diff --git a/pandora_console/godmode/admin_access_logs.php b/pandora_console/godmode/admin_access_logs.php index c3a8c9d0b0..abdb916b80 100644 --- a/pandora_console/godmode/admin_access_logs.php +++ b/pandora_console/godmode/admin_access_logs.php @@ -17,171 +17,170 @@ global $config; -require_once ($config["homedir"] . '/include/functions_graph.php'); +require_once($config["homedir"] . '/include/functions_graph.php'); -check_login (); +check_login(); $enterprise_include = enterprise_include_once('godmode/admin_access_logs.php'); -if (! check_acl ($config['id_user'], 0, "PM")) { - db_pandora_audit( "ACL Violation", - "Trying to access event viewer"); - require ("general/noaccess.php"); +if (! check_acl($config['id_user'], 0, "PM")) { + db_pandora_audit("ACL Violation", "Trying to access audit view"); + require("general/noaccess.php"); exit; } -ui_print_page_header (__('Pandora audit')." » ".__('Review Logs'), "images/gm_log.png", false, "", true ); +ui_print_page_header(__('Pandora audit') . " » " . __('Review Logs'), "images/gm_log.png", false, "", true); -$offset = get_parameter ("offset", 0); -$tipo_log = get_parameter ("tipo_log", 'all'); -$user_filter = get_parameter('user_filter', 'all'); -$filter_text = get_parameter('filter_text', ''); -$filter_hours_old = get_parameter('filter_hours_old', 24); -$filter_ip = get_parameter('filter_ip', ''); +$offset = (int) get_parameter("offset"); +$filter_type = (string) get_parameter("filter_type"); +$filter_user = (string) get_parameter("filter_user"); +$filter_text = (string) get_parameter("filter_text"); +$filter_period = get_parameter("filter_period", null); +$filter_period = ($filter_period !== null) ? (int) $filter_period : 24; +$filter_ip = (string) get_parameter("filter_ip"); -echo "<table width='100%' border='0' cellspacing='4' cellpadding='4' class='databox filters'>"; -echo '<tr><td class="datost">'; -echo '<div style="float: left; width: 400px;">'; -echo '<b>'.__('Filter').'</b><br><br>'; +$filter_query = "&filter_type=" . $filter_type + . "&filter_user=" . $filter_user + . "&filter_text=" . $filter_text + . "&filter_period=" . $filter_period + . "&filter_ip=" . $filter_ip; -$rows = db_get_all_rows_sql ("SELECT DISTINCT(accion) - FROM tsesion"); -if (empty ($rows)) { - $rows = array (); -} -$actions = array (); - -foreach ($rows as $row) { - $actions[$row["accion"]] = $row["accion"]; -} -echo '<form name="query_sel" method="post" action="index.php?sec=glog&sec2=godmode/admin_access_logs">'; -$table = null; -$table->width = '100%'; +$table = new stdClass(); +$table->class = "databox filters"; +$table->cellstyle = array(); +$table->cellstyle[0] = array(); +$table->cellstyle[1] = array(); +$table->cellstyle[0][0] = "text-align: right;"; +$table->cellstyle[0][1] = "text-align: left;"; +$table->cellstyle[0][2] = "text-align: right;"; +$table->cellstyle[0][3] = "text-align: left;"; +$table->cellstyle[0][4] = "text-align: right;"; +$table->cellstyle[0][5] = "text-align: left;"; +$table->cellstyle[1][0] = "text-align: right;"; +$table->cellstyle[1][1] = "text-align: left;"; +$table->cellstyle[1][2] = "text-align: right;"; +$table->cellstyle[1][3] = "text-align: left;"; +$table->cellstyle[1][5] = "text-align: right;"; $table->data = array(); -$table->data[0][0] = __('Action'); -$table->data[0][1] = html_print_select ($actions, 'tipo_log', $tipo_log, '', __('All'), 'all', true); -$table->data[1][0] = __('User'); -$table->data[1][1] = html_print_select_from_sql('SELECT id_user, id_user AS text FROM tusuario', 'user_filter', $user_filter, '', __('All'), 'all', true); -$table->data[2][0] = __('Free text for search (*)'); -$table->data[2][1] = html_print_input_text('filter_text', $filter_text, __('Free text for search (*)'), 20, 40, true); -$table->data[3][0] = __('Max. hours old'); -$table->data[3][1] = html_print_input_text('filter_hours_old', $filter_hours_old, __('Max. hours old'), 3, 6, true); -$table->data[4][0] = __('IP'); -$table->data[4][1] = html_print_input_text('filter_ip', $filter_ip, __('IP'), 15, 15, true); -$table->data[5][0] = ''; -$table->data[5][1] = html_print_submit_button(__('Filter'), 'filter', false, 'class="sub search" style="float: right;"', true); -html_print_table($table); -echo '</form>'; -echo '</div>'; -echo '<div style="float: right; width: 300px;">'; -echo graphic_user_activity(300, 140); +$data = array(); -echo '</div>'; -echo '<div style="clear:both;"> </div>'; -echo '</td></tr></table>'; +$data[0] = "<b>" . __('Search') . "</b>"; +$data[1] = html_print_input_text("filter_text", $filter_text, __("Free text for search (*)"), 20, 40, true); +$data[2] = "<b>" . __("Max. hours old") . "</b>"; +$data[3] = html_print_input_text("filter_period", $filter_period, __("Max. hours old"), 3, 6, true); +$data[4] = "<b>" . __("IP") . "</b>"; +$data[5] = html_print_input_text("filter_ip", $filter_ip, __("IP"), 15, 15, true); -$filter = 'WHERE 1 = 1'; +$table->data[0] = $data; +$data = array(); -if ($tipo_log != 'all') { - $filter .= sprintf (" AND accion = '%s'", $tipo_log); -} -switch ($config['dbtype']) { - case "mysql": - if ($user_filter != 'all') { - $filter .= sprintf(' AND id_usuario = "%s"', $user_filter); - } - - $filter .= ' AND (accion LIKE "%' . $filter_text . '%" OR descripcion LIKE "%' . $filter_text . '%")'; - - if ($filter_ip != '') { - $filter .= sprintf(' AND ip_origen LIKE "%s"', $filter_ip); - } - break; - case "postgresql": - case "oracle": - if ($user_filter != 'all') { - $filter .= sprintf(' AND id_usuario = \'%s\'', $user_filter); - } - - $filter .= ' AND (accion LIKE \'%' . $filter_text . '%\' OR descripcion LIKE \'%' . $filter_text . '%\')'; - - if ($filter_ip != '') { - $filter .= sprintf(' AND ip_origen LIKE \'%s\'', $filter_ip); - } - break; +$actions_sql = "SELECT DISTINCT(accion), accion AS text FROM tsesion"; +$data[0] = "<b>" . __("Action") . "</b>"; +$data[1] = html_print_select_from_sql($actions_sql, "filter_type", $filter_type, "", __("All"), "", true); + +$users_sql = "SELECT id_user, id_user AS text FROM tusuario"; +$data[2] = "<b>" . __("User") . "</b>"; +$data[3] = html_print_select_from_sql($users_sql, "filter_user", $filter_user, "", __("All"), "", true); + +$data[4] = ""; +$data[5] = html_print_submit_button(__("Filter"), "filter", false, 'class="sub search"', true); + +$table->data[1] = $data; + +$form = '<form name="query_sel" method="post" action="index.php?sec=glog&sec2=godmode/admin_access_logs">'; +$form .= html_print_table($table, true); +$form .= '</form>'; +ui_toggle($form, __("Filter"), "", false); + +// ui_toggle(graphic_user_activity(400, 150), __("Chart")); + +$filter = "1=1"; + +if (!empty($filter_type)) { + $filter .