piler/webui/model/audit/audit.php

<?php

class ModelAuditAudit extends Model {

   public function search_audit($data = array()) {
      $where = '';
      $arr = $results = array();
      $from = 0;
      $sort = "ts";
      $order = "DESC";
      $sortorder = "ORDER BY ts DESC";
      $date1 = $date2 = 0;
      $q = '';

      $session = Registry::get('session');

      if($data['sort'] == "user") { $sort = "email"; }
      if($data['sort'] == "ipaddr") { $sort = "ipaddr"; }
      if($data['sort'] == "ref") { $sort = "meta_id"; }
      if($data['sort'] == "action") { $sort = "action"; }
      if($data['sort'] == "description") { $sort = "description"; }

      if($data['order'] == 1) { $order = "ASC"; }

      $sortorder = "ORDER BY `$sort` $order";

      if(isset($data['action']) && $data['action'] && $data['action'] != ACTION_ALL) {
         $where .= " AND ( " . $this->append_search_criteria("action", $data['action'], $arr) . " )";
      }

      if(isset($data['ipaddr']) && $data['ipaddr']) {
         $where .= " AND ( " . $this->append_search_criteria("ipaddr", $data['ipaddr'], $arr) . " )";
      }

      if(isset($data['user']) && $data['user']) {
         $where .= " AND ( " . $this->append_search_criteria("email", $data['user'], $arr) . " )";
      }

      if(isset($data['ref']) && $data['ref']) {
         $where .= " AND ( " . $this->append_search_criteria("meta_id", $data['ref'], $arr) . " )";
      }

      if(Registry::get('admin_user') == 0 && RESTRICTED_AUDITOR == 1) {
         $auditdomains = $session->get("auditdomains");

         foreach($auditdomains as $k => $v) {
            if($q) { $q .= ","; }
            $q .= "?";
            array_push($arr, $v);
         }

         $where .= " AND domain IN ($q) ";

         reset($session->get("auditdomains"));
      }


      if(isset($data['date1'])) { $date1 = $data['date1']; }
      if(isset($data['date2'])) { $date2 = $data['date2']; }

      $date = fixup_date_condition('ts', $date1, $date2);


      if($date) { $where .= " AND $date "; }

      if($where) {
         $where = " WHERE " . substr($where, 5, strlen($where));
      }

      $from = $data['page_len'] * $data['page'];


      if($where) {
         $query = $this->db->query("SELECT COUNT(*) AS count FROM " . TABLE_AUDIT . " $where", $arr);
         $n = $query->row['count'];

         if(LOG_LEVEL >= NORMAL) { syslog(LOG_INFO, sprintf("audit query: '%s' in %.2f s, %d hits", $query->query, $query->exec_time, $query->row['count'])); }
      }
      else { $n = MAX_AUDIT_HITS; }


      if($n > 0) {
         if($n > MAX_AUDIT_HITS) { $n = MAX_AUDIT_HITS; }

         
         $query = $this->db->query("SELECT * FROM " . TABLE_AUDIT . " $where $sortorder LIMIT $from," . $data['page_len'], $arr);

         $this->session->set("audit_query", array('where' => $where, 'sortorder' => $sortorder, 'arr' => $arr));

         if(LOG_LEVEL >= NORMAL) { syslog(LOG_INFO, sprintf("audit query: '%s', param: '%s' in %.2f s, %d hits", $query->query, implode(' ', $arr), $query->exec_time, $query->num_rows)); }

         if(isset($query->rows)) {

            foreach($query->rows as $a) {

               $a['description'] = preg_replace("/\"/", "'", $a['description']);

               $results[] = array(
                                    'id' => $a['meta_id'],
                                    'piler_id' => isset($m[$a['meta_id']]) ? $m[$a['meta_id']] : '',
                                    'action' => $a['action'],
                                    'email' => $a['email'],
                                    'date' => date(DATE_TEMPLATE . " H:i", $a['ts']),
                                    'ipaddr' => DEMO_MODE == 1 ? anonimize_ip_addr($a['ipaddr']) : $a['ipaddr'],
                                    'description' => $a['description'],
                                    'shortdescription' => make_short_string($a['description'], MAX_CGI_FROM_SUBJ_LEN)
                                  );

            }
         }
      }

      return array($n, $results);
   }


   public function print_audit_to_csv() {
      $actions = array_flip(Registry::get('actions'));

      $a = $this->session->get("audit_query");

      if(isset($a['where']) && isset($a['sortorder']) && isset($a['arr'])) {
         print "Date" . DELIMITER . "ID" . DELIMITER . "User" . DELIMITER . "IP-address" . DELIMITER . "Action" . DELIMITER . "Piler ID" . DELIMITER . "Description\n";

