Context Navigation

source: branches/2.7/admin/history.php @ 30949

Last change on this file since 30949 was 30949, checked in by plg, 9 years ago

merge r30948 from trunk to branch 2.7

bug 3200 fixed: add input checks on admin history

Property svn:eol-style set to LF

File size: 17.5 KB

Line
1	<?php
2	// +-----------------------------------------------------------------------+
3	// \| Piwigo - a PHP based photo gallery \|
4	// +-----------------------------------------------------------------------+
5	// \| Copyright(C) 2008-2014 Piwigo Team http://piwigo.org \|
6	// \| Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net \|
7	// \| Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick \|
8	// +-----------------------------------------------------------------------+
9	// \| This program is free software; you can redistribute it and/or modify \|
10	// \| it under the terms of the GNU General Public License as published by \|
11	// \| the Free Software Foundation \|
12	// \| \|
13	// \| This program is distributed in the hope that it will be useful, but \|
14	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
15	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
16	// \| General Public License for more details. \|
17	// \| \|
18	// \| You should have received a copy of the GNU General Public License \|
19	// \| along with this program; if not, write to the Free Software \|
20	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
21	// \| USA. \|
22	// +-----------------------------------------------------------------------+
23
24	/**
25	* Display filtered history lines
26	*/
27
28	// +-----------------------------------------------------------------------+
29	// \| functions \|
30	// +-----------------------------------------------------------------------+
31
32	// +-----------------------------------------------------------------------+
33	// \| initialization \|
34	// +-----------------------------------------------------------------------+
35
36	if (!defined('PHPWG_ROOT_PATH'))
37	{
38	die('Hacking attempt!');
39	}
40
41	include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
42	include_once(PHPWG_ROOT_PATH.'admin/include/functions_history.inc.php');
43
44	if (isset($_GET['start']) and is_numeric($_GET['start']))
45	{
46	$page['start'] = $_GET['start'];
47	}
48	else
49	{
50	$page['start'] = 0;
51	}
52
53	$types = array('none', 'picture', 'high', 'other');
54
55	$display_thumbnails = array('no_display_thumbnail' => l10n('No display'),
56	'display_thumbnail_classic' => l10n('Classic display'),
57	'display_thumbnail_hoverbox' => l10n('Hoverbox display')
58	);
59
60	// +-----------------------------------------------------------------------+
61	// \| Check Access and exit when user status is not ok \|
62	// +-----------------------------------------------------------------------+
63
64	check_status(ACCESS_ADMINISTRATOR);
65
66	// +-----------------------------------------------------------------------+
67	// \| Build search criteria and redirect to results \|
68	// +-----------------------------------------------------------------------+
69
70	$page['errors'] = array();
71	$search = array();
72
73	if (isset($_POST['submit']))
74	{
75	// dates
76	if (!empty($_POST['start']))
77	{
78	$_POST['start'] = trim($_POST['start']);
79	check_input_parameter('start', $_POST, false, '/^\d{4}-\d{2}-\d{2}$/');
80	$search['fields']['date-after'] = $_POST['start'];
81	}
82
83	if (!empty($_POST['end']))
84	{
85	$_POST['end'] = trim($_POST['end']);
86	check_input_parameter('end', $_POST, false, '/^\d{4}-\d{2}-\d{2}$/');
87	$search['fields']['date-before'] = $_POST['end'];
88	}
89
90	if (empty($_POST['types']))
91	{
92	$search['fields']['types'] = $types;
93	}
94	else
95	{
96	check_input_parameter('types', $_POST, true, '/^('.implode('\|', $types).')$/');
97	$search['fields']['types'] = $_POST['types'];
98	}
99
100	$search['fields']['user'] = intval($_POST['user']);
101
102	if (!empty($_POST['image_id']))
103	{
104	$search['fields']['image_id'] = intval($_POST['image_id']);
