/[dtapublic]/to_be_filed/webprojs/php_libraries/php_library/fboprime/log.inc
ViewVC logotype

Annotation of /to_be_filed/webprojs/php_libraries/php_library/fboprime/log.inc

Parent Directory Parent Directory | Revision Log Revision Log


Revision 35 - (hide annotations) (download)
Sat Oct 8 23:35:33 2016 UTC (8 years ago) by dashley
File size: 10418 byte(s)
Initial commit.
1 dashley 35 <?php
2     //$Header: /hl/cvsroots/gpl01/gpl01/webprojs/fboprime/sw/phplib/log.inc,v 1.10 2006/05/13 17:15:46 dashley Exp $
3     //--------------------------------------------------------------------------------------------------------------
4     //log.inc--FboPrime Logging Functions and Constants
5     //Copyright (C) 2006 David T. Ashley
6     //
7     //This program is free software; you can redistribute it and/or
8     //modify it under the terms of the GNU General Public License
9     //as published by the Free Software Foundation; either version 2
10     //of the License, or (at your option) any later version.
11     //
12     //This program is distributed in the hope that it will be useful,
13     //but WITHOUT ANY WARRANTY; without even the implied warranty of
14     //MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15     //GNU General Public License for more details.
16     //
17     //You should have received a copy of the GNU General Public License
18     //along with this program; if not, write to the Free Software
19     //Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
20     //********************************************************************************
21     //This contains functions used to log events, both to the loge table of the
22     //database, and to the system log.
23     //--------------------------------------------------------------------------------------------------------------
24     require_once("global.inc");
25     require_once("strfunc.inc");
26     require_once("utime.inc");
27     //
28     //--------------------------------------------------------------------------------------------------------------
29     //Different types of log entries that can be made.
30     //------------------------------------------------
31     //These can be differentiated into categories using integer division, code / 10.
32     //
33     //Unknown or miscellaneous log entries.
34     define("LOG_ET_UNKNOWN_MISC", 0); //Unknown or miscellaneous.
35     //Page statistics.
36     define("LOG_ET_PAGEHIT", 10); //Ordinary page hit.
37     //Database connection or authentication problems.
38     define("LOG_ET_ERRDBCONN", 20); //An error connecting or authenticating to the
39     //MySQL database.
40     //Authentication and authentication failures.
41     define("LOG_ET_LOGIN_OK", 30); //Login of a user.
42     define("LOG_ET_LOGIN_FAIL", 31); //Login failure.
43     define("LOG_ET_LOGOUT_VOL", 32); //Voluntary user logout.
44     define("LOG_ET_LOGOUT_TIME", 33); //Forced logout due to time.
45     define("LOG_ET_REVAL_OK", 34); //Session revalidated successfully.
46     //Security threats.
47     define("LOG_ET_SEC_SID_FORGED", 40); //An apparently forged or otherwise tampered SID.
48     define("LOG_ET_SEC_LOGOUT_IP", 41); //Forced logout due to an IP that has changed
49     //Maintenance entries.
50     define("LOG_ET_MAINT_PERIODIC", 50); //An ordinary periodic maintenance entry.
51     //Internal server or software errors.
52     define("LOG_ET_UNCATEGORIZED", 100); //Errors not otherwise specified.
53     define("LOG_ET_INVALID_SPECIFIED", 200); //Errors not otherwise specified.
54     //
55     //--------------------------------------------------------------------------------------------------------------
56     //Inserts a log entry into the MySQL log.
57     // type : Enumerated type.
58     // stime : STIME time stamp, time page started.
59     // ip : The IP address on record with the server.
60     // userid : The userid of the currently logged in user (text string).
61     // sid : The current session identifier.
62     // scriptfile : The PHP script being executed, usually obtained by PHP_SELF.
63     // getpostpars : The GET/POST parameters to the script.
64     // phpfilek : The PHP __FILE__ directive from the caller.
65     // phplinek : The PHP __LINE__ directive from the caller.
66     // logentry : The log entry itself.
67     //
68     function LOG_log($type, $stime, $ip, $userid, $sid, $scriptfile, $getpostpars, $phpfilek, $phplinek, $logentry)
69     {
70     global $GLOBAL_dbhandle; //Database handle.
71    
72     //Obtain the Unix timestamp.
73     $utime = UTIME_utime();
74    
75     //Sanitize the type of log entry. It can only be certain types. If it
76     //isn't valid, flag it as invalidly specified at the interface.
77     $type = LOG_force_type_set($type);
78    
79     //if (is_string($stime))
80     // echo " is string ";
81    
82     //echo " ? " . strlen($stime) . " ? ";
83     //echo " ! " . $stime . " ! ";
84    
