Skip to content
Permalink
Browse files

added listing archiving-and-restore function (vandalism protection), …

…and ...

- added log-picture removal on log deletion (bugfix)
- block deletion of user accounts if archived logs or cache reports exist
- show number of archived logs and cache reports in adminuser interface
- improved cache description deletion confirmation message
  • Loading branch information...
following
following committed Mar 5, 2013
1 parent 085c139 commit 5fe55ee0c2f44dc0490f52edb5ff549b30c78a4c
@@ -30,6 +30,7 @@
if ($record['admin'] & ADMIN_MAINTAINANCE) $rights[] = "dbmaint";
if ($record['admin'] & ADMIN_USER) $rights[] = "user/caches";
if ($record['admin'] & ADMIN_NEWS) $rights[] = "newsapprove";
if ($record['admin'] & ADMIN_RESTORE) $rights[] = "vand.restore";
if ($record['admin'] & 128) $rights[] = "root";
$admin['rights'] = implode(", ", $rights);
$admins[] = $admin;
@@ -128,6 +128,8 @@ function searchUser()
$r['hidden'] = sql_value("SELECT COUNT(*) FROM `caches` WHERE `user_id`='&1'", 0, $r['user_id']);
$r['hidden_active'] = sql_value("SELECT COUNT(*) FROM `caches` WHERE `user_id`='&1' AND `status`=1", 0, $r['user_id']);
$r['logentries'] = sql_value("SELECT COUNT(*) FROM `cache_logs` WHERE `user_id`='&1'", 0, $r['user_id']);
$r['deleted_logentries'] = sql_value("SELECT COUNT(*) FROM `cache_logs_archived` WHERE `user_id`='&1'", 0, $r['user_id']);
$r['reports'] = sql_value("SELECT COUNT(*) FROM `cache_reports` WHERE `userid`='&1'", 0, $r['user_id']);
$r['last_known_login'] = sql_value("SELECT MAX(`last_login`) FROM `sys_sessions` WHERE `user_id`='&1'", 0, $r['user_id']);
@@ -76,6 +76,7 @@
*
*/
$opt['page']['absolute_url'] = $dev_baseurl;
$opt['page']['develsystem'] = true;
$opt['mail']['from'] = 'root';
$opt['mail']['subject'] = '[local.opencaching.de] ';
@@ -179,6 +179,7 @@
$opt['page']['showdonations'] = false; // Show donations button
$opt['page']['absolute_url'] = 'http://devel.opencaching.de/'; // may be overwritten by $opt['domain'][...]['uri']
$opt['page']['develsystem'] = false;
/* maximum number of failed logins per hour before that IP address is blocked
* (used to prevent brute-force-attacks)

Large diffs are not rendered by default.