105	}
106
107	if (!empty($_POST['filename']))
108	{
109	$search['fields']['filename'] = str_replace(
110	'*',
111	'%',
112	pwg_db_real_escape_string($_POST['filename'])
113	);
114	}
115
116	if (!empty($_POST['ip']))
117	{
118	$search['fields']['ip'] = str_replace(
119	'*',
120	'%',
121	pwg_db_real_escape_string($_POST['ip'])
122	);
123	}
124
125	check_input_parameter('display_thumbnail', $_POST, false, '/^('.implode('\|', array_keys($display_thumbnails)).')$/');
126
127	$search['fields']['display_thumbnail'] = $_POST['display_thumbnail'];
128	// Display choise are also save to one cookie
129	if (!empty($_POST['display_thumbnail'])
130	and isset($display_thumbnails[$_POST['display_thumbnail']]))
131	{
132	$cookie_val = $_POST['display_thumbnail'];
133	}
134	else
135	{
136	$cookie_val = null;
137	}
138
139	pwg_set_cookie_var('display_thumbnail', $cookie_val, strtotime('+1 month') );
140
141	// TODO manage inconsistency of having $_POST['image_id'] and
142	// $_POST['filename'] simultaneously
143
144	if (!empty($search))
145	{
146	// register search rules in database, then they will be available on
147	// thumbnails page and picture page.
148	$query ='
149	INSERT INTO '.SEARCH_TABLE.'
150	(rules)
151	VALUES
152	(\''.pwg_db_real_escape_string(serialize($search)).'\')
153	;';
154
155	pwg_query($query);
156
157	$search_id = pwg_db_insert_id(SEARCH_TABLE);
158
159	redirect(
160	PHPWG_ROOT_PATH.'admin.php?page=history&search_id='.$search_id
161	);
162	}
163	else
164	{
165	$page['errors'][] = l10n('Empty query. No criteria has been entered.');
166	}
167	}
168
169	// +-----------------------------------------------------------------------+
170	// \| template init \|
171	// +-----------------------------------------------------------------------+
172
173	$template->set_filename('history', 'history.tpl');
174
175	// TabSheet initialization
176	history_tabsheet();
177
178	$template->assign(
179	array(
180	'U_HELP' => get_root_url().'admin/popuphelp.php?page=history',
181	'F_ACTION' => get_root_url().'admin.php?page=history'
182	)
183	);
184
185	// +-----------------------------------------------------------------------+
186	// \| history lines \|
187	// +-----------------------------------------------------------------------+
188
189	if (isset($_GET['search_id'])
190	and $page['search_id'] = (int)$_GET['search_id'])
191	{
192	// what are the lines to display in reality ?
193	$query = '
194	SELECT rules
195	FROM '.SEARCH_TABLE.'
196	WHERE id = '.$page['search_id'].'
197	;';
198	list($serialized_rules) = pwg_db_fetch_row(pwg_query($query));
199
200	$page['search'] = unserialize($serialized_rules);
201
202	if (isset($_GET['user_id']))
203	{
204	if (!is_numeric($_GET['user_id']))
205	{
206	die('user_id GET parameter must be an integer value');
207	}
208
209	$page['search']['fields']['user'] = $_GET['user_id'];
210
211	$query ='
212	INSERT INTO '.SEARCH_TABLE.'
213	(rules)
214	VALUES
215	(\''.serialize($page['search']).'\')
216	;';
217	pwg_query($query);
218
219	$search_id = pwg_db_insert_id(SEARCH_TABLE);
220
221	redirect(
222	PHPWG_ROOT_PATH.'admin.php?page=history&search_id='.$search_id
223	);
224	}
225
226	/TODO - no need to get a huge number of rows from db (should take only what needed for display + SQL_CALC_FOUND_ROWS/
227	$data = trigger_change('get_history', array(), $page['search'], $types);
228	usort($data, 'history_compare');
229
230	$page['nb_lines'] = count($data);
231
232	$history_lines = array();
233	$user_ids = array();
234	$username_of = array();
235	$category_ids = array();
236	$image_ids = array();
237	$has_tags = false;
238
239	foreach ($data as $row)
240	{
241	$user_ids[$row['user_id']] = 1;
242
243	if (isset($row['category_id']))
244	{
245	$category_ids[$row['category_id']] = 1;
246	}
247
248	if (isset($row['image_id']))
249	{
250	$image_ids[$row['image_id']] = 1;
251	}
252
253	if (isset($row['tag_ids']))
254	{
255	$has_tags = true;
256	}
257
258	$history_lines[] = $row;
259	}
260
261	// prepare reference data (users, tags, categories...)
