1 |
dashley |
35 |
<?php
|
2 |
|
|
//$Header: /hl/cvsroots/gpl01/gpl01/webprojs/fboprime/sw/phplib/log.inc,v 1.10 2006/05/13 17:15:46 dashley Exp $
|
3 |
|
|
//--------------------------------------------------------------------------------------------------------------
|
4 |
|
|
//log.inc--FboPrime Logging Functions and Constants
|
5 |
|
|
//Copyright (C) 2006 David T. Ashley
|
6 |
|
|
//
|
7 |
|
|
//This program is free software; you can redistribute it and/or
|
8 |
|
|
//modify it under the terms of the GNU General Public License
|
9 |
|
|
//as published by the Free Software Foundation; either version 2
|
10 |
|
|
//of the License, or (at your option) any later version.
|
11 |
|
|
//
|
12 |
|
|
//This program is distributed in the hope that it will be useful,
|
13 |
|
|
//but WITHOUT ANY WARRANTY; without even the implied warranty of
|
14 |
|
|
//MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
15 |
|
|
//GNU General Public License for more details.
|
16 |
|
|
//
|
17 |
|
|
//You should have received a copy of the GNU General Public License
|
18 |
|
|
//along with this program; if not, write to the Free Software
|
19 |
|
|
//Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
20 |
|
|
//********************************************************************************
|
21 |
|
|
//This contains functions used to log events, both to the loge table of the
|
22 |
|
|
//database, and to the system log.
|
23 |
|
|
//--------------------------------------------------------------------------------------------------------------
|
24 |
|
|
require_once("global.inc");
|
25 |
|
|
require_once("strfunc.inc");
|
26 |
|
|
require_once("utime.inc");
|
27 |
|
|
//
|
28 |
|
|
//--------------------------------------------------------------------------------------------------------------
|
29 |
|
|
//Different types of log entries that can be made.
|
30 |
|
|
//------------------------------------------------
|
31 |
|
|
//These can be differentiated into categories using integer division, code / 10.
|
32 |
|
|
//
|
33 |
|
|
//Unknown or miscellaneous log entries.
|
34 |
|
|
define("LOG_ET_UNKNOWN_MISC", 0); //Unknown or miscellaneous.
|
35 |
|
|
//Page statistics.
|
36 |
|
|
define("LOG_ET_PAGEHIT", 10); //Ordinary page hit.
|
37 |
|
|
//Database connection or authentication problems.
|
38 |
|
|
define("LOG_ET_ERRDBCONN", 20); //An error connecting or authenticating to the
|
39 |
|
|
//MySQL database.
|
40 |
|
|
//Authentication and authentication failures.
|
41 |
|
|
define("LOG_ET_LOGIN_OK", 30); //Login of a user.
|
42 |
|
|
define("LOG_ET_LOGIN_FAIL", 31); //Login failure.
|
43 |
|
|
define("LOG_ET_LOGOUT_VOL", 32); //Voluntary user logout.
|
44 |
|
|
define("LOG_ET_LOGOUT_TIME", 33); //Forced logout due to time.
|
45 |
|
|
define("LOG_ET_REVAL_OK", 34); //Session revalidated successfully.
|
46 |
|
|
//Security threats.
|
47 |
|
|
define("LOG_ET_SEC_SID_FORGED", 40); //An apparently forged or otherwise tampered SID.
|
48 |
|
|
define("LOG_ET_SEC_LOGOUT_IP", 41); //Forced logout due to an IP that has changed
|
49 |
|
|
//Maintenance entries.
|
50 |
|
|
define("LOG_ET_MAINT_PERIODIC", 50); //An ordinary periodic maintenance entry.
|
51 |
|
|
//Internal server or software errors.
|
52 |
|
|
define("LOG_ET_UNCATEGORIZED", 100); //Errors not otherwise specified.
|
53 |
|
|
define("LOG_ET_INVALID_SPECIFIED", 200); //Errors not otherwise specified.
|
54 |
|
|
//
|
55 |
|
|
//--------------------------------------------------------------------------------------------------------------
|
56 |
|
|
//Inserts a log entry into the MySQL log.
|
57 |
|
|
// type : Enumerated type.
|
58 |
|
|
// stime : STIME time stamp, time page started.
|
59 |
|
|
// ip : The IP address on record with the server.
|
60 |
|
|
// userid : The userid of the currently logged in user (text string).
|
61 |
|
|
// sid : The current session identifier.
|
62 |
|
|
// scriptfile : The PHP script being executed, usually obtained by PHP_SELF.
|
63 |
|
|
// getpostpars : The GET/POST parameters to the script.
|
64 |
|
|
// phpfilek : The PHP __FILE__ directive from the caller.