= sprintf (" AND accion = '%s'", $filter_type); } -if ($filter_hours_old != 0) { +if (!empty($filter_user)) { + $filter .= sprintf(" AND id_usuario = '%s'", $filter_user); +} + +if (!empty($filter_text)) { + $filter .= " AND (accion LIKE '%'" . $filter_text . "'%' OR descripcion LIKE '%'" . $filter_text . "'%')"; +} + +if (!empty($filter_ip)) { + $filter .= sprintf(" AND ip_origen LIKE '%'", $filter_ip); +} + +if (!empty($filter_period)) { switch ($config["dbtype"]) { case "mysql": - $filter .= ' AND fecha >= DATE_ADD(NOW(), INTERVAL -' . $filter_hours_old . ' HOUR)'; + $filter .= ' AND fecha >= DATE_ADD(NOW(), INTERVAL -' . $filter_period . ' HOUR)'; break; case "postgresql": - $filter .= ' AND fecha >= NOW() - INTERVAL \'' . $filter_hours_old . ' HOUR \''; + $filter .= ' AND fecha >= NOW() - INTERVAL \'' . $filter_period . ' HOUR \''; break; case "oracle": - $filter .= ' AND fecha >= (SYSTIMESTAMP - INTERVAL \'' . $filter_hours_old . '\' HOUR)'; + $filter .= ' AND fecha >= (SYSTIMESTAMP - INTERVAL \'' . $filter_period . '\' HOUR)'; break; } } -$sql = "SELECT COUNT(*) FROM tsesion " . $filter; -$count = db_get_sql ($sql); -$url = "index.php?sec=godmode&sec2=godmode/admin_access_logs&tipo_log=".$tipo_log."&user_filter=".$user_filter."&filter_text=".$filter_text."&filter_hours_old=".$filter_hours_old."&filter_ip=".$filter_ip; - -ui_pagination ($count, $url); +$count_sql = sprintf("SELECT COUNT(*) FROM tsesion WHERE %s", $filter); +$count = (int) db_get_value_sql($count_sql); +$url = "index.php?sec=godmode&sec2=godmode/admin_access_logs" . $filter_query; +ui_pagination($count, $url); switch ($config["dbtype"]) { case "mysql": - $sql = sprintf ("SELECT * + $sql = sprintf( + "SELECT * FROM tsesion - %s + WHERE %s ORDER BY fecha DESC - LIMIT %d, %d", $filter, $offset, $config["block_size"]); + LIMIT %d, %d", + $filter, $offset, $config["block_size"] + ); break; case "postgresql": - $sql = sprintf ("SELECT * + $sql = sprintf( + "SELECT * FROM tsesion - %s + WHERE %s ORDER BY fecha DESC - LIMIT %d OFFSET %d", $filter, $config["block_size"], $offset); + LIMIT %d OFFSET %d", + $filter, $config["block_size"], $offset + ); break; case "oracle": $set = array(); $set['limit'] = $config["block_size"]; $set['offset'] = $offset; - $sql = sprintf ("SELECT * + $sql = sprintf( + "SELECT * FROM tsesion - %s - ORDER BY fecha DESC", $filter); - $result = oracle_recode_query ($sql, $set); + WHERE %s + ORDER BY fecha DESC", + $filter + ); + $result = oracle_recode_query($sql, $set); break; } -$result = db_get_all_rows_sql ($sql); - -// Delete rnum row generated by oracle_recode_query() function -if (($config["dbtype"] == 'oracle') && ($result !== false)) { - for ($i=0; $i < count($result); $i++) { - unset($result[$i]['rnum']); - } -} - -if (empty ($result)) { - $result = array (); -} +$result = db_get_all_rows_sql($sql); +if (empty($result)) $result = array(); $table = new stdClass(); $table->cellpadding = 4; $table->cellspacing = 4; $table->width = '100%'; $table->class = "databox data"; -$table->size = array (); -$table->data = array (); -$table->head = array (); +$table->size = array(); +$table->data = array(); +$table->head = array(); $table->align = array(); $table->rowclass = array(); @@ -192,9 +191,6 @@ $table->head[3] = __('Source IP'); $table->head[4] = __('Comments'); if ($enterprise_include !