262	if (count($user_ids) > 0)
263	{
264	$query = '
265	SELECT '.$conf['user_fields']['id'].' AS id
266	, '.$conf['user_fields']['username'].' AS username
267	FROM '.USERS_TABLE.'
268	WHERE id IN ('.implode(',', array_keys($user_ids)).')
269	;';
270	$result = pwg_query($query);
271
272	$username_of = array();
273	while ($row = pwg_db_fetch_assoc($result))
274	{
275	$username_of[$row['id']] = stripslashes($row['username']);
276	}
277	}
278
279	if (count($category_ids) > 0)
280	{
281	$query = '
282	SELECT id, uppercats
283	FROM '.CATEGORIES_TABLE.'
284	WHERE id IN ('.implode(',', array_keys($category_ids)).')
285	;';
286	$uppercats_of = query2array($query, 'id', 'uppercats');
287
288	$name_of_category = array();
289
290	foreach ($uppercats_of as $category_id => $uppercats)
291	{
292	$name_of_category[$category_id] = get_cat_display_name_cache(
293	$uppercats
294	);
295	}
296	}
297
298	if (count($image_ids) > 0)
299	{
300	$query = '
301	SELECT
302	id,
303	IF(name IS NULL, file, name) AS label,
304	filesize,
305	file,
306	path,
307	representative_ext
308	FROM '.IMAGES_TABLE.'
309	WHERE id IN ('.implode(',', array_keys($image_ids)).')
310	;';
311	$image_infos = query2array($query, 'id');
312	}
313
314	if ($has_tags > 0)
315	{
316	$query = '
317	SELECT
318	id,
319	name, url_name
320	FROM '.TAGS_TABLE;
321
322	global $name_of_tag; // used for preg_replace
323	$name_of_tag = array();
324	$result = pwg_query($query);
325	while ($row=pwg_db_fetch_assoc($result))
326	{
327	$name_of_tag[ $row['id'] ] = '<a href="'.make_index_url( array('tags'=>array($row))).'">'.trigger_change("render_tag_name", $row['name'], $row).'</a>';
328	}
329	}
330
331	$i = 0;
332	$first_line = $page['start'] + 1;
333	$last_line = $page['start'] + $conf['nb_logs_page'];
334
335	$summary['total_filesize'] = 0;
336	$summary['guests_IP'] = array();
337
338	foreach ($history_lines as $line)
339	{
340	if (isset($line['image_type']) and $line['image_type'] == 'high')
341	{
342	$summary['total_filesize'] += @intval($image_infos[$line['image_id']]['filesize']);
343	}
344
345	if ($line['user_id'] == $conf['guest_id'])
346	{
347	if (!isset($summary['guests_IP'][ $line['IP'] ]))
348	{
349	$summary['guests_IP'][ $line['IP'] ] = 0;
350	}
351
352	$summary['guests_IP'][ $line['IP'] ]++;
353	}
354
355	$i++;
356
357	if ($i < $first_line or $i > $last_line)
358	{
359	continue;
360	}
361
362	$user_string = '';
363	if (isset($username_of[$line['user_id']]))
364	{
365	$user_string.= $username_of[$line['user_id']];
366	}
367	else
368	{
369	$user_string.= $line['user_id'];
370	}
371	$user_string.= ' <a href="';
372	$user_string.= PHPWG_ROOT_PATH.'admin.php?page=history';
373	$user_string.= '&search_id='.$page['search_id'];
374	$user_string.= '&user_id='.$line['user_id'];
375	$user_string.= '">+</a>';
376
377	$tags_string = '';
378	if (isset($line['tag_ids']))
379	{
380	$tags_string = preg_replace_callback(
381	'/(\d+)/',
382	create_function('$m', 'global $name_of_tag; return isset($name_of_tag[$m[1]]) ? $name_of_tag[$m[1]] : $m[1];'),
383	str_replace(
384	',',
385	', ',
386	$line['tag_ids']
387	)
388	);
389	}
390
391	$image_string = '';
392	if (isset($line['image_id']))
393	{
394	$picture_url = make_picture_url(
395	array(
