1 |
<?php
|
2 |
//$Header: /hl/cvsroots/gpl01/gpl01/webprojs/fboprime/sw/phplib/log.inc,v 1.10 2006/05/13 17:15:46 dashley Exp $
|
3 |
//--------------------------------------------------------------------------------------------------------------
|
4 |
//log.inc--FboPrime Logging Functions and Constants
|
5 |
//Copyright (C) 2006 David T. Ashley
|
6 |
//
|
7 |
//This program is free software; you can redistribute it and/or
|
8 |
//modify it under the terms of the GNU General Public License
|
9 |
//as published by the Free Software Foundation; either version 2
|
10 |
//of the License, or (at your option) any later version.
|
11 |
//
|
12 |
//This program is distributed in the hope that it will be useful,
|
13 |
//but WITHOUT ANY WARRANTY; without even the implied warranty of
|
14 |
//MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
15 |
//GNU General Public License for more details.
|
16 |
//
|
17 |
//You should have received a copy of the GNU General Public License
|
18 |
//along with this program; if not, write to the Free Software
|
19 |
//Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
20 |
//********************************************************************************
|
21 |
//This contains functions used to log events, both to the loge table of the
|
22 |
//database, and to the system log.
|
23 |
//--------------------------------------------------------------------------------------------------------------
|
24 |
require_once("global.inc");
|
25 |
require_once("strfunc.inc");
|
26 |
require_once("utime.inc");
|
27 |
//
|
28 |
//--------------------------------------------------------------------------------------------------------------
|
29 |
//Different types of log entries that can be made.
|
30 |
//------------------------------------------------
|
31 |
//These can be differentiated into categories using integer division, code / 10.
|
32 |
//
|
33 |
//Unknown or miscellaneous log entries.
|
34 |
define("LOG_ET_UNKNOWN_MISC", 0); //Unknown or miscellaneous.
|
35 |
//Page statistics.
|
36 |
define("LOG_ET_PAGEHIT", 10); //Ordinary page hit.
|
37 |
//Database connection or authentication problems.
|
38 |
define("LOG_ET_ERRDBCONN", 20); //An error connecting or authenticating to the
|
39 |
//MySQL database.
|
40 |
//Authentication and authentication failures.
|
41 |
define("LOG_ET_LOGIN_OK", 30); //Login of a user.
|
42 |
define("LOG_ET_LOGIN_FAIL", 31); //Login failure.
|
43 |
define("LOG_ET_LOGOUT_VOL", 32); //Voluntary user logout.
|
44 |
define("LOG_ET_LOGOUT_TIME", 33); //Forced logout due to time.
|
45 |
define("LOG_ET_REVAL_OK", 34); //Session revalidated successfully.
|
46 |
//Security threats.
|
47 |
define("LOG_ET_SEC_SID_FORGED", 40); //An apparently forged or otherwise tampered SID.
|
48 |
define("LOG_ET_SEC_LOGOUT_IP", 41); //Forced logout due to an IP that has changed
|
49 |
//Maintenance entries.
|
50 |
define("LOG_ET_MAINT_PERIODIC", 50); //An ordinary periodic maintenance entry.
|
51 |
//Internal server or software errors.
|
52 |
define("LOG_ET_UNCATEGORIZED", 100); //Errors not otherwise specified.
|
53 |
define("LOG_ET_INVALID_SPECIFIED", 200); //Errors not otherwise specified.
|
54 |
//
|
55 |
//--------------------------------------------------------------------------------------------------------------
|
56 |
//Inserts a log entry into the MySQL log.
|
57 |
// type : Enumerated type.
|
58 |
// stime : STIME time stamp, time page started.
|
59 |
// ip : The IP address on record with the server.
|
60 |
// userid : The userid of the currently logged in user (text string).
|
61 |
// sid : The current session identifier.
|
62 |
// scriptfile : The PHP script being executed, usually obtained by PHP_SELF.
|
63 |
// getpostpars : The GET/POST parameters to the script.