85     //Sanitize the STIME.
86     $stime = STRFUNC_force_stringtype_subset_truncate($stime, "ST0123456789", 22);
87    
88     //echo " * " . strlen($stime) . " * ";
89     //echo " @ " . $stime . " @ ";
90    
91     //Sanitize the IP.
92     $ip = STRFUNC_force_stringtype_subset_truncate($ip, ".ABCDEFabcdef0123456789", 40);
93    
94     //Sanitize the user id.
95     $userid = STRFUNC_force_stringtype_subset_truncate
96     (
97     $userid,
98     "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ",
99     20
100     );
101    
102     //Sanitize the session identifier.
103     $sid = STRFUNC_force_stringtype_subset_truncate($sid, "SISG0123456789abcdefABCDEF", 66);
104    
105     //Sanitize the scriptfile.
106     $scriptfile = STRFUNC_force_stringtype_subset_truncate($scriptfile,
107     "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ-._/",
108     1024);
109    
110     //Sanitize the getpost pars.
111     $getpostpars = STRFUNC_force_stringtype_subset_truncate
112     (
113     $getpostpars,
114     "0123456789" //Digits
115     . "abcdefghijklmnopqrstuvwxyz" //Lower-case letters
116     . "ABCDEFGHIJKLMNOPQRSTUVWXYZ" //Upper-case letters
117     . " " //Spaces
118     . "(){}_.,;:-+*/=@\"'", //Punctuation
119     1024);
120    
121     //Sanitize the phpfilek.
122     $phpfilek = STRFUNC_force_stringtype_subset_truncate($phpfilek,
123     "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ-._/",
124     1024);
125    
126     //Sanitize the phplinek.
127     $phplinek = STRFUNC_force_stringtype_subset_truncate((string)$phplinek,
128     "0123456789",
129     1024);
130    
131     //Sanitize the log entry itself.
132     $logentry = STRFUNC_force_stringtype_subset_truncate
133     (
134     $logentry,
135     "0123456789" //Digits
136     . "abcdefghijklmnopqrstuvwxyz" //Lower-case letters
137     . "ABCDEFGHIJKLMNOPQRSTUVWXYZ" //Upper-case letters
138     . " " //Spaces
139     . "<>(){}_.,;:-+*/=@\"'\$", //Punctuation
140     4000);
141    
142     //Issue the MySQL query.
143     mysql_query("INSERT INTO loge SET type=" . $type .
144     ", utime=\"" . $utime . "\" " .
145     ", stime=\"" . mysql_real_escape_string ($stime, $GLOBAL_dbhandle) . "\" " .
146     ", ip=\"" . mysql_real_escape_string ($ip, $GLOBAL_dbhandle) . "\" " .
147     ", userid=\"" . mysql_real_escape_string ($userid, $GLOBAL_dbhandle) . "\" " .
148     ", sid=\"" . mysql_real_escape_string ($sid, $GLOBAL_dbhandle) . "\" " .
149     ", scriptfile=\"" . mysql_real_escape_string ($scriptfile, $GLOBAL_dbhandle) . "\" " .
150     ", getpostpars=\"" . mysql_real_escape_string ($getpostpars, $GLOBAL_dbhandle) . "\" " .
151     ", phpfilek=\"" . mysql_real_escape_string ($phpfilek, $GLOBAL_dbhandle) . "\" " .
152     ", phplinek=\"" . mysql_real_escape_string ($phplinek, $GLOBAL_dbhandle) . "\" " .
153     ", logentry=\"" . mysql_real_escape_string ($logentry, $GLOBAL_dbhandle) . "\"",
154     $GLOBAL_dbhandle);
155     }
156     //
157     //
158     //--------------------------------------------------------------------------------------------------------------
159     //Forces a log entry type into a valid type and range. Return value is the
160     //sanitized value.
161     //
162     function LOG_force_type_set($type)
163     {
164     if (!is_int($type))
165     {
166     //It is not an integer. Flag this as invalid.
167     $type = (int) LOG_ET_INVALID_SPECIFIED;
168     }
169     else
170     {
171     //It is an integer. Force it into set of allowed values.
172     switch($type)
173     {
174     case LOG_ET_UNKNOWN_MISC:
175     case LOG_ET_PAGEHIT:
176     case LOG_ET_ERRDBCONN:
177     case LOG_ET_LOGIN_OK:
178     case LOG_ET_LOGIN_FAIL:
179     case LOG_ET_LOGOUT_VOL:
180     case LOG_ET_LOGOUT_TIME:
181     case LOG_ET_REVAL_OK:
182     case LOG_ET_SEC_SID_FORGED:
183     case LOG_ET_SEC_LOGOUT_IP:
184     case LOG_ET_MAINT_PERIODIC:
185     case LOG_ET_UNCATEGORIZED:
186     case LOG_ET_INVALID_SPECIFIED:
187     //Do nothing. This is already in bounds.
188     break;
189     default:
190     //It is out of range. Force it in.
191     $type = (int) LOG_ET_INVALID_SPECIFIED;
192     }
193     }
194    
195     //Sanitization is complete. Return it.
196     return($type);
197     }
198     //
199     //--------------------------------------------------------------------------------------------------------------
200     //Makes a system log entry, with a constant prefix.
201     //
202     function LOG_syslog($text)
203     {
204     syslog(LOG_WARNING, CONFIG_MYSQL_ERR_SYSLOG_PREFIX . ": " . $text);
205     }
206     //
207     //--------------------------------------------------------------------------------------------------------------
208     //End of $RCSfile: log.inc,v $.
209     //--------------------------------------------------------------------------------------------------------------
210     ?>

dashley@gmail.com
ViewVC Help
Powered by ViewVC 1.1.25