         $query = $this->db->query("SELECT * FROM " . TABLE_AUDIT . " " . $a['where'] . " " . $a['sortorder'], $a['arr']);
         foreach($query->rows as $q) {
            if(DEMO_MODE == 1) { $q['ipaddr'] = anonimize_ip_addr($q['ipaddr']); }

            print date(DATE_TEMPLATE . " H:i:s", $q['ts']) . DELIMITER . $q['id'] . DELIMITER . $q['email'] . DELIMITER . $q['ipaddr'] . DELIMITER . $actions[$q['action']] . DELIMITER . $q['meta_id'] . DELIMITER . $q['description'] . "\n";
         }
      }
   }


   private function append_search_criteria($var = '', $s = '', &$arr = array()) {
      $str = "";

      $a = explode("\t", $s);

      for($i=0; $i<count($a); $i++) {
         if($a[$i]) {
            $p = strchr($a[$i], '*');
            if($p) {
               $str .= "OR $var LIKE ? ";
               array_push($arr, preg_replace("/\*.{0,}/", "%", $a[$i]));
            }
            else {
               $str .= "OR $var = ? ";
               array_push($arr, $a[$i]);
            }
         }
      }

      return substr($str, 2, strlen($str));
   }


   public function can_download() {

      if(MAX_DOWNLOAD_PER_HOUR <= 0 || Registry::get('auditor_user') == 1) { return 1; }

      $session = Registry::get('session');

      $email = $session->get("email");

      $query = $this->db->query("SELECT COUNT(*) AS num FROM " . TABLE_AUDIT . " WHERE email=? AND ts > ? AND action=?", array($email, NOW-3600, ACTION_DOWNLOAD_MESSAGE));

      if($query->row['num'] <= MAX_DOWNLOAD_PER_HOUR) { return 1; }

      return 0;
   }


   public function can_restore() {

      if(MAX_RESTORE_PER_HOUR <= 0 || Registry::get('auditor_user') == 1) { return 1; }

      $session = Registry::get('session');

      $email = $session->get("email");

      $query = $this->db->query("SELECT COUNT(*) AS num FROM " . TABLE_AUDIT . " WHERE email=? AND ts > ? AND action=?", array($email, NOW-3600, ACTION_RESTORE_MESSAGE));

      if($query->row['num'] <= MAX_RESTORE_PER_HOUR) { return 1; }

      return 0;
   }

}

?>
added the webui to the tarball 2012-02-08 23:14:28 +01:00			`<?php`

			`class ModelAuditAudit extends Model {`

			`public function search_audit($data = array()) {`
			`$where = '';`
			`$arr = $results = array();`
			`$from = 0;`
			`$sort = "ts";`
			`$order = "DESC";`
			`$sortorder = "ORDER BY ts DESC";`
fixed some php notice messages 2012-06-21 10:53:42 +02:00			`$date1 = $date2 = 0;`
added the webui to the tarball 2012-02-08 23:14:28 +01:00			`$q = '';`

rewrote php session variables 2013-11-18 19:24:33 +01:00			`$session = Registry::get('session');`
added the webui to the tarball 2012-02-08 23:14:28 +01:00
			`if($data['sort'] == "user") { $sort = "email"; }`
			`if($data['sort'] == "ipaddr") { $sort = "ipaddr"; }`
			`if($data['sort'] == "ref") { $sort = "meta_id"; }`
			`if($data['sort'] == "action") { $sort = "action"; }`
			`if($data['sort'] == "description") { $sort = "description"; }`

			`if($data['order'] == 1) { $order = "ASC"; }`

			$sortorder = "ORDER BY `$sort` $order";

Fixed a php8 bug in audit model Signed-off-by: Janos SUTO <sj@acts.hu> 2022-08-28 08:17:10 +02:00			`if(isset($data['action']) && $data['action'] && $data['action'] != ACTION_ALL) {`
added audit wildcard search 2013-08-02 20:59:56 +02:00			`$where .= " AND ( " . $this->append_search_criteria("action", $data['action'], $arr) . " )";`
added the webui to the tarball 2012-02-08 23:14:28 +01:00			`}`

heavy code cleanup in the webui 2013-02-11 20:24:19 +01:00			`if(isset($data['ipaddr']) && $data['ipaddr']) {`
added audit wildcard search 2013-08-02 20:59:56 +02:00			`$where .= " AND ( " . $this->append_search_criteria("ipaddr", $data['ipaddr'], $arr) . " )";`
added the webui to the tarball 2012-02-08 23:14:28 +01:00			`}`

heavy code cleanup in the webui 2013-02-11 20:24:19 +01:00			`if(isset($data['user']) && $data['user']) {`
added audit wildcard search 2013-08-02 20:59:56 +02:00			`$where .= " AND ( " . $this->append_search_criteria("email", $data['user'], $arr) . " )";`
added the webui to the tarball 2012-02-08 23:14:28 +01:00			`}`

heavy code cleanup in the webui 2013-02-11 20:24:19 +01:00			`if(isset($data['ref']) && $data['ref']) {`
added audit wildcard search 2013-08-02 20:59:56 +02:00			`$where .= " AND ( " . $this->append_search_criteria("meta_id", $data['ref'], $arr) . " )";`
added the webui to the tarball 2012-02-08 23:14:28 +01:00			`}`

theme fixes 2013-08-06 06:36:56 +02:00			`if(Registry::get('admin_user') == 0 && RESTRICTED_AUDITOR == 1) {`
rewrote php session variables 2013-11-18 19:24:33 +01:00			`$auditdomains = $session->get("auditdomains");`