|
65 |
|
|
// phplinek : The PHP __LINE__ directive from the caller.
|
66 |
|
|
// logentry : The log entry itself.
|
67 |
|
|
//
|
68 |
|
|
function LOG_log($type, $stime, $ip, $userid, $sid, $scriptfile, $getpostpars, $phpfilek, $phplinek, $logentry)
|
69 |
|
|
{
|
70 |
|
|
global $GLOBAL_dbhandle; //Database handle.
|
71 |
|
|
|
72 |
|
|
//Obtain the Unix timestamp.
|
73 |
|
|
$utime = UTIME_utime();
|
74 |
|
|
|
75 |
|
|
//Sanitize the type of log entry. It can only be certain types. If it
|
76 |
|
|
//isn't valid, flag it as invalidly specified at the interface.
|
77 |
|
|
$type = LOG_force_type_set($type);
|
78 |
|
|
|
79 |
|
|
//if (is_string($stime))
|
80 |
|
|
// echo " is string ";
|
81 |
|
|
|
82 |
|
|
//echo " ? " . strlen($stime) . " ? ";
|
83 |
|
|
//echo " ! " . $stime . " ! ";
|
84 |
|
|
|
85 |
|
|
//Sanitize the STIME.
|
86 |
|
|
$stime = STRFUNC_force_stringtype_subset_truncate($stime, "ST0123456789", 22);
|
87 |
|
|
|
88 |
|
|
//echo " * " . strlen($stime) . " * ";
|
89 |
|
|
//echo " @ " . $stime . " @ ";
|
90 |
|
|
|
91 |
|
|
//Sanitize the IP.
|
92 |
|
|
$ip = STRFUNC_force_stringtype_subset_truncate($ip, ".ABCDEFabcdef0123456789", 40);
|
93 |
|
|
|
94 |
|
|
//Sanitize the user id.
|
95 |
|
|
$userid = STRFUNC_force_stringtype_subset_truncate
|
96 |
|
|
(
|
97 |
|
|
$userid,
|
98 |
|
|
"0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ",
|
99 |
|
|
20
|
100 |
|
|
);
|
101 |
|
|
|
102 |
|
|
//Sanitize the session identifier.
|
103 |
|
|
$sid = STRFUNC_force_stringtype_subset_truncate($sid, "SISG0123456789abcdefABCDEF", 66);
|
104 |
|
|
|
105 |
|
|
//Sanitize the scriptfile.
|
106 |
|
|
$scriptfile = STRFUNC_force_stringtype_subset_truncate($scriptfile,
|
107 |
|
|
"0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ-._/",
|
108 |
|
|
1024);
|
109 |
|
|
|
110 |
|
|
//Sanitize the getpost pars.
|
111 |
|
|
$getpostpars = STRFUNC_force_stringtype_subset_truncate
|
112 |
|
|
(
|
113 |
|
|
$getpostpars,
|
114 |
|
|
"0123456789" //Digits
|
115 |
|
|
. "abcdefghijklmnopqrstuvwxyz" //Lower-case letters
|
116 |
|
|
. "ABCDEFGHIJKLMNOPQRSTUVWXYZ" //Upper-case letters
|
117 |
|
|
. " " //Spaces
|
118 |
|
|
. "(){}_.,;:-+*/=@\"'", //Punctuation
|
119 |
|
|
1024);
|
120 |
|
|
|
121 |
|
|
//Sanitize the phpfilek.
|
122 |
|
|
$phpfilek = STRFUNC_force_stringtype_subset_truncate($phpfilek,
|
123 |
|
|
"0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ-._/",
|
124 |
|
|
1024);
|
125 |
|
|
|
126 |
|
|
//Sanitize the phplinek.
|
127 |
|
|
$phplinek = STRFUNC_force_stringtype_subset_truncate((string)$phplinek,
|
128 |
|
|
"0123456789",
|
129 |
|
|
1024);
|
130 |
|
|
|
131 |
|
|
//Sanitize the log entry itself.
|
132 |
|
|
$logentry = STRFUNC_force_stringtype_subset_truncate
|
133 |
|
|
(
|
134 |
|
|
$logentry,
|
135 |
|
|
"0123456789" //Digits
|
136 |
|
|
. "abcdefghijklmnopqrstuvwxyz" //Lower-case letters
|
137 |
|
|
. "ABCDEFGHIJKLMNOPQRSTUVWXYZ" //Upper-case letters
|
138 |
|
|
. " " //Spaces
|
139 |
|
|
. "<>(){}_.,;:-+*/=@\"'\$", //Punctuation
|
140 |
|
|
4000);
|
141 |
|
|
|
142 |
|
|
//Issue the MySQL query.