|
64 |
// phpfilek : The PHP __FILE__ directive from the caller.
|
65 |
// phplinek : The PHP __LINE__ directive from the caller.
|
66 |
// logentry : The log entry itself.
|
67 |
//
|
68 |
function LOG_log($type, $stime, $ip, $userid, $sid, $scriptfile, $getpostpars, $phpfilek, $phplinek, $logentry)
|
69 |
{
|
70 |
global $GLOBAL_dbhandle; //Database handle.
|
71 |
|
72 |
//Obtain the Unix timestamp.
|
73 |
$utime = UTIME_utime();
|
74 |
|
75 |
//Sanitize the type of log entry. It can only be certain types. If it
|
76 |
//isn't valid, flag it as invalidly specified at the interface.
|
77 |
$type = LOG_force_type_set($type);
|
78 |
|
79 |
//if (is_string($stime))
|
80 |
// echo " is string ";
|
81 |
|
82 |
//echo " ? " . strlen($stime) . " ? ";
|
83 |
//echo " ! " . $stime . " ! ";
|
84 |
|
85 |
//Sanitize the STIME.
|
86 |
$stime = STRFUNC_force_stringtype_subset_truncate($stime, "ST0123456789", 22);
|
87 |
|
88 |
//echo " * " . strlen($stime) . " * ";
|
89 |
//echo " @ " . $stime . " @ ";
|
90 |
|
91 |
//Sanitize the IP.
|
92 |
$ip = STRFUNC_force_stringtype_subset_truncate($ip, ".ABCDEFabcdef0123456789", 40);
|
93 |
|
94 |
//Sanitize the user id.
|
95 |
$userid = STRFUNC_force_stringtype_subset_truncate
|
96 |
(
|
97 |
$userid,
|
98 |
"0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ",
|
99 |
20
|
100 |
);
|
101 |
|
102 |
//Sanitize the session identifier.
|
103 |
$sid = STRFUNC_force_stringtype_subset_truncate($sid, "SISG0123456789abcdefABCDEF", 66);
|
104 |
|
105 |
//Sanitize the scriptfile.
|
106 |
$scriptfile = STRFUNC_force_stringtype_subset_truncate($scriptfile,
|
107 |
"0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ-._/",
|
108 |
1024);
|
109 |
|
110 |
//Sanitize the getpost pars.
|
111 |
$getpostpars = STRFUNC_force_stringtype_subset_truncate
|
112 |
(
|
113 |
$getpostpars,
|
114 |
"0123456789" //Digits
|
115 |
. "abcdefghijklmnopqrstuvwxyz" //Lower-case letters
|
116 |
. "ABCDEFGHIJKLMNOPQRSTUVWXYZ" //Upper-case letters
|
117 |
. " " //Spaces
|
118 |
. "(){}_.,;:-+*/=@\"'", //Punctuation
|
119 |
1024);
|
120 |
|
121 |
//Sanitize the phpfilek.
|
122 |
$phpfilek = STRFUNC_force_stringtype_subset_truncate($phpfilek,
|
123 |
"0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ-._/",
|
124 |
1024);
|
125 |
|
126 |
//Sanitize the phplinek.
|
127 |
$phplinek = STRFUNC_force_stringtype_subset_truncate((string)$phplinek,
|
128 |
"0123456789",
|
129 |
1024);
|
130 |
|
131 |
//Sanitize the log entry itself.
|
132 |
$logentry = STRFUNC_force_stringtype_subset_truncate
|
133 |
(
|
134 |
$logentry,
|
135 |
"0123456789" //Digits
|
136 |
. "abcdefghijklmnopqrstuvwxyz" //Lower-case letters
|
137 |
. "ABCDEFGHIJKLMNOPQRSTUVWXYZ" //Upper-case letters
|
138 |
. " " //Spaces
|
139 |
. "<>(){}_.,;:-+*/=@\"'\$", //Punctuation
|
140 |
4000);
|
141 |
|
142 |
//Issue the MySQL query.