Oops, something went wrong.
@@ -0,0 +1,4 @@
<FilesMatch ".*">
Order Deny,Allow
Deny from All
</FilesMatch>
@@ -20,6 +20,6 @@
****************************************************************************/
?>
<h1>{t}delete this cache-description{/t}</h1>
<p>{t}Do you really want to delete the description of your cache &quot;{cachename}&quot;{/t}</p>
<h1>{t}delete this cache-description{/t} ({desclang_name})</h1>
<p>{t}Do you really want to delete this description of your cache &quot;{cachename}&quot;{/t}</p>
<p><a href="removedesc.php?cacheid={cacheid_urlencode}&desclang={desclang_urlencode}&commit=1">{t}Yes, delete cache description{/t}</a></p>
@@ -441,16 +441,19 @@ function sql_escape($value)
function sql_error()
{
global $debug_page;
global $sql_errormail;
global $emailheaders;
global $absolute_server_URI;
global $interface_output;
global $dberrormsg;
$msql_error = mysql_errno() . ": " . mysql_error();
if ($sql_errormail != '')
{
// sendout email
$email_content = mysql_errno() . ": " . mysql_error();
$email_content = $msql_error;
$email_content .= "\n--------------------\n";
$email_content .= print_r(debug_backtrace(), true);
mb_send_mail($sql_errormail, 'sql_error: ' . $absolute_server_URI, $email_content, $emailheaders);
@@ -459,13 +462,14 @@ function sql_error()
if ($interface_output == 'html')
{
// display errorpage
tpl_errorMsg('sql_error', $dberrormsg);
tpl_errorMsg('sql_error', $dberrormsg . ($debug_page ? "<br />" . $msql_error : ""));
exit;
}
else if ($interface_output == 'plain')
{
echo "\n";
echo 'sql_error' . "\n";
if ($debug_page) echo $msql_error . "\n";
echo '---------' . "\n";
echo print_r(debug_backtrace(), true) . "\n";
exit;
@@ -201,7 +201,7 @@ function sql_internal($dblink, $sql)
else if ((substr($sql, $sqlpos - $arglength - 1, 1) == '`') && (substr($sql, $sqlpos + 1, 1) == '`'))
$filtered_sql .= sql_escape_backtick($args[$arg]);
else
sql_error();
sql_error($sql);
}
}
else
@@ -258,7 +258,7 @@ function sql_internal($dblink, $sql)
$filtered_sql .= '`';
}
else
sql_error();
sql_error($sql);
$sqlpos = $nextarg + $arglength + 1;
}
@@ -302,7 +302,7 @@ function sql_internal($dblink, $sql)
$result = $sqldebugger->execute($filtered_sql, $dblink, ($dblink===$db['dblink_slave']), $db['slave_server']);
if ($result === false)
{
sql_error();
sql_error($filtered_sql);
}
}
else
@@ -318,7 +318,7 @@ function sql_internal($dblink, $sql)
$result = @mysql_query($filtered_sql, $dblink);
if ($result === false)
{
sql_error();
sql_error($filtered_sql);
}
if ($opt['db']['warn']['time'] > 0)
@@ -876,7 +876,7 @@ function sql_disconnect_slave()
$db['dblink_slave'] = false;
}
function sql_error()
function sql_error($sqlstatement="")
{
global $tpl, $opt, $db;
global $bSmartyNoTranslate;
@@ -888,6 +888,8 @@ function sql_error()
$errno = mysql_errno();
$error = mysql_error();
if ($sqlstatement != "")
$error .= "\n\nSQL statement: " . $sqlstatement;
if ($db['connected'] == false)
$bSmartyNoTranslate = true;
@@ -902,7 +904,7 @@ function sql_error()
$mail->name = 'sql_error';
$mail->assign('errno', $errno);
$mail->assign('error', $error);
$mail->assign('error', str_replace("\n","\r\n",$error));
$mail->assign('trace', print_r(debug_backtrace(), true));
$mail->send();
@@ -914,14 +916,14 @@ function sql_error()
if (isset($tpl))
{
if ($opt['db']['error']['display'] == true)
$tpl->error('MySQL error' . ' (' . $errno . '): ' . $error);
$tpl->error('MySQL error (' . $errno . '): ' . $error);
else
$tpl->error('A database command could not be performed.');
}
else
{
if ($opt['db']['error']['display'] == true)
die('<html><body>' . htmlspecialchars('MySQL error (' .$errno . '): ' . $error) . '</body></html>');
die('<html><body>' . htmlspecialchars('MySQL error (' .$errno . '): ' . str_replace("\n,","<br />", $error)) . '</body></html>');
else
die('<html><body>A database command could not be performed</body></html>');
}
@@ -146,7 +146,6 @@ function setTextHtmlEdit($value)
{
return $this->reCacheLog->setValue('text_htmledit', $value);
}
function getUUID()
{
return $this->reCacheLog->getValue('uuid');
@@ -168,6 +167,15 @@ function setNode($value)
return $this->reCacheLog->setValue('node', $value);
}
function getOwnerNotified()
{
return $this->reCacheLog->getValue('owner_notified') != 0;
}
function setOwnerNotified($value)
{
return $this->reCacheLog->setValue('owner_notified', $value ? 1 : 0);
}
function getAnyChanged()
{
return $this->reCacheLog->getAnyChanged();
@@ -177,7 +185,18 @@ function getAnyChanged()
function save()
{
sql_slave_exclude();
return $this->reCacheLog->save();
$saved = $this->reCacheLog->save();
if ($saved && $this->nLogId == ID_NEW)
$this->nLogId = $this->reCacheLog->getValue('id');
return $saved;
}
function updatePictureStat()
{
sql("UPDATE `cache_logs` SET `picture` =
(SELECT COUNT(*) FROM `pictures` WHERE `object_type`=1 AND `object_id`='&1')
WHERE `id`= '&1'",
$this->getLogId());
}
function allowView()
@@ -33,6 +33,7 @@
define('ADMIN_MAINTAINANCE', 2); // check table etc.
define('ADMIN_USER', 4); // drop users, caches etc.
define('ADMIN_NEWS', 8); // approve news entries
define('ADMIN_RESTORE', 16); // restore vandalized listings
define('ADMIN_ROOT', 128 | 127); // root + all previous rights
define('ATTRIB_SELECTED', 1);
Oops, something went wrong.

0 comments on commit 5fe55ee

Please sign in to comment.
You can’t perform that action at this time.