Replaced most each() calls with foreach() in preparation to support php 8 Signed-off-by: Janos SUTO <sj@acts.hu> 2022-01-19 15:40:42 +01:00			`foreach($auditdomains as $k => $v) {`
auditors can view audit records 2013-07-12 15:02:50 +02:00			`if($q) { $q .= ","; }`
			`$q .= "?";`
			`array_push($arr, $v);`
			`}`

			`$where .= " AND domain IN ($q) ";`

rewrote php session variables 2013-11-18 19:24:33 +01:00			`reset($session->get("auditdomains"));`
auditors can view audit records 2013-07-12 15:02:50 +02:00			`}`


fixed some php notice messages 2012-06-21 10:53:42 +02:00			`if(isset($data['date1'])) { $date1 = $data['date1']; }`
			`if(isset($data['date2'])) { $date2 = $data['date2']; }`
added the webui to the tarball 2012-02-08 23:14:28 +01:00
fixed some php notice messages 2012-06-21 10:53:42 +02:00			`$date = fixup_date_condition('ts', $date1, $date2);`
added the webui to the tarball 2012-02-08 23:14:28 +01:00

			`if($date) { $where .= " AND $date "; }`

			`if($where) {`
			`$where = " WHERE " . substr($where, 5, strlen($where));`
			`}`

			`$from = $data['page_len'] * $data['page'];`

added audit wildcard search 2013-08-02 20:59:56 +02:00
heavy code cleanup in the webui 2013-02-11 20:24:19 +01:00			`if($where) {`
			`$query = $this->db->query("SELECT COUNT(*) AS count FROM " . TABLE_AUDIT . " $where", $arr);`
			`$n = $query->row['count'];`
added the webui to the tarball 2012-02-08 23:14:28 +01:00
improved logging for the gui Change-Id: I31d0dbb70b8d8184ce1f48d0161ddaf9e6c8d9ca Signed-off-by: SJ <sj@acts.hu> 2016-09-21 21:59:57 +02:00			`if(LOG_LEVEL >= NORMAL) { syslog(LOG_INFO, sprintf("audit query: '%s' in %.2f s, %d hits", $query->query, $query->exec_time, $query->row['count'])); }`
heavy code cleanup in the webui 2013-02-11 20:24:19 +01:00			`}`
			`else { $n = MAX_AUDIT_HITS; }`
added the webui to the tarball 2012-02-08 23:14:28 +01:00

			`if($n > 0) {`
			`if($n > MAX_AUDIT_HITS) { $n = MAX_AUDIT_HITS; }`

download audit log in csv 2013-08-02 16:33:14 +02:00
added the webui to the tarball 2012-02-08 23:14:28 +01:00			`$query = $this->db->query("SELECT * FROM " . TABLE_AUDIT . " $where $sortorder LIMIT $from," . $data['page_len'], $arr);`

download audit log in csv 2013-08-02 16:33:14 +02:00			`$this->session->set("audit_query", array('where' => $where, 'sortorder' => $sortorder, 'arr' => $arr));`

improved logging for the gui Change-Id: I31d0dbb70b8d8184ce1f48d0161ddaf9e6c8d9ca Signed-off-by: SJ <sj@acts.hu> 2016-09-21 21:59:57 +02:00			`if(LOG_LEVEL >= NORMAL) { syslog(LOG_INFO, sprintf("audit query: '%s', param: '%s' in %.2f s, %d hits", $query->query, implode(' ', $arr), $query->exec_time, $query->num_rows)); }`
added the webui to the tarball 2012-02-08 23:14:28 +01:00
heavy code cleanup in the webui 2013-02-11 20:24:19 +01:00			`if(isset($query->rows)) {`
added the webui to the tarball 2012-02-08 23:14:28 +01:00
			`foreach($query->rows as $a) {`
gui refactoring to enable more complex search queries 2013-10-05 11:34:06 +02:00
			`$a['description'] = preg_replace("/\"/", "'", $a['description']);`