== ENTERPRISE_NOT_HOOK) { $table->head[5] = enterprise_hook('tableHeadEnterpriseAudit', array('title1')); -} - -if ($enterprise_include !== ENTERPRISE_NOT_HOOK) { $table->head[6] = enterprise_hook('tableHeadEnterpriseAudit', array('title2')); } @@ -204,106 +200,54 @@ $table->size[3] = 100; $table->size[4] = 200; if ($enterprise_include !== ENTERPRISE_NOT_HOOK) { $table->size[5] = enterprise_hook('tableHeadEnterpriseAudit', array('size1')); -} -if ($enterprise_include !== ENTERPRISE_NOT_HOOK) { $table->size[6] = enterprise_hook('tableHeadEnterpriseAudit', array('size2')); -} - - -if ($enterprise_include !== ENTERPRISE_NOT_HOOK) { $table->align[5] = enterprise_hook('tableHeadEnterpriseAudit', array('align')); -} -if ($enterprise_include !== ENTERPRISE_NOT_HOOK) { $table->align[6] = enterprise_hook('tableHeadEnterpriseAudit', array('align2')); } $table->colspan = array(); $table->rowstyle = array(); - $rowPair = true; $iterator = 0; // Get data foreach ($result as $row) { - if ($rowPair) - $table->rowclass[$iterator] = 'rowPair'; - else - $table->rowclass[$iterator] = 'rowOdd'; - $rowPair = !$rowPair; $iterator++; + + $table->rowclass[] = $rowPair ? "rowPair" : "rowOdd"; + $rowPair = !$rowPair; - $data = array (); - switch ($config['dbtype']) { - case "mysql": - case "postgresql": - $data[0] = $row["id_usuario"]; - break; - case "oracle": - $data[0] = $row["id_usuario"]; - break; - } - $data[1] = ui_print_session_action_icon ($row['accion'], true); - $data[1] .= $row["accion"]; - $data[2] = ui_print_help_tip($row['fecha'], true) . ui_print_timestamp($row['utimestamp'], true); - switch ($config['dbtype']) { - case "mysql": - case "postgresql": - $data[3] = $row["ip_origen"]; - break; - case "oracle": - $data[3] = $row["ip_origen"]; - break; - } - $data[4] = io_safe_output($row["descripcion"]); - if ($enterprise_include !== ENTERPRISE_NOT_HOOK) { - switch ($config['dbtype']) { - case "mysql": - case "postgresql": - $data[5] = enterprise_hook('cell1EntepriseAudit', array($row['id_sesion'])); - break; - case "oracle": - $data[5] = enterprise_hook('cell1EntepriseAudit', array($row['id_sesion'])); - break; - } - } - if ($enterprise_include !== ENTERPRISE_NOT_HOOK) { - switch ($config['dbtype']) { - case "mysql": - case "postgresql": - $data[6] = enterprise_hook('cell2EntepriseAudit', array($row['id_sesion'])); - break; - case "oracle": - $data[6] = enterprise_hook('cell2EntepriseAudit', array($row['id_sesion'])); - break; - } - } - array_push ($table->data, $data); - + $data = array(); + $data[0] = $row["id_usuario"]; + $data[1] = ui_print_session_action_icon($row["accion"], true) . $row["accion"]; + $data[2] = ui_print_help_tip($row["fecha"], true) . ui_print_timestamp($row["utimestamp"], true); + $data[3] = $row["ip_origen"]; + $data[4] = $row["descripcion"]; if ($enterprise_include !== ENTERPRISE_NOT_HOOK) { - switch ($config['dbtype']) { - case "mysql": - case "postgresql": - rowEnterpriseAudit($table, $iterator, $row['id_sesion']); - break; - case "oracle": - rowEnterpriseAudit($table, $iterator, $row['id_sesion']); - break; - } + $data[5] = enterprise_hook("cell1EntepriseAudit", array($row["id_sesion"])); + $data[6] = enterprise_hook("cell2EntepriseAudit", array($row["id_sesion"])); + } + + $table->data[] = $data; + + if ($enterprise_include !