGINPAGE") ) // Language System not initialized yet
DieWithFriendlyErrorMsg( "The phpLogCon user system is currently disabled or not installed." );
}
// --- Language Handling // --- Language Handling
if ( isset($_SESSION['CUSTOM_LANG']) && VerifyLanguage($_SESSION['CUSTOM_LANG']) ) if ( isset($_SESSION['CUSTOM_LANG']) && VerifyLanguage($_SESSION['CUSTOM_LANG']) )
@ -711,17 +721,22 @@ function InitPageTitle()
else else
$szReturn = ""; $szReturn = "";
if ( isset($currentSourceID) && isset($content['Sources'][$currentSourceID]['Name']) ) if ( !defined('IS_ADMINPAGE') )
$szReturn .= "Source '" . $content['Sources'][$currentSourceID]['Name'] . "' :: "; {
if ( isset($currentSourceID) && isset($content['Sources'][$currentSourceID]['Name']) )
$szReturn .= "Source '" . $content['Sources'][$currentSourceID]['Name'] . "' :: ";
}
// Append phpLogCon // Append phpLogCon
$szReturn .= "phpLogCon"; $szReturn .= "phpLogCon";
if ( defined('IS_ADMINPAGE') )
$szReturn .= " :: " . $content['LN_ADMIN_CENTER'] . " :: ";
// return result // return result
return $szReturn; return $szReturn;
} }
function GetStringWithHTMLCodes($myStr) function GetStringWithHTMLCodes($myStr)
{ {
// Replace all special characters with valid html representations // Replace all special characters with valid html representations
@ -982,4 +997,38 @@ function StartPHPSession()
} }
} }
function PrintSecureUserCheck( $warningtext, $yesmsg, $nomsg )
{
global $content, $page;
// Copy properties
$content['warningtext'] = $warningtext;
$content['yesmsg'] = $yesmsg;
$content['nomsg'] = $nomsg;
// Handle GET and POST input!
$content['form_url'] = $_SERVER['SCRIPT_NAME'] . "?";
foreach ($_GET as $varname => $varvalue)
$content['form_url'] .= $varname . "=" . $varvalue . "&";
$content['form_url'] .= "verify=yes"; // Append verify!
foreach ($_POST as $varname => $varvalue)
$content['POST_VARIABLES'][] = array( "varname" => $varname, "varvalue" => $varvalue );
// --- BEGIN CREATE TITLE
$content['TITLE'] = InitPageTitle();
$content['TITLE'] .= " :: Confirm Action";
// --- END CREATE TITLE
// --- Parsen and Output
InitTemplateParser();
$page -> parser($content, "admin/admin_securecheck.html");
$page -> output();
// ---
// Exit script execution
exit;
}
?> ?>

11
src/include/functions_users.php
View File

@ -44,6 +44,11 @@ if ( !defined('IN_PHPLOGCON') )
///include($gl_root_path . 'include/constants_logstream.php'); ///include($gl_root_path . 'include/constants_logstream.php');
// --- // ---
// --- Define User System initialized!
define('IS_USERSYSTEMENABLED', true);
$content['IS_USERSYSTEMENABLED'] = true;
// ---
// --- BEGIN Usermanagement Function --- // --- BEGIN Usermanagement Function ---
function InitUserSession() function InitUserSession()
{ {
@ -62,8 +67,9 @@ function InitUserSession()
{ {
$content['SESSION_LOGGEDIN'] = true; $content['SESSION_LOGGEDIN'] = true;
$content['SESSION_USERNAME'] = $_SESSION['SESSION_USERNAME']; $content['SESSION_USERNAME'] = $_SESSION['SESSION_USERNAME'];
$content['SESSION_USERID'] = $_SESSION['SESSION_USERID'];
$content['SESSION_ISADMIN'] = $_SESSION['SESSION_ISADMIN']; $content['SESSION_ISADMIN'] = $_SESSION['SESSION_ISADMIN'];
// Successfully logged in // Successfully logged in
return true; return true;
} }
@ -125,10 +131,12 @@ function CheckUserLogin( $username, $password )
{ {
$_SESSION['SESSION_LOGGEDIN'] = true; $_SESSION['SESSION_LOGGEDIN'] = true;
$_SESSION['SESSION_USERNAME'] = $username; $_SESSION['SESSION_USERNAME'] = $username;
$_SESSION['SESSION_USERID'] = $myrow['ID'];
$_SESSION['SESSION_ISADMIN'] = $myrow['is_admin']; $_SESSION['SESSION_ISADMIN'] = $myrow['is_admin'];
$content['SESSION_LOGGEDIN'] = $_SESSION['SESSION_LOGGEDIN']; $content['SESSION_LOGGEDIN'] = $_SESSION['SESSION_LOGGEDIN'];
$content['SESSION_USERNAME'] = $_SESSION['SESSION_USERNAME']; $content['SESSION_USERNAME'] = $_SESSION['SESSION_USERNAME'];
$content['SESSION_USERID'] = $_SESSION['SESSION_USERID'];
$content['SESSION_ISADMIN'] = $_SESSION['SESSION_ISADMIN']; $content['SESSION_ISADMIN'] = $_SESSION['SESSION_ISADMIN'];
// TODO SET LAST LOGIN TIME! // TODO SET LAST LOGIN TIME!
@ -152,6 +160,7 @@ function DoLogOff()
unset( $_SESSION['SESSION_LOGGEDIN'] ); unset( $_SESSION['SESSION_LOGGEDIN'] );
unset( $_SESSION['SESSION_USERNAME'] ); unset( $_SESSION['SESSION_USERNAME'] );
unset( $_SESSION['SESSION_USERID'] );
unset( $_SESSION['SESSION_ACCESSLEVEL'] ); unset( $_SESSION['SESSION_ACCESSLEVEL'] );
// Redir to Index Page // Redir to Index Page

