Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Newer
Older
100755 200 lines (178 sloc) 8.145 kB
25e8713 @chrisgraham first commit
authored
1 <?php /*
2
3 ocPortal
9014b71 @chrisgraham Updated copyright dates
authored
4 Copyright (c) ocProducts, 2004-2012
25e8713 @chrisgraham first commit
authored
5
6 See text/EN/licence.txt for full licencing information.
7
8
9 NOTE TO PROGRAMMERS:
10 Do not edit this file. If you need to make changes, save your changed file to the appropriate *_custom folder
11 **** If you ignore this advice, then your website upgrades (e.g. for bug fixes) will likely kill your changes ****
12
13 */
14
15 /**
16 * @license http://opensource.org/licenses/cpal_1.0 Common Public Attribution License
17 * @copyright ocProducts Ltd
18 * @package core
19 */
20
21 /**
22 * Standard code module initialisation function.
23 */
24 function init__lookup()
25 {
26 require_code('submit'); // For the wrap_probe_ip function
27 }
28
29 /**
30 * Get information about the specified member.
31 *
32 * @param mixed The member for whom we are getting the page
33 * @param ?string The member's name (by reference) (NULL: unknown)
34 * @param ?AUTO_LINK The member's ID (by reference) (NULL: unknown)
35 * @param ?string The member's IP (by reference) (NULL: unknown)
36 * @return array The member's stats rows
37 */
38 function lookup_member_page($member,&$name,&$id,&$ip)
39 {
40 if (is_numeric($member))
41 {
42 // From member ID
43 $name=$GLOBALS['FORUM_DRIVER']->get_username(intval($member));
44 if (is_null($name)) return array();
45 $id=intval($member);
46 $ip=$GLOBALS['FORUM_DRIVER']->get_member_ip($id);
47 if (is_null($ip)) $ip='127.0.0.1';
48 }
49 elseif ((strpos($member,'.')!==false) || (strpos($member,':')!==false))
50 {
51 // From IP
52 $ids=wrap_probe_ip($member);
53 $ip=$member;
54 if (is_null($ip)) $ip='127.0.0.1';
55 if (count($ids)==0) return array(); else $id=$ids[0]['id'];
56 if (count($ids)!=1)
57 {
58 $also=new ocp_tempcode();
59 foreach ($ids as $t=>$_id)
60 {
61 if ($t!=0)
62 {
63 if (!$also->is_empty()) $also->attach(do_lang('LIST_SEP'));
64 $also->attach($GLOBALS['FORUM_DRIVER']->member_profile_hyperlink($_id['id']));
65 }
66 }
67 attach_message(do_lang_tempcode('MEMBERS_ALSO_ON_IP',$also),'inform');
68 }
69 $name=$GLOBALS['FORUM_DRIVER']->get_username($id);
70 if (is_null($name)) $name=do_lang('UNKNOWN');
71 } else
72 {
73 // From name
74 $id=$GLOBALS['FORUM_DRIVER']->get_member_from_username($member);
75 $name=$member;
76 if (is_null($id)) return array();
77 $ip=$GLOBALS['FORUM_DRIVER']->get_member_ip($id);
78 if (is_null($ip)) $ip='127.0.0.1';
79 }
80
81 return $GLOBALS['SITE_DB']->query('SELECT ip,MAX(date_and_time) AS date_and_time FROM '.get_table_prefix().'stats WHERE the_user='.strval((integer)$id).' GROUP BY ip ORDER BY date_and_time DESC');
82 }
83
84 /**
85 * Get a results table showing info about the member's travels around the site.