|
143 |
|
|
mysql_query("INSERT INTO loge SET type=" . $type .
|
144 |
|
|
", utime=\"" . $utime . "\" " .
|
145 |
|
|
", stime=\"" . mysql_real_escape_string ($stime, $GLOBAL_dbhandle) . "\" " .
|
146 |
|
|
", ip=\"" . mysql_real_escape_string ($ip, $GLOBAL_dbhandle) . "\" " .
|
147 |
|
|
", userid=\"" . mysql_real_escape_string ($userid, $GLOBAL_dbhandle) . "\" " .
|
148 |
|
|
", sid=\"" . mysql_real_escape_string ($sid, $GLOBAL_dbhandle) . "\" " .
|
149 |
|
|
", scriptfile=\"" . mysql_real_escape_string ($scriptfile, $GLOBAL_dbhandle) . "\" " .
|
150 |
|
|
", getpostpars=\"" . mysql_real_escape_string ($getpostpars, $GLOBAL_dbhandle) . "\" " .
|
151 |
|
|
", phpfilek=\"" . mysql_real_escape_string ($phpfilek, $GLOBAL_dbhandle) . "\" " .
|
152 |
|
|
", phplinek=\"" . mysql_real_escape_string ($phplinek, $GLOBAL_dbhandle) . "\" " .
|
153 |
|
|
", logentry=\"" . mysql_real_escape_string ($logentry, $GLOBAL_dbhandle) . "\"",
|
154 |
|
|
$GLOBAL_dbhandle);
|
155 |
|
|
}
|
156 |
|
|
//
|
157 |
|
|
//
|
158 |
|
|
//--------------------------------------------------------------------------------------------------------------
|
159 |
|
|
//Forces a log entry type into a valid type and range. Return value is the
|
160 |
|
|
//sanitized value.
|
161 |
|
|
//
|
162 |
|
|
function LOG_force_type_set($type)
|
163 |
|
|
{
|
164 |
|
|
if (!is_int($type))
|
165 |
|
|
{
|
166 |
|
|
//It is not an integer. Flag this as invalid.
|
167 |
|
|
$type = (int) LOG_ET_INVALID_SPECIFIED;
|
168 |
|
|
}
|
169 |
|
|
else
|
170 |
|
|
{
|
171 |
|
|
//It is an integer. Force it into set of allowed values.
|
172 |
|
|
switch($type)
|
173 |
|
|
{
|
174 |
|
|
case LOG_ET_UNKNOWN_MISC:
|
175 |
|
|
case LOG_ET_PAGEHIT:
|
176 |
|
|
case LOG_ET_ERRDBCONN:
|
177 |
|
|
case LOG_ET_LOGIN_OK:
|
178 |
|
|
case LOG_ET_LOGIN_FAIL:
|
179 |
|
|
case LOG_ET_LOGOUT_VOL:
|
180 |
|
|
case LOG_ET_LOGOUT_TIME:
|
181 |
|
|
case LOG_ET_REVAL_OK:
|
182 |
|
|
case LOG_ET_SEC_SID_FORGED:
|
183 |
|
|
case LOG_ET_SEC_LOGOUT_IP:
|
184 |
|
|
case LOG_ET_MAINT_PERIODIC:
|
185 |
|
|
case LOG_ET_UNCATEGORIZED:
|
186 |
|
|
case LOG_ET_INVALID_SPECIFIED:
|
187 |
|
|
//Do nothing. This is already in bounds.
|
188 |
|
|
break;
|
189 |
|
|
default:
|
190 |
|
|
//It is out of range. Force it in.
|
191 |
|
|
$type = (int) LOG_ET_INVALID_SPECIFIED;
|
192 |
|
|
}
|
193 |
|
|
}
|
194 |
|
|
|
195 |
|
|
//Sanitization is complete. Return it.
|
196 |
|
|
return($type);
|
197 |
|
|
}
|
198 |
|
|
//
|
199 |
|
|
//--------------------------------------------------------------------------------------------------------------
|
200 |
|
|
//Makes a system log entry, with a constant prefix.
|
201 |
|
|
//
|
202 |
|
|
function LOG_syslog($text)
|
203 |
|
|
{
|
204 |
|
|
syslog(LOG_WARNING, CONFIG_MYSQL_ERR_SYSLOG_PREFIX . ": " . $text);
|
205 |
|
|
}
|
206 |
|
|
//
|
207 |
|
|
//--------------------------------------------------------------------------------------------------------------
|
208 |
|
|
//End of $RCSfile: log.inc,v $.
|
209 |
|
|
//--------------------------------------------------------------------------------------------------------------
|
210 |
|
|
?>
|