8
src/lang/en/admin.php
View File

@ -37,6 +37,9 @@ $content['LN_ADMINMENU_USEROPT'] = "User Options";
$content['LN_ADMINMENU_GROUPOPT'] = "Group Options"; $content['LN_ADMINMENU_GROUPOPT'] = "Group Options";
$content['LN_ADMIN_CENTER'] = "Admin center"; $content['LN_ADMIN_CENTER'] = "Admin center";
$content['LN_ADMIN_UNKNOWNSTATE'] = "Unknown State"; $content['LN_ADMIN_UNKNOWNSTATE'] = "Unknown State";
$content['LN_ADMIN_ERROR_NOTALLOWED'] = "You are not allowed to access this page with your user level.";
$content['LN_DELETEYES'] = "Yes";
$content['LN_DELETENO'] = "No";
// User Center // User Center
$content['LN_USER_CENTER'] = "User Options"; $content['LN_USER_CENTER'] = "User Options";
@ -61,6 +64,11 @@ $content['LN_USER_ERROR_HASBEENADDED'] = "User '%1' has been successfully added"
$content['LN_USER_ERROR_HASBEENEDIT'] = "User '%1' has been successfully edited"; $content['LN_USER_ERROR_HASBEENEDIT'] = "User '%1' has been successfully edited";
$content['LN_USER_ISADMIN'] = "Is Admin?"; $content['LN_USER_ISADMIN'] = "Is Admin?";
$content['LN_USER_ADDEDIT'] = "Add/Edit User"; $content['LN_USER_ADDEDIT'] = "Add/Edit User";
$content['LN_USER_WARNREMOVEADMIN'] = "You are about to revoke your own administrative priviledges. Are you sure to remove your admin status?";
$content['LN_USER_WARNDELETEUSER'] = "Are you sure that you want to delete the User '%1'? All his personal settings will be deleted as well.";
$content['LN_USER_'] = "";
$content['LN_USER_'] = "";
$content['LN_USER_'] = "";
$content['LN_USER_'] = ""; $content['LN_USER_'] = "";

32
src/templates/admin/admin_securecheck.html Normal file
View File

@ -0,0 +1,32 @@
<!-- INCLUDE include_header.html -->
<br><br>
<table width="600" cellpadding="2" cellspacing="1" border="0" align="center" class="with_border">
<tr>
<td align="center" valign="top" class="line0 ErrorMsg" colspan="2">{warningtext}</td>
</tr>
<tr>
<td align="center" class="line1" width="50%">
<br>
<form action="{form_url}" method="post" name="confirmform">
<!-- BEGIN POST_VARIABLES -->
<input type="hidden" name="{varname}" value="{varvalue}">
<!-- END POST_VARIABLES -->
<input type="image" src="{BASEPATH}images/icons/check.png" alt="{yesmsg}" class="borderless" width="16">
<br>
<input type="submit" value="{yesmsg}" class="borderless">
</form>
</td>
<td align="center" class="line2" width="50%">
<br>
<a HREF="javascript:history.back();">
<img src="{BASEPATH}images/icons/redo.png" class="borderless" width="16">
<br>{nomsg}
</a>
</td>
</tr>
</table>
<br>
<!-- INCLUDE include_footer.html -->

6
src/themes/default/main.css
View File

@ -445,3 +445,9 @@ select, input, button, textarea
font: bold 8pt Arial,Helvetica,sans-serif; font: bold 8pt Arial,Helvetica,sans-serif;
color: #BB0000 color: #BB0000
} }
.borderless
{
border:0px solid;
background-color: transparent;
}