86 *
87 * @param MEMBER The member we are getting travel stats for
88 * @param IP The IP address of the member
89 * @param integer The current position in the browser
90 * @param integer The maximum number of rows to show per browser page
91 * @param ?ID_TEXT The current sortable (NULL: none)
92 * @param ?ID_TEXT The order we are sorting in (NULL: none)
93 * @set ASC DESC
94 * @return tempcode The results table
95 */
96 function get_stats_track($member,$ip,$start=0,$max=50,$sortable='date_and_time',$sort_order='DESC')
97 {
98 $sortables=array('date_and_time'=>do_lang_tempcode('DATE'),'the_page'=>do_lang_tempcode('PAGE'));
99 if (((strtoupper($sort_order)!='ASC') && (strtoupper($sort_order)!='DESC')) || (!array_key_exists($sortable,$sortables)))
100 log_hack_attack_and_exit('ORDERBY_HACK');
ef439a8 duplicate content changes
Chris Graham authored
101 global $NON_CANONICAL_PARAMS;
102 $NON_CANONICAL_PARAMS[]='sort';
25e8713 @chrisgraham first commit
authored
103
104 $query='';
105 if (!is_guest($member))
106 $query.='the_user='.strval((integer)$member).' OR ';
24b2723 @chrisgraham Small IP lookup improvement (supports wildcards)
authored
107 if (strpos($ip,'*')===false)
108 {
109 $query.=db_string_equal_to('ip',$ip);
110 } else
111 {
112 $query.='ip LIKE \''.db_encode_like(str_replace('*','%',$ip)).'\'';
113 }
25e8713 @chrisgraham first commit
authored
114 $max_rows=$GLOBALS['SITE_DB']->query_value_null_ok_full('SELECT COUNT(*) FROM '.get_table_prefix().'stats WHERE '.$query);
31ab7ce better investigate user & misc fixes
Chris Graham authored
115 $rows=$GLOBALS['SITE_DB']->query('SELECT the_page,date_and_time,get,post,browser,operating_system FROM '.get_table_prefix().'stats WHERE '.$query.' ORDER BY '.$sortable.' '.$sort_order,$max,$start);
25e8713 @chrisgraham first commit
authored
116
117 $out=new ocp_tempcode();
118 require_code('templates_results_table');
31ab7ce better investigate user & misc fixes
Chris Graham authored
119 $fields_title=results_field_title(array(do_lang_tempcode('PAGE'),do_lang_tempcode('DATE'),do_lang_tempcode('PARAMETERS'),do_lang_tempcode('USER_AGENT'),do_lang_tempcode('USER_OS')),$sortables,'sort',$sortable.' '.$sort_order);
25e8713 @chrisgraham first commit
authored
120 foreach ($rows as $myrow)
121 {
122 $date=get_timezoned_date($myrow['date_and_time']);
123 $page=$myrow['the_page'];
124
125 $page_converted=preg_replace('#/pages/[^/]*/#','/',$page);
126 if ($page_converted[0]=='/') $page_converted=substr($page_converted,1);
127 if ((substr($page_converted,-4)=='.php') || (substr($page_converted,-4)=='.htm') || (substr($page_converted,-4)=='.txt'))
128 {
129 $page_converted=substr($page_converted,0,strlen($page_converted)-4);
130 }
31ab7ce better investigate user & misc fixes
Chris Graham authored
131 $page_converted=str_replace('/',': ',$page_converted);
25e8713 @chrisgraham first commit
authored
132
133 if (!is_null($myrow['get']))
134 {
135 $get=$myrow['get'];
136 if (strpos($page_converted,':')!==false)
137 $get=str_replace('<param>page='.substr($page_converted,strpos($page_converted,':')+1).'</param>'.chr(10),'',$get);
138 $data=escape_html($get).(($myrow['post']=='')?'':', ').escape_html($myrow['post']);
139 $data=str_replace('&lt;param&gt;','',str_replace('&lt;/param&gt;',', ',$data));
140 if (substr($data,-3)==', '.chr(10)) $data=substr($data,0,strlen($data)-3);
141 $parameters=symbol_truncator(array($data,35,'1','1'),'left');
142 } else $parameters='?';
143
31ab7ce better investigate user & misc fixes
Chris Graham authored
144 $out->attach(results_entry(array(escape_html($page_converted),escape_html($date),$parameters,escape_html($myrow['browser']),escape_html($myrow['operating_system'])),false));
25e8713 @chrisgraham first commit
authored
145 }
146 return results_table(do_lang_tempcode('_RESULTS'),$start,'start',$max,'max',$max_rows,$fields_title,$out,$sortables,$sortable,$sort_order,'sort');
147 }
148
149 /**
150 * Get a results table showing security alerts matching WHERE constraints.
