piler/webui/model/audit/audit.php

177 lines
5.8 KiB
PHP
Raw Normal View History

2012-02-08 23:14:28 +01:00
<?php
class ModelAuditAudit extends Model {
public function search_audit($data = array()) {
$where = '';
$arr = $results = array();
$from = 0;
$sort = "ts";
$order = "DESC";
$sortorder = "ORDER BY ts DESC";
2012-06-21 10:53:42 +02:00
$date1 = $date2 = 0;
2012-02-08 23:14:28 +01:00
$q = '';
2013-11-18 19:24:33 +01:00
$session = Registry::get('session');
2012-02-08 23:14:28 +01:00
if($data['sort'] == "user") { $sort = "email"; }
if($data['sort'] == "ipaddr") { $sort = "ipaddr"; }
if($data['sort'] == "ref") { $sort = "meta_id"; }
if($data['sort'] == "action") { $sort = "action"; }
if($data['sort'] == "description") { $sort = "description"; }
if($data['order'] == 1) { $order = "ASC"; }
$sortorder = "ORDER BY `$sort` $order";
if(isset($data['action']) && $data['action'] != ACTION_ALL) {
2013-08-02 20:59:56 +02:00
$where .= " AND ( " . $this->append_search_criteria("action", $data['action'], $arr) . " )";
2012-02-08 23:14:28 +01:00
}
2013-02-11 20:24:19 +01:00
if(isset($data['ipaddr']) && $data['ipaddr']) {
2013-08-02 20:59:56 +02:00
$where .= " AND ( " . $this->append_search_criteria("ipaddr", $data['ipaddr'], $arr) . " )";
2012-02-08 23:14:28 +01:00
}
2013-02-11 20:24:19 +01:00
if(isset($data['user']) && $data['user']) {
2013-08-02 20:59:56 +02:00
$where .= " AND ( " . $this->append_search_criteria("email", $data['user'], $arr) . " )";
2012-02-08 23:14:28 +01:00
}
2013-02-11 20:24:19 +01:00
if(isset($data['ref']) && $data['ref']) {
2013-08-02 20:59:56 +02:00
$where .= " AND ( " . $this->append_search_criteria("meta_id", $data['ref'], $arr) . " )";
2012-02-08 23:14:28 +01:00
}
2013-08-06 06:36:56 +02:00
if(Registry::get('admin_user') == 0 && RESTRICTED_AUDITOR == 1) {
2013-11-18 19:24:33 +01:00
$auditdomains = $session->get("auditdomains");
while(list($k, $v) = each($auditdomains)) {
2013-07-12 15:02:50 +02:00
if($q) { $q .= ","; }
$q .= "?";
array_push($arr, $v);
}
$where .= " AND domain IN ($q) ";
2013-11-18 19:24:33 +01:00
reset($session->get("auditdomains"));
2013-07-12 15:02:50 +02:00
}
2012-06-21 10:53:42 +02:00
if(isset($data['date1'])) { $date1 = $data['date1']; }
if(isset($data['date2'])) { $date2 = $data['date2']; }
2012-02-08 23:14:28 +01:00
2012-06-21 10:53:42 +02:00
$date = fixup_date_condition('ts', $date1, $date2);
2012-02-08 23:14:28 +01:00
if($date) { $where .= " AND $date "; }
if($where) {
$where = " WHERE " . substr($where, 5, strlen($where));
}
$from = $data['page_len'] * $data['page'];
2013-08-02 20:59:56 +02:00
2013-02-11 20:24:19 +01:00
if($where) {
$query = $this->db->query("SELECT COUNT(*) AS count FROM " . TABLE_AUDIT . " $where", $arr);
$n = $query->row['count'];
2012-02-08 23:14:28 +01:00
2013-02-11 20:24:19 +01:00
if(ENABLE_SYSLOG == 1) { syslog(LOG_INFO, sprintf("audit query: '%s' in %.2f s, %d hits", $query->query, $query->exec_time, $query->row['count'])); }
}
else { $n = MAX_AUDIT_HITS; }
2012-02-08 23:14:28 +01:00
if($n > 0) {
if($n > MAX_AUDIT_HITS) { $n = MAX_AUDIT_HITS; }
2013-08-02 16:33:14 +02:00
2012-02-08 23:14:28 +01:00
