2012-02-08 23:14:28 +01:00
< ? php
class ModelAuditAudit extends Model {
public function search_audit ( $data = array ()) {
$where = '' ;
$arr = $results = array ();
$from = 0 ;
$sort = " ts " ;
$order = " DESC " ;
$sortorder = " ORDER BY ts DESC " ;
2012-06-21 10:53:42 +02:00
$date1 = $date2 = 0 ;
2012-02-08 23:14:28 +01:00
$q = '' ;
2013-11-18 19:24:33 +01:00
$session = Registry :: get ( 'session' );
2012-02-08 23:14:28 +01:00
if ( $data [ 'sort' ] == " user " ) { $sort = " email " ; }
if ( $data [ 'sort' ] == " ipaddr " ) { $sort = " ipaddr " ; }
if ( $data [ 'sort' ] == " ref " ) { $sort = " meta_id " ; }
if ( $data [ 'sort' ] == " action " ) { $sort = " action " ; }
if ( $data [ 'sort' ] == " description " ) { $sort = " description " ; }
if ( $data [ 'order' ] == 1 ) { $order = " ASC " ; }
$sortorder = " ORDER BY ` $sort ` $order " ;
if ( isset ( $data [ 'action' ]) && $data [ 'action' ] != ACTION_ALL ) {
2013-08-02 20:59:56 +02:00
$where .= " AND ( " . $this -> append_search_criteria ( " action " , $data [ 'action' ], $arr ) . " ) " ;
2012-02-08 23:14:28 +01:00
}
2013-02-11 20:24:19 +01:00
if ( isset ( $data [ 'ipaddr' ]) && $data [ 'ipaddr' ]) {
2013-08-02 20:59:56 +02:00
$where .= " AND ( " . $this -> append_search_criteria ( " ipaddr " , $data [ 'ipaddr' ], $arr ) . " ) " ;
2012-02-08 23:14:28 +01:00
}
2013-02-11 20:24:19 +01:00
if ( isset ( $data [ 'user' ]) && $data [ 'user' ]) {
2013-08-02 20:59:56 +02:00
$where .= " AND ( " . $this -> append_search_criteria ( " email " , $data [ 'user' ], $arr ) . " ) " ;
2012-02-08 23:14:28 +01:00
}
2013-02-11 20:24:19 +01:00
if ( isset ( $data [ 'ref' ]) && $data [ 'ref' ]) {
2013-08-02 20:59:56 +02:00
$where .= " AND ( " . $this -> append_search_criteria ( " meta_id " , $data [ 'ref' ], $arr ) . " ) " ;
2012-02-08 23:14:28 +01:00
}
2013-08-06 06:36:56 +02:00
if ( Registry :: get ( 'admin_user' ) == 0 && RESTRICTED_AUDITOR == 1 ) {
2013-11-18 19:24:33 +01:00
$auditdomains = $session -> get ( " auditdomains " );
while ( list ( $k , $v ) = each ( $auditdomains )) {
2013-07-12 15:02:50 +02:00
if ( $q ) { $q .= " , " ; }
$q .= " ? " ;
array_push ( $arr , $v );
}
$where .= " AND domain IN ( $q ) " ;
2013-11-18 19:24:33 +01:00
reset ( $session -> get ( " auditdomains " ));
2013-07-12 15:02:50 +02:00
}
2012-06-21 10:53:42 +02:00
if ( isset ( $data [ 'date1' ])) { $date1 = $data [ 'date1' ]; }
if ( isset ( $data [ 'date2' ])) { $date2 = $data [ 'date2' ]; }
2012-02-08 23:14:28 +01:00
2012-06-21 10:53:42 +02:00
$date = fixup_date_condition ( 'ts' , $date1 , $date2 );
2012-02-08 23:14:28 +01:00
if ( $date ) { $where .= " AND $date " ; }
if ( $where ) {
$where = " WHERE " . substr ( $where , 5 , strlen ( $where ));
}
$from = $data [ 'page_len' ] * $data [ 'page' ];
2013-08-02 20:59:56 +02:00
2013-02-11 20:24:19 +01:00
if ( $where ) {
$query = $this -> db -> query ( " SELECT COUNT(*) AS count FROM " . TABLE_AUDIT . " $where " , $arr );
$n = $query -> row [ 'count' ];
2012-02-08 23:14:28 +01:00
2016-09-21 21:59:57 +02:00
if ( LOG_LEVEL >= NORMAL ) { syslog ( LOG_INFO , sprintf ( " audit query: '%s' in %.2f s, %d hits " , $query -> query , $query -> exec_time , $query -> row [ 'count' ])); }
2013-02-11 20:24:19 +01:00
}
else { $n = MAX_AUDIT_HITS ; }
2012-02-08 23:14:28 +01:00
if ( $n > 0 ) {
if ( $n > MAX_AUDIT_HITS ) { $n = MAX_AUDIT_HITS ; }
2013-08-02 16:33:14 +02:00
2012-02-08 23:14:28 +01:00
$query = $this -> db -> query ( " SELECT * FROM " . TABLE_AUDIT . " $where $sortorder LIMIT $from , " . $data [ 'page_len' ], $arr );
2013-08-02 16:33:14 +02:00
$this -> session -> set ( " audit_query " , array ( 'where' => $where , 'sortorder' => $sortorder , 'arr' => $arr ));
2016-09-21 21:59:57 +02:00