151 *
152 * @param ?array WHERE constraints (NULL: none)
153 * @return tempcode The results table
154 */
155 function find_security_alerts($where)
156 {
157 // Alerts
158 $start=get_param_integer('alert_start',0);
159 $max=get_param_integer('alert_max',50);
160 $sortables=array('date_and_time'=>do_lang_tempcode('DATE_TIME'),'ip'=>do_lang_tempcode('IP_ADDRESS'));
161 $test=explode(' ',get_param('alert_sort','date_and_time DESC'));
162 if (count($test)==1) $test[1]='DESC';
163 list($sortable,$sort_order)=$test;
164 if (((strtoupper($sort_order)!='ASC') && (strtoupper($sort_order)!='DESC')) || (!array_key_exists($sortable,$sortables)))
165 log_hack_attack_and_exit('ORDERBY_HACK');
ef439a8 duplicate content changes
Chris Graham authored
166 global $NON_CANONICAL_PARAMS;
167 $NON_CANONICAL_PARAMS[]='alert_sort';
25e8713 @chrisgraham first commit
authored
168 $_fields=array(do_lang_tempcode('FROM'),do_lang_tempcode('DATE_TIME'),do_lang_tempcode('IP_ADDRESS'),do_lang_tempcode('REASON'));
169 if (has_js()) $_fields[]=new ocp_tempcode();
170 $fields_title=results_field_title($_fields,$sortables,'alert_sort',$sortable.' '.$sort_order);
171 $max_rows=$GLOBALS['SITE_DB']->query_value('hackattack','COUNT(*)',$where);
172 $rows=$GLOBALS['SITE_DB']->query_select('hackattack',array('*'),$where,'ORDER BY '.$sortable.' '.$sort_order,$max,$start);
173 $fields=new ocp_tempcode();
174 foreach ($rows as $row)
175 {
176 $time=get_timezoned_date($row['date_and_time']);
177 $lookup_url=build_url(array('page'=>'admin_lookup','param'=>$row['ip']),'_SELF');
178 $member_url=build_url(array('page'=>'admin_lookup','param'=>$row['the_user']),'_SELF');
179 $full_url=build_url(array('page'=>'admin_security','type'=>'view','id'=>$row['id']),'_SELF');
180 $reason=do_lang($row['reason'],$row['reason_param_a'],$row['reason_param_b'],NULL,NULL,false);
181 if (is_null($reason)) $reason=$row['reason'];
182 $reason=symbol_truncator(array($reason,'50','1'),'left');
183
184 $username=$GLOBALS['FORUM_DRIVER']->get_username($row['the_user']);
185 if (is_null($username)) $username=do_lang('UNKNOWN');
186
187 $_row=array(hyperlink($member_url,$username),hyperlink($full_url,$time),hyperlink($lookup_url,$row['ip']),$reason);
188 if (has_js())
189 {
190 $deletion_tick=do_template('RESULTS_TABLE_TICK',array('ID'=>strval($row['id'])));
191 $_row[]=$deletion_tick;
192 }
193
194 $fields->attach(results_entry($_row));
195 }
196 return results_table(do_lang_tempcode('SECURITY_ALERTS'),$start,'alert_start',$max,'alert_max',$max_rows,$fields_title,$fields,$sortables,$sortable,$sort_order,'alert_sort');
197 }
198
199
Something went wrong with that request. Please try again.