== ENTERPRISE_NOT_HOOK) { + rowEnterpriseAudit($table, $iterator, $row["id_sesion"]); } } -html_print_table ($table); +html_print_table($table); echo '<div style="width: '.$table->width.'" class="action-buttons">'; -echo '<a href="' . - ui_get_full_url(false, false, false, false) . 'index.php?sec=gextensions&sec2=godmode/audit_log_csv&tipo_log='.$tipo_log.'&user_filter='.$user_filter.'&filter_text='.$filter_text.'&filter_hours_old='.$filter_hours_old.'&filter_ip='.$filter_ip.'"'. - '>' . - html_print_button (__('Export to CSV '), 'export_csv', false, '', 'class=sub upd', true, false). '</a>'; +$csv_url = ui_get_full_url(false, false, false, false) . 'index.php?sec=gextensions&sec2=godmode/audit_log_csv' . $filter_query; +echo '<a href="' . $csv_url . '">' + . html_print_button(__("Export to CSV"), "export_csv", false, "", "class=sub upd", true, false) + . '</a>'; echo '</div>'; if ($enterprise_include !== ENTERPRISE_NOT_HOOK) { enterprise_hook('enterpriseAuditFooter'); } + ?> diff --git a/pandora_console/godmode/audit_log_csv.php b/pandora_console/godmode/audit_log_csv.php index b5020bc9a4..13f7ca384f 100644 --- a/pandora_console/godmode/audit_log_csv.php +++ b/pandora_console/godmode/audit_log_csv.php @@ -12,22 +12,19 @@ $ownDir = dirname(__FILE__) . '/'; $ownDir = str_replace("\\", "/", $ownDir); -require_once ($ownDir.'../include/config.php'); +require_once($ownDir . "../include/config.php"); + +require_once($config["homedir"] . "/include/functions.php"); +require_once($config["homedir"] . "/include/functions_db.php"); +require_once($config["homedir"] . "/include/auth/mysql.php"); global $config; -require_once ($config["homedir"]."/include/functions.php"); -require_once ($config["homedir"]."/include/functions_db.php"); -require_once ($config["homedir"]."/include/auth/mysql.php"); -error_reporting(E_ALL); -ini_set("display_errors", 1); - -if (! isset ($_SESSION["id_usuario"])) { - session_start (); - session_write_close (); +if (! isset($_SESSION["id_usuario"])) { + session_start(); + session_write_close(); } - // Login check if (!isset($_SESSION["id_usuario"])) { $config['id_user'] = null; @@ -36,94 +33,56 @@ else { $config['id_user'] = $_SESSION["id_usuario"]; } -if (!check_login()) { - db_pandora_audit("ACL Violation", "Trying to access graph builder"); - include ($config["homedir"]."/general/noaccess.php"); - return; -} +check_login(); -if (! check_acl ($config['id_user'], 0, "PM")) { - db_pandora_audit( "ACL Violation", - "Trying to access event viewer"); - require ("general/noaccess.php"); +if (! check_acl($config['id_user'], 0, "PM")) { + db_pandora_audit("ACL Violation", "Trying to access audit CSV export"); + require("general/noaccess.php"); exit; } -$tipo_log = get_parameter ("tipo_log", 'all'); -$user_filter = get_parameter('user_filter', 'all'); -$filter_text = get_parameter('filter_text', ''); -$filter_hours_old = get_parameter('filter_hours_old', 24); -$filter_ip = get_parameter('filter_ip', ''); +$filter_type = (string) get_parameter("filter_type"); +$filter_user = (string) get_parameter("filter_user"); +$filter_text = (string) get_parameter("filter_text"); +$filter_period = get_parameter("filter_period", null); +$filter_period = ($filter_period !== null) ? (int) $filter_period : 24; +$filter_ip = (string) get_parameter("filter_ip"); -$filter = 'WHERE 1 = 1'; +$filter = "1=1"; -if ($tipo_log != 'all') { - $filter .= " AND accion = '$tipo_log'"; -} -switch ($config['dbtype']) { - case "mysql": - if ($user_filter != 'all') { - $filter .= sprintf(' AND id_usuario = "%s"', $user_filter); - } - - $filter .= ' AND (accion LIKE "%' . $filter_text . '%" OR descripcion LIKE "%' . $filter_text . '%")'; - - if ($filter_ip != '') { - $filter .= sprintf(' AND ip_origen LIKE "%s"', $filter_ip); - } - break; - case "postgresql": - case "oracle": - if ($user_filter != 'all') { - $filter .= sprintf(' AND id_usuario = \'%s\'', $user_filter); - } - - $filter .= ' AND (accion LIKE \'%' . $filter_text . '%\' OR descripcion LIKE \'%' . $filter_text . '%\')'; - - if ($filter_ip != '') { - $filter .= sprintf(' AND ip_origen LIKE \'%s\'', $filter_ip); - } - break; +if (!empty($filter_type)) { + $filter .= sprintf (" AND accion = '%s'", $filter_type); } -if ($filter_hours_old != 0) { +if (!empty($filter_user)) { + $filter .= sprintf(" AND id_usuario = '%s'", $filter_user); +} + +if (!empty($filter_text)) { + $filter .= " AND (accion LIKE '%'" . $filter_text . "'%' OR descripcion LIKE '%'" . $filter_text . "'%')"; +} + +if (!empty($filter_ip)) { + $filter .= sprintf(" AND ip_origen LIKE '%'", $filter_ip); +} + +if (!empty($filter_period)) { switch ($config["dbtype"]) { case "mysql": - $filter .= ' AND fecha >= DATE_ADD(NOW(), INTERVAL -' . $filter_hours_old . ' HOUR)'; + $filter .= ' AND fecha >= DATE_ADD(NOW(), INTERVAL -' . $filter_period . ' HOUR)'; break; case "postgresql": - $filter .= ' AND fecha >= NOW() - INTERVAL \'' . $filter_hours_old . ' HOUR \''; + $filter .= ' AND fecha >= NOW() - INTERVAL \'' . $filter_period . ' HOUR \''; break; case "oracle": - $filter .= ' AND fecha >= (SYSTIMESTAMP - INTERVAL \'' . $filter_hours_old . '\' HOUR)'; + $filter .= ' AND fecha >= (SYSTIMESTAMP - INTERVAL \'' . $filter_period . '\' HOUR)'; break; } } -switch ($config["dbtype"]) { - case "mysql": - $sql = sprintf ("SELECT * - FROM tsesion - %s - ORDER BY fecha DESC", $filter); - break; - case "postgresql": - $sql = sprintf ("SELECT * - FROM tsesion - %s - ORDER BY fecha DESC", $filter); - break; - case "oracle": - $sql = sprintf ("SELECT * - FROM tsesion - %s - ORDER BY fecha DESC", $filter); - $result = oracle_recode_query ($sql, $set); - break; -} +$sql = sprintf( "SELECT * FROM tsesion WHERE %s ORDER BY fecha DESC", $filter); +$result = db_get_all_rows_sql($sql); -$result = db_get_all_rows_sql ($sql); - -print_audit_csv ($result); +print_audit_csv($result); ?> diff --git a/pandora_console/include/functions_io.php b/pandora_console/include/functions_io.php index c3d7b7b2b4..058003215f 100755 --- a/pandora_console/include/functions_io.php +++ b/pandora_console/include/functions_io.php @@ -396,7 +396,7 @@ function __ ($string /*, variable arguments */) { return $tranlateString; } } - elseif (enterprise_installed && + elseif (enterprise_installed() && isset($config['translate_string_extension_installed']) && $config['translate_string_extension_installed'] == 1 && array_key_exists('translate_string.php', $extensions)) {