if ( LOG_LEVEL >= NORMAL ) { syslog ( LOG_INFO , sprintf ( " audit query: '%s', param: '%s' in %.2f s, %d hits " , $query -> query , implode ( ' ' , $arr ), $query -> exec_time , $query -> num_rows )); }
2012-02-08 23:14:28 +01:00
2013-02-11 20:24:19 +01:00
if ( isset ( $query -> rows )) {
2012-02-08 23:14:28 +01:00
foreach ( $query -> rows as $a ) {
2013-10-05 11:34:06 +02:00
$a [ 'description' ] = preg_replace ( " / \" / " , " ' " , $a [ 'description' ]);
2012-02-08 23:14:28 +01:00
$results [] = array (
'id' => $a [ 'meta_id' ],
'piler_id' => isset ( $m [ $a [ 'meta_id' ]]) ? $m [ $a [ 'meta_id' ]] : '' ,
'action' => $a [ 'action' ],
'email' => $a [ 'email' ],
2013-07-28 20:56:59 +02:00
'date' => date ( DATE_TEMPLATE . " H:i " , $a [ 'ts' ]),
2013-07-25 13:27:56 +02:00
'ipaddr' => DEMO_MODE == 1 ? anonimize_ip_addr ( $a [ 'ipaddr' ]) : $a [ 'ipaddr' ],
2012-02-08 23:14:28 +01:00
'description' => $a [ 'description' ],
'shortdescription' => make_short_string ( $a [ 'description' ], MAX_CGI_FROM_SUBJ_LEN )
);
}
}
}
return array ( $n , $results );
}
2013-08-02 16:33:14 +02:00
public function print_audit_to_csv () {
$actions = array_flip ( Registry :: get ( 'actions' ));
$a = $this -> session -> get ( " audit_query " );
if ( isset ( $a [ 'where' ]) && isset ( $a [ 'sortorder' ]) && isset ( $a [ 'arr' ])) {
print " Date " . DELIMITER . " ID " . DELIMITER . " User " . DELIMITER . " IP-address " . DELIMITER . " Action " . DELIMITER . " Piler ID " . DELIMITER . " Description \n " ;
$query = $this -> db -> query ( " SELECT * FROM " . TABLE_AUDIT . " " . $a [ 'where' ] . " " . $a [ 'sortorder' ], $a [ 'arr' ]);
foreach ( $query -> rows as $q ) {
if ( DEMO_MODE == 1 ) { $q [ 'ipaddr' ] = anonimize_ip_addr ( $q [ 'ipaddr' ]); }
2013-08-02 22:47:18 +02:00
print date ( DATE_TEMPLATE . " H:i:s " , $q [ 'ts' ]) . DELIMITER . $q [ 'id' ] . DELIMITER . $q [ 'email' ] . DELIMITER . $q [ 'ipaddr' ] . DELIMITER . $actions [ $q [ 'action' ]] . DELIMITER . $q [ 'meta_id' ] . DELIMITER . $q [ 'description' ] . " \n " ;
2013-08-02 16:33:14 +02:00
}
}
}
2013-08-02 20:59:56 +02:00
private function append_search_criteria ( $var = '' , $s = '' , & $arr = array ()) {
$str = " " ;
2012-02-08 23:14:28 +01:00
2013-08-02 20:59:56 +02:00
$a = explode ( " \t " , $s );
2012-02-08 23:14:28 +01:00
for ( $i = 0 ; $i < count ( $a ); $i ++ ) {
if ( $a [ $i ]) {
2013-08-02 20:59:56 +02:00
$p = strchr ( $a [ $i ], '*' );
if ( $p ) {
$str .= " OR $var LIKE ? " ;
array_push ( $arr , preg_replace ( " / \ *. { 0,}/ " , " % " , $a [ $i ]));
}
else {
$str .= " OR $var = ? " ;
array_push ( $arr , $a [ $i ]);
}
2012-02-08 23:14:28 +01:00
}
}
2013-08-02 20:59:56 +02:00
return substr ( $str , 2 , strlen ( $str ));
2012-02-08 23:14:28 +01:00
}
2015-07-28 21:56:50 +02:00
public function can_download () {
if ( MAX_DOWNLOAD_PER_HOUR <= 0 || Registry :: get ( 'auditor_user' ) == 1 ) { return 1 ; }
$session = Registry :: get ( 'session' );
$email = $session -> get ( " email " );
$query = $this -> db -> query ( " SELECT COUNT(*) AS num FROM " . TABLE_AUDIT . " WHERE email=? AND ts > ? AND action=? " , array ( $email , NOW - 3600 , ACTION_DOWNLOAD_MESSAGE ));
if ( $query -> row [ 'num' ] <= MAX_DOWNLOAD_PER_HOUR ) { return 1 ; }
return 0 ;
}
2015-07-28 22:10:50 +02:00
public function can_restore () {
if ( MAX_RESTORE_PER_HOUR <= 0 || Registry :: get ( 'auditor_user' ) == 1 ) { return 1 ; }
$session = Registry :: get ( 'session' );
$email = $session -> get ( " email " );
$query = $this -> db -> query ( " SELECT COUNT(*) AS num FROM " . TABLE_AUDIT . " WHERE email=? AND ts > ? AND action=? " , array ( $email , NOW - 3600 , ACTION_RESTORE_MESSAGE ));
if ( $query -> row [ 'num' ] <= MAX_RESTORE_PER_HOUR ) { return 1 ; }
return 0 ;
}
2012-02-08 23:14:28 +01:00
}
?>