added the webui to the tarball 2012-02-08 23:14:28 +01:00			`$results[] = array(`
			`'id' => $a['meta_id'],`
			`'piler_id' => isset($m[$a['meta_id']]) ? $m[$a['meta_id']] : '',`
			`'action' => $a['action'],`
			`'email' => $a['email'],`
added dd/mm/yyyy as an acceptable date format 2013-07-28 20:56:59 +02:00			`'date' => date(DATE_TEMPLATE . " H:i", $a['ts']),`
anonimize shown ip address in demo mode 2013-07-25 13:27:56 +02:00			`'ipaddr' => DEMO_MODE == 1 ? anonimize_ip_addr($a['ipaddr']) : $a['ipaddr'],`
added the webui to the tarball 2012-02-08 23:14:28 +01:00			`'description' => $a['description'],`
			`'shortdescription' => make_short_string($a['description'], MAX_CGI_FROM_SUBJ_LEN)`
			`);`

			`}`
			`}`
			`}`

			`return array($n, $results);`
			`}`


download audit log in csv 2013-08-02 16:33:14 +02:00			`public function print_audit_to_csv() {`
			`$actions = array_flip(Registry::get('actions'));`

			`$a = $this->session->get("audit_query");`

			`if(isset($a['where']) && isset($a['sortorder']) && isset($a['arr'])) {`
			`print "Date" . DELIMITER . "ID" . DELIMITER . "User" . DELIMITER . "IP-address" . DELIMITER . "Action" . DELIMITER . "Piler ID" . DELIMITER . "Description\n";`

			`$query = $this->db->query("SELECT * FROM " . TABLE_AUDIT . " " . $a['where'] . " " . $a['sortorder'], $a['arr']);`
			`foreach($query->rows as $q) {`
			`if(DEMO_MODE == 1) { $q['ipaddr'] = anonimize_ip_addr($q['ipaddr']); }`

csv export fix 2013-08-02 22:47:18 +02:00			`print date(DATE_TEMPLATE . " H:i:s", $q['ts']) . DELIMITER . $q['id'] . DELIMITER . $q['email'] . DELIMITER . $q['ipaddr'] . DELIMITER . $actions[$q['action']] . DELIMITER . $q['meta_id'] . DELIMITER . $q['description'] . "\n";`
download audit log in csv 2013-08-02 16:33:14 +02:00			`}`
			`}`
			`}`


added audit wildcard search 2013-08-02 20:59:56 +02:00			`private function append_search_criteria($var = '', $s = '', &$arr = array()) {`
			`$str = "";`
added the webui to the tarball 2012-02-08 23:14:28 +01:00
added audit wildcard search 2013-08-02 20:59:56 +02:00			`$a = explode("\t", $s);`
added the webui to the tarball 2012-02-08 23:14:28 +01:00
			`for($i=0; $i<count($a); $i++) {`
			`if($a[$i]) {`
added audit wildcard search 2013-08-02 20:59:56 +02:00			`$p = strchr($a[$i], '*');`
			`if($p) {`
			`$str .= "OR $var LIKE ? ";`
			`array_push($arr, preg_replace("/\*.{0,}/", "%", $a[$i]));`
			`}`
			`else {`
			`$str .= "OR $var = ? ";`
			`array_push($arr, $a[$i]);`
			`}`
added the webui to the tarball 2012-02-08 23:14:28 +01:00			`}`
			`}`

added audit wildcard search 2013-08-02 20:59:56 +02:00			`return substr($str, 2, strlen($str));`
added the webui to the tarball 2012-02-08 23:14:28 +01:00			`}`


added an option to limit message downloads 2015-07-28 21:56:50 +02:00			`public function can_download() {`

			`if(MAX_DOWNLOAD_PER_HOUR <= 0 \|\| Registry::get('auditor_user') == 1) { return 1; }`

			`$session = Registry::get('session');`

			`$email = $session->get("email");`

			`$query = $this->db->query("SELECT COUNT(*) AS num FROM " . TABLE_AUDIT . " WHERE email=? AND ts > ? AND action=?", array($email, NOW-3600, ACTION_DOWNLOAD_MESSAGE));`

			`if($query->row['num'] <= MAX_DOWNLOAD_PER_HOUR) { return 1; }`

			`return 0;`
			`}`


added an option to limit message restores 2015-07-28 22:10:50 +02:00			`public function can_restore() {`

			`if(MAX_RESTORE_PER_HOUR <= 0 \|\| Registry::get('auditor_user') == 1) { return 1; }`

			`$session = Registry::get('session');`

			`$email = $session->get("email");`

			`$query = $this->db->query("SELECT COUNT(*) AS num FROM " . TABLE_AUDIT . " WHERE email=? AND ts > ? AND action=?", array($email, NOW-3600, ACTION_RESTORE_MESSAGE));`

			`if($query->row['num'] <= MAX_RESTORE_PER_HOUR) { return 1; }`

			`return 0;`
			`}`

added the webui to the tarball 2012-02-08 23:14:28 +01:00			`}`

			`?>`