$query = $this->db->query("SELECT * FROM " . TABLE_AUDIT . " $where $sortorder LIMIT $from," . $data['page_len'], $arr);
2013-08-02 16:33:14 +02:00
$this->session->set("audit_query", array('where' => $where, 'sortorder' => $sortorder, 'arr' => $arr));
2013-02-11 20:24:19 +01:00
if(ENABLE_SYSLOG == 1) { syslog(LOG_INFO, sprintf("audit query: '%s', param: '%s' in %.2f s, %d hits", $query->query, implode(' ', $arr), $query->exec_time, $query->num_rows)); }
2012-02-08 23:14:28 +01:00
2013-02-11 20:24:19 +01:00
if(isset($query->rows)) {
2012-02-08 23:14:28 +01:00
foreach($query->rows as $a) {
$a['description'] = preg_replace("/\"/", "'", $a['description']);
2012-02-08 23:14:28 +01:00
$results[] = array(
'id' => $a['meta_id'],
'piler_id' => isset($m[$a['meta_id']]) ? $m[$a['meta_id']] : '',
'action' => $a['action'],
'email' => $a['email'],
'date' => date(DATE_TEMPLATE . " H:i", $a['ts']),
'ipaddr' => DEMO_MODE == 1 ? anonimize_ip_addr($a['ipaddr']) : $a['ipaddr'],
2012-02-08 23:14:28 +01:00
'description' => $a['description'],
'shortdescription' => make_short_string($a['description'], MAX_CGI_FROM_SUBJ_LEN)
);
}
}
}
return array($n, $results);
}
2013-08-02 16:33:14 +02:00
public function print_audit_to_csv() {
$actions = array_flip(Registry::get('actions'));
$a = $this->session->get("audit_query");
if(isset($a['where']) && isset($a['sortorder']) && isset($a['arr'])) {
print "Date" . DELIMITER . "ID" . DELIMITER . "User" . DELIMITER . "IP-address" . DELIMITER . "Action" . DELIMITER . "Piler ID" . DELIMITER . "Description\n";
$query = $this->db->query("SELECT * FROM " . TABLE_AUDIT . " " . $a['where'] . " " . $a['sortorder'], $a['arr']);
foreach($query->rows as $q) {
if(DEMO_MODE == 1) { $q['ipaddr'] = anonimize_ip_addr($q['ipaddr']); }
2013-08-02 22:47:18 +02:00
print date(DATE_TEMPLATE . " H:i:s", $q['ts']) . DELIMITER . $q['id'] . DELIMITER . $q['email'] . DELIMITER . $q['ipaddr'] . DELIMITER . $actions[$q['action']] . DELIMITER . $q['meta_id'] . DELIMITER . $q['description'] . "\n";
2013-08-02 16:33:14 +02:00
}
}
}
2013-08-02 20:59:56 +02:00
private function append_search_criteria($var = '', $s = '', &$arr = array()) {
$str = "";
2012-02-08 23:14:28 +01:00
2013-08-02 20:59:56 +02:00
$a = explode("\t", $s);
2012-02-08 23:14:28 +01:00
for($i=0; $i<count($a); $i++) {
if($a[$i]) {
2013-08-02 20:59:56 +02:00
$p = strchr($a[$i], '*');
if($p) {
$str .= "OR $var LIKE ? ";
array_push($arr, preg_replace("/\*.{0,}/", "%", $a[$i]));
}
else {
$str .= "OR $var = ? ";
array_push($arr, $a[$i]);
}
2012-02-08 23:14:28 +01:00
}
}
2013-08-02 20:59:56 +02:00
return substr($str, 2, strlen($str));
2012-02-08 23:14:28 +01:00
}
public function can_download() {
if(MAX_DOWNLOAD_PER_HOUR <= 0 || Registry::get('auditor_user') == 1) { return 1; }
$session = Registry::get('session');
$email = $session->get("email");
$query = $this->db->query("SELECT COUNT(*) AS num FROM " . TABLE_AUDIT . " WHERE email=? AND ts > ? AND action=?", array($email, NOW-3600, ACTION_DOWNLOAD_MESSAGE));
if($query->row['num'] <= MAX_DOWNLOAD_PER_HOUR) { return 1; }
return 0;
}
2012-02-08 23:14:28 +01:00
}
?>