/[dtapublic]/to_be_filed/webprojs/php_libraries/php_library/fboprime/log.inc
ViewVC logotype

Contents of /to_be_filed/webprojs/php_libraries/php_library/fboprime/log.inc

Parent Directory Parent Directory | Revision Log Revision Log


Revision 35 - (show annotations) (download)
Sat Oct 8 23:35:33 2016 UTC (8 years ago) by dashley
File size: 10418 byte(s)
Initial commit.
1 <?php
2 //$Header: /hl/cvsroots/gpl01/gpl01/webprojs/fboprime/sw/phplib/log.inc,v 1.10 2006/05/13 17:15:46 dashley Exp $
3 //--------------------------------------------------------------------------------------------------------------
4 //log.inc--FboPrime Logging Functions and Constants
5 //Copyright (C) 2006 David T. Ashley
6 //
7 //This program is free software; you can redistribute it and/or
8 //modify it under the terms of the GNU General Public License
9 //as published by the Free Software Foundation; either version 2
10 //of the License, or (at your option) any later version.
11 //
12 //This program is distributed in the hope that it will be useful,
13 //but WITHOUT ANY WARRANTY; without even the implied warranty of
14 //MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 //GNU General Public License for more details.
16 //
17 //You should have received a copy of the GNU General Public License
18 //along with this program; if not, write to the Free Software
19 //Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
20 //********************************************************************************
21 //This contains functions used to log events, both to the loge table of the
22 //database, and to the system log.
23 //--------------------------------------------------------------------------------------------------------------
24 require_once("global.inc");
25 require_once("strfunc.inc");
26 require_once("utime.inc");
27 //
28 //--------------------------------------------------------------------------------------------------------------
29 //Different types of log entries that can be made.
30 //------------------------------------------------
31 //These can be differentiated into categories using integer division, code / 10.
32 //
33 //Unknown or miscellaneous log entries.
34 define("LOG_ET_UNKNOWN_MISC", 0); //Unknown or miscellaneous.
35 //Page statistics.
36 define("LOG_ET_PAGEHIT", 10); //Ordinary page hit.
37 //Database connection or authentication problems.
38 define("LOG_ET_ERRDBCONN", 20); //An error connecting or authenticating to the
39 //MySQL database.
40 //Authentication and authentication failures.
41 define("LOG_ET_LOGIN_OK", 30); //Login of a user.
42 define("LOG_ET_LOGIN_FAIL", 31); //Login failure.
43 define("LOG_ET_LOGOUT_VOL", 32); //Voluntary user logout.
44 define("LOG_ET_LOGOUT_TIME", 33); //Forced logout due to time.
45 define("LOG_ET_REVAL_OK", 34); //Session revalidated successfully.
46 //Security threats.
47 define("LOG_ET_SEC_SID_FORGED", 40); //An apparently forged or otherwise tampered SID.
48 define("LOG_ET_SEC_LOGOUT_IP", 41); //Forced logout due to an IP that has changed
49 //Maintenance entries.
50 define("LOG_ET_MAINT_PERIODIC", 50); //An ordinary periodic maintenance entry.
51 //Internal server or software errors.
52 define("LOG_ET_UNCATEGORIZED", 100); //Errors not otherwise specified.
53 define("LOG_ET_INVALID_SPECIFIED", 200); //Errors not otherwise specified.
54 //
55 //--------------------------------------------------------------------------------------------------------------
56 //Inserts a log entry into the MySQL log.
57 // type : Enumerated type.
58 // stime : STIME time stamp, time page started.
59 // ip : The IP address on record with the server.
60 // userid : The userid of the currently logged in user (text string).
61 // sid : The current session identifier.
62 // scriptfile : The PHP script being executed, usually obtained by PHP_SELF.
63 // getpostpars : The GET/POST parameters to the script.
64 // phpfilek : The PHP __FILE__ directive from the caller.
65 // phplinek : The PHP __LINE__ directive from the caller.
66 // logentry : The log entry itself.
67 //
68 function LOG_log($type, $stime, $ip, $userid, $sid, $scriptfile, $getpostpars, $phpfilek, $phplinek, $logentry)
69 {
70 global $GLOBAL_dbhandle; //Database handle.
71
72 //Obtain the Unix timestamp.
73 $utime = UTIME_utime();
74
75 //Sanitize the type of log entry. It can only be certain types. If it
76 //isn't valid, flag it as invalidly specified at the interface.
77 $type = LOG_force_type_set($type);
78
79 //if (is_string($stime))
80 // echo " is string ";
81
82 //echo " ? " . strlen($stime) . " ? ";
83 //echo " ! " . $stime . " ! ";
84
85 //Sanitize the STIME.
86 $stime = STRFUNC_force_stringtype_subset_truncate($stime, "ST0123456789", 22);
87
88 //echo " * " . strlen($stime) . " * ";
89 //echo " @ " . $stime . " @ ";
90
91 //Sanitize the IP.
92 $ip = STRFUNC_force_stringtype_subset_truncate($ip, ".ABCDEFabcdef0123456789", 40);
93
94 //Sanitize the user id.
95 $userid = STRFUNC_force_stringtype_subset_truncate
96 (
97 $userid,
98 "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ",
99 20
100 );
101
102 //Sanitize the session identifier.
103 $sid = STRFUNC_force_stringtype_subset_truncate($sid, "SISG0123456789abcdefABCDEF", 66);
104
105 //Sanitize the scriptfile.
106 $scriptfile = STRFUNC_force_stringtype_subset_truncate($scriptfile,
107 "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ-._/",
108 1024);
109
110 //Sanitize the getpost pars.
111 $getpostpars = STRFUNC_force_stringtype_subset_truncate
112 (
113 $getpostpars,
114 "0123456789" //Digits
115 . "abcdefghijklmnopqrstuvwxyz" //Lower-case letters
116 . "ABCDEFGHIJKLMNOPQRSTUVWXYZ" //Upper-case letters
117 . " " //Spaces
118 . "(){}_.,;:-+*/=@\"'", //Punctuation
119 1024);
120
121 //Sanitize the phpfilek.
122 $phpfilek = STRFUNC_force_stringtype_subset_truncate($phpfilek,
123 "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ-._/",
124 1024);
125
126 //Sanitize the phplinek.
127 $phplinek = STRFUNC_force_stringtype_subset_truncate((string)$phplinek,
128 "0123456789",
129 1024);
130
131 //Sanitize the log entry itself.
132 $logentry = STRFUNC_force_stringtype_subset_truncate
133 (
134 $logentry,
135 "0123456789" //Digits
136 . "abcdefghijklmnopqrstuvwxyz" //Lower-case letters
137 . "ABCDEFGHIJKLMNOPQRSTUVWXYZ" //Upper-case letters
138 . " " //Spaces
139 . "<>(){}_.,;:-+*/=@\"'\$", //Punctuation
140 4000);
141
142 //Issue the MySQL query.
143 mysql_query("INSERT INTO loge SET type=" . $type .
144 ", utime=\"" . $utime . "\" " .
145 ", stime=\"" . mysql_real_escape_string ($stime, $GLOBAL_dbhandle) . "\" " .
146 ", ip=\"" . mysql_real_escape_string ($ip, $GLOBAL_dbhandle) . "\" " .
147 ", userid=\"" . mysql_real_escape_string ($userid, $GLOBAL_dbhandle) . "\" " .
148 ", sid=\"" . mysql_real_escape_string ($sid, $GLOBAL_dbhandle) . "\" " .
149 ", scriptfile=\"" . mysql_real_escape_string ($scriptfile, $GLOBAL_dbhandle) . "\" " .
150 ", getpostpars=\"" . mysql_real_escape_string ($getpostpars, $GLOBAL_dbhandle) . "\" " .
151 ", phpfilek=\"" . mysql_real_escape_string ($phpfilek, $GLOBAL_dbhandle) . "\" " .
152 ", phplinek=\"" . mysql_real_escape_string ($phplinek, $GLOBAL_dbhandle) . "\" " .
153 ", logentry=\"" . mysql_real_escape_string ($logentry, $GLOBAL_dbhandle) . "\"",
154 $GLOBAL_dbhandle);
155 }
156 //
157 //
158 //--------------------------------------------------------------------------------------------------------------
159 //Forces a log entry type into a valid type and range. Return value is the
160 //sanitized value.
161 //
162 function LOG_force_type_set($type)
163 {
164 if (!is_int($type))
165 {
166 //It is not an integer. Flag this as invalid.
167 $type = (int) LOG_ET_INVALID_SPECIFIED;
168 }
169 else
170 {
171 //It is an integer. Force it into set of allowed values.
172 switch($type)
173 {
174 case LOG_ET_UNKNOWN_MISC:
175 case LOG_ET_PAGEHIT:
176 case LOG_ET_ERRDBCONN:
177 case LOG_ET_LOGIN_OK:
178 case LOG_ET_LOGIN_FAIL:
179 case LOG_ET_LOGOUT_VOL:
180 case LOG_ET_LOGOUT_TIME:
181 case LOG_ET_REVAL_OK:
182 case LOG_ET_SEC_SID_FORGED:
183 case LOG_ET_SEC_LOGOUT_IP:
184 case LOG_ET_MAINT_PERIODIC:
185 case LOG_ET_UNCATEGORIZED:
186 case LOG_ET_INVALID_SPECIFIED:
187 //Do nothing. This is already in bounds.
188 break;
189 default:
190 //It is out of range. Force it in.
191 $type = (int) LOG_ET_INVALID_SPECIFIED;
192 }
193 }
194
195 //Sanitization is complete. Return it.
196 return($type);
197 }
198 //
199 //--------------------------------------------------------------------------------------------------------------
200 //Makes a system log entry, with a constant prefix.
201 //
202 function LOG_syslog($text)
203 {
204 syslog(LOG_WARNING, CONFIG_MYSQL_ERR_SYSLOG_PREFIX . ": " . $text);
205 }
206 //
207 //--------------------------------------------------------------------------------------------------------------
208 //End of $RCSfile: log.inc,v $.
209 //--------------------------------------------------------------------------------------------------------------
210 ?>

dashley@gmail.com
ViewVC Help
Powered by ViewVC 1.1.25