396	'image_id' => $line['image_id'],
397	)
398	);
399
400	if (isset($image_infos[$line['image_id']]))
401	{
402	$element = array(
403	'id' => $line['image_id'],
404	'file' => $image_infos[$line['image_id']]['file'],
405	'path' => $image_infos[$line['image_id']]['path'],
406	'representative_ext' => $image_infos[$line['image_id']]['representative_ext'],
407	);
408	$thumbnail_display = $page['search']['fields']['display_thumbnail'];
409	}
410	else
411	{
412	$thumbnail_display = 'no_display_thumbnail';
413	}
414
415	$image_title = '('.$line['image_id'].')';
416
417	if (isset($image_infos[$line['image_id']]['label']))
418	{
419	$image_title.= ' '.trigger_change('render_element_description', $image_infos[$line['image_id']]['label']);
420	}
421	else
422	{
423	$image_title.= ' unknown filename';
424	}
425
426	$image_string = '';
427
428	switch ($thumbnail_display)
429	{
430	case 'no_display_thumbnail':
431	{
432	$image_string= '<a href="'.$picture_url.'">'.$image_title.'</a>';
433	break;
434	}
435	case 'display_thumbnail_classic':
436	{
437	$image_string =
438	'<a class="thumbnail" href="'.$picture_url.'">'
439	.'<span><img src="'.DerivativeImage::thumb_url($element)
440	.'" alt="'.$image_title.'" title="'.$image_title.'">'
441	.'</span></a>';
442	break;
443	}
444	case 'display_thumbnail_hoverbox':
445	{
446	$image_string =
447	'<a class="over" href="'.$picture_url.'">'
448	.'<span><img src="'.DerivativeImage::thumb_url($element)
449	.'" alt="'.$image_title.'" title="'.$image_title.'">'
450	.'</span>'.$image_title.'</a>';
451	break;
452	}
453	}
454	}
455
456	$template->append(
457	'search_results',
458	array(
459	'DATE' => $line['date'],
460	'TIME' => $line['time'],
461	'USER' => $user_string,
462	'IP' => $line['IP'],
463	'IMAGE' => $image_string,
464	'TYPE' => $line['image_type'],
465	'SECTION' => $line['section'],
466	'CATEGORY' => isset($line['category_id'])
467	? ( isset($name_of_category[$line['category_id']])
468	? $name_of_category[$line['category_id']]
469	: 'deleted '.$line['category_id'] )
470	: '',
471	'TAGS' => $tags_string,
472	)
473	);
474	}
475
476	$summary['nb_guests'] = 0;
477	if (count(array_keys($summary['guests_IP'])) > 0)
478	{
479	$summary['nb_guests'] = count(array_keys($summary['guests_IP']));
480
481	// we delete the "guest" from the $username_of hash so that it is
482	// avoided in next steps
483	unset($username_of[ $conf['guest_id'] ]);
484	}
485
486	$summary['nb_members'] = count($username_of);
487
488	$member_strings = array();
489	foreach ($username_of as $user_id => $user_name)
490	{
491	$member_string = $user_name.' <a href="';
492	$member_string.= get_root_url().'admin.php?page=history';
493	$member_string.= '&search_id='.$page['search_id'];
494	$member_string.= '&user_id='.$user_id;
495	$member_string.= '">+</a>';
496
497	$member_strings[] = $member_string;
498	}
499
500	$template->assign(
501	'search_summary',
502	array(
503	'NB_LINES' => l10n_dec(
504	'%d line filtered', '%d lines filtered',
505	$page['nb_lines']
506	),
507	'FILESIZE' => $summary['total_filesize'] != 0 ? ceil($summary['total_filesize']/1024).' MB' : '',
508	'USERS' => l10n_dec(
509	'%d user', '%d users',
510	$summary['nb_members'] + $summary['nb_guests']
511	),
512	'MEMBERS' => sprintf(