|
143 |
mysql_query("INSERT INTO loge SET type=" . $type .
|
144 |
", utime=\"" . $utime . "\" " .
|
145 |
", stime=\"" . mysql_real_escape_string ($stime, $GLOBAL_dbhandle) . "\" " .
|
146 |
", ip=\"" . mysql_real_escape_string ($ip, $GLOBAL_dbhandle) . "\" " .
|
147 |
", userid=\"" . mysql_real_escape_string ($userid, $GLOBAL_dbhandle) . "\" " .
|
148 |
", sid=\"" . mysql_real_escape_string ($sid, $GLOBAL_dbhandle) . "\" " .
|
149 |
", scriptfile=\"" . mysql_real_escape_string ($scriptfile, $GLOBAL_dbhandle) . "\" " .
|
150 |
", getpostpars=\"" . mysql_real_escape_string ($getpostpars, $GLOBAL_dbhandle) . "\" " .
|
151 |
", phpfilek=\"" . mysql_real_escape_string ($phpfilek, $GLOBAL_dbhandle) . "\" " .
|
152 |
", phplinek=\"" . mysql_real_escape_string ($phplinek, $GLOBAL_dbhandle) . "\" " .
|
153 |
", logentry=\"" . mysql_real_escape_string ($logentry, $GLOBAL_dbhandle) . "\"",
|
154 |
$GLOBAL_dbhandle);
|
155 |
}
|
156 |
//
|
157 |
//
|
158 |
//--------------------------------------------------------------------------------------------------------------
|
159 |
//Forces a log entry type into a valid type and range. Return value is the
|
160 |
//sanitized value.
|
161 |
//
|
162 |
function LOG_force_type_set($type)
|
163 |
{
|
164 |
if (!is_int($type))
|
165 |
{
|
166 |
//It is not an integer. Flag this as invalid.
|
167 |
$type = (int) LOG_ET_INVALID_SPECIFIED;
|
168 |
}
|
169 |
else
|
170 |
{
|
171 |
//It is an integer. Force it into set of allowed values.
|
172 |
switch($type)
|
173 |
{
|
174 |
case LOG_ET_UNKNOWN_MISC:
|
175 |
case LOG_ET_PAGEHIT:
|
176 |
case LOG_ET_ERRDBCONN:
|
177 |
case LOG_ET_LOGIN_OK:
|
178 |
case LOG_ET_LOGIN_FAIL:
|
179 |
case LOG_ET_LOGOUT_VOL:
|
180 |
case LOG_ET_LOGOUT_TIME:
|
181 |
case LOG_ET_REVAL_OK:
|
182 |
case LOG_ET_SEC_SID_FORGED:
|
183 |
case LOG_ET_SEC_LOGOUT_IP:
|
184 |
case LOG_ET_MAINT_PERIODIC:
|
185 |
case LOG_ET_UNCATEGORIZED:
|
186 |
case LOG_ET_INVALID_SPECIFIED:
|
187 |
//Do nothing. This is already in bounds.
|
188 |
break;
|
189 |
default:
|
190 |
//It is out of range. Force it in.
|
191 |
$type = (int) LOG_ET_INVALID_SPECIFIED;
|
192 |
}
|
193 |
}
|
194 |
|
195 |
//Sanitization is complete. Return it.
|
196 |
return($type);
|
197 |
}
|
198 |
//
|
199 |
//--------------------------------------------------------------------------------------------------------------
|
200 |
//Makes a system log entry, with a constant prefix.
|
201 |
//
|
202 |
function LOG_syslog($text)
|
203 |
{
|
204 |
syslog(LOG_WARNING, CONFIG_MYSQL_ERR_SYSLOG_PREFIX . ": " . $text);
|
205 |
}
|
206 |
//
|
207 |
//--------------------------------------------------------------------------------------------------------------
|
208 |
//End of $RCSfile: log.inc,v $.
|
209 |
//--------------------------------------------------------------------------------------------------------------
|
210 |
?>
|