513	l10n_dec('%d member', '%d members', $summary['nb_members']).': %s',
514	implode(', ', $member_strings)
515	),
516	'GUESTS' => l10n_dec(
517	'%d guest', '%d guests',
518	$summary['nb_guests']
519	),
520	)
521	);
522
523	unset($name_of_tag);
524	}
525
526	// +-----------------------------------------------------------------------+
527	// \| navigation bar \|
528	// +-----------------------------------------------------------------------+
529
530	if (isset($page['search_id']))
531	{
532	$navbar = create_navigation_bar(
533	get_root_url().'admin.php'.get_query_string_diff(array('start')),
534	$page['nb_lines'],
535	$page['start'],
536	$conf['nb_logs_page']
537	);
538
539	$template->assign('navbar', $navbar);
540	}
541
542	// +-----------------------------------------------------------------------+
543	// \| filter form \|
544	// +-----------------------------------------------------------------------+
545
546	$form = array();
547
548	if (isset($page['search']))
549	{
550	if (isset($page['search']['fields']['date-after']))
551	{
552	$form['start'] = $page['search']['fields']['date-after'];
553	}
554
555	if (isset($page['search']['fields']['date-before']))
556	{
557	$form['end'] = $page['search']['fields']['date-before'];
558	}
559
560	$form['types'] = $page['search']['fields']['types'];
561
562	if (isset($page['search']['fields']['user']))
563	{
564	$form['user'] = $page['search']['fields']['user'];
565	}
566	else
567	{
568	$form['user'] = null;
569	}
570
571	$form['image_id'] = @$page['search']['fields']['image_id'];
572	$form['filename'] = @$page['search']['fields']['filename'];
573	$form['ip'] = @$page['search']['fields']['ip'];
574
575	$form['display_thumbnail'] = @$page['search']['fields']['display_thumbnail'];
576	}
577	else
578	{
579	// by default, at page load, we want the selected date to be the current
580	// date
581	$form['start'] = $form['end'] = date('Y-m-d');
582	$form['types'] = $types;
583	// Hoverbox by default
584	$form['display_thumbnail'] =
585	pwg_get_cookie_var('display_thumbnail', 'no_display_thumbnail');
586	}
587
588
589	$template->assign(
590	array(
591	'IMAGE_ID' => @$form['image_id'],
592	'FILENAME' => @$form['filename'],
593	'IP' => @$form['ip'],
594	'START' => @$form['start'],
595	'END' => @$form['end'],
596	)
597	);
598
599	$template->assign(
600	array(
601	'type_option_values' => $types,
602	'type_option_selected' => $form['types']
603	)
604	);
605
606
607	$query = '
608	SELECT
609	'.$conf['user_fields']['id'].' AS id,
610	'.$conf['user_fields']['username'].' AS username
611	FROM '.USERS_TABLE.'
612	ORDER BY username ASC
613	;';
614	$template->assign(
615	array(
616	'user_options' => query2array($query, 'id','username'),
617	'user_options_selected' => array(@$form['user'])
618	)
619	);
620
621	$template->assign('display_thumbnails', $display_thumbnails);
622	$template->assign('display_thumbnail_selected', $form['display_thumbnail']);
623
624	// +-----------------------------------------------------------------------+
625	// \| html code display \|
626	// +-----------------------------------------------------------------------+
627
628	$template->assign_var_from_handle('ADMIN_CONTENT', 'history');
629	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: