diff --git a/core/user_logs/app_config.php b/core/user_logs/app_config.php new file mode 100644 index 0000000000..82546bcce1 --- /dev/null +++ b/core/user_logs/app_config.php @@ -0,0 +1,81 @@ + \ No newline at end of file diff --git a/core/user_logs/app_defaults.php b/core/user_logs/app_defaults.php new file mode 100644 index 0000000000..adadacce42 --- /dev/null +++ b/core/user_logs/app_defaults.php @@ -0,0 +1,7 @@ + diff --git a/core/user_logs/app_languages.php b/core/user_logs/app_languages.php new file mode 100644 index 0000000000..75c752b8a4 --- /dev/null +++ b/core/user_logs/app_languages.php @@ -0,0 +1,422 @@ + \ No newline at end of file diff --git a/core/user_logs/app_menu.php b/core/user_logs/app_menu.php new file mode 100644 index 0000000000..d2cb9882cd --- /dev/null +++ b/core/user_logs/app_menu.php @@ -0,0 +1,19 @@ + \ No newline at end of file diff --git a/core/user_logs/resources/classes/user_logs.php b/core/user_logs/resources/classes/user_logs.php new file mode 100644 index 0000000000..c1a1f0d461 --- /dev/null +++ b/core/user_logs/resources/classes/user_logs.php @@ -0,0 +1,125 @@ + + Portions created by the Initial Developer are Copyright (C) 2019 + the Initial Developer. All Rights Reserved. + + Contributor(s): + Mark J Crane +*/ + +/** + * user_logs class + * + * @method null delete + * @method null toggle + * @method null copy + */ +if (!class_exists('user_logs')) { + class user_logs { + + /** + * declare the variables + */ + private $app_name; + private $app_uuid; + private $name; + private $table; + private $toggle_field; + private $toggle_values; + private $location; + + /** + * called when the object is created + */ + public function __construct() { + //assign the variables + $this->app_name = 'user_logs'; + $this->app_uuid = '582a13cf-7d75-4ea3-b2d9-60914352d76e'; + $this->name = 'user_log'; + $this->table = 'user_logs'; + $this->toggle_field = ''; + $this->toggle_values = ['true','false']; + $this->location = 'user_logs.php'; + } + + /** + * called when there are no references to a particular object + * unset the variables used in the class + */ + public function __destruct() { + foreach ($this as $key => $value) { + unset($this->$key); + } + } + + /** + * delete rows from the database + */ + public function delete($records) { + if (permission_exists($this->name.'_delete')) { + + //add multi-lingual support + $language = new text; + $text = $language->get(); + + //validate the token + $token = new token; + if (!$token->validate($_SERVER['PHP_SELF'])) { + message::add($text['message-invalid_token'],'negative'); + header('Location: '.$this->location); + exit; + } + + //delete multiple records + if (is_array($records) && @sizeof($records) != 0) { + //build the delete array + $x = 0; + foreach ($records as $record) { + //add to the array + if ($record['checked'] == 'true' && is_uuid($record['uuid'])) { + $array[$this->table][$x][$this->name.'_uuid'] = $record['uuid']; + $array[$this->table][$x]['domain_uuid'] = $_SESSION['domain_uuid']; + } + + //increment the id + $x++; + } + + //delete the checked rows + if (is_array($array) && @sizeof($array) != 0) { + //execute delete + $database = new database; + $database->app_name = $this->app_name; + $database->app_uuid = $this->app_uuid; + $database->delete($array); + unset($array); + + //set message + message::add($text['message-delete']); + } + unset($records); + } + } + } + + } +} + +?> \ No newline at end of file diff --git a/core/user_logs/root.php b/core/user_logs/root.php new file mode 100644 index 0000000000..6fdf32f37b --- /dev/null +++ b/core/user_logs/root.php @@ -0,0 +1,90 @@ + + Portions created by the Initial Developer are Copyright (C) 2008-2012 + the Initial Developer. All Rights Reserved. + + Contributor(s): + Mark J Crane +*/ + +// make sure the PATH_SEPARATOR is defined + umask(2); + if (!defined("PATH_SEPARATOR")) { + if (strpos($_ENV["OS"], "Win") !== false) { + define("PATH_SEPARATOR", ";"); + } else { + define("PATH_SEPARATOR", ":"); + } + } + + if (!isset($output_format)) $output_format = (PHP_SAPI == 'cli') ? 'text' : 'html'; + + // make sure the document_root is set + $_SERVER["SCRIPT_FILENAME"] = str_replace("\\", '/', $_SERVER["SCRIPT_FILENAME"]); + if(PHP_SAPI == 'cli'){ + chdir(pathinfo(realpath($_SERVER["PHP_SELF"]), PATHINFO_DIRNAME)); + $script_full_path = str_replace("\\", '/', getcwd() . '/' . $_SERVER["SCRIPT_FILENAME"]); + $dirs = explode('/', pathinfo($script_full_path, PATHINFO_DIRNAME)); + if (file_exists('/project_root.php')) { + $path = '/'; + } else { + $i = 1; + $path = ''; + while ($i < count($dirs)) { + $path .= '/' . $dirs[$i]; + if (file_exists($path. '/project_root.php')) { + break; + } + $i++; + } + } + $_SERVER["DOCUMENT_ROOT"] = $path; + }else{ + $_SERVER["DOCUMENT_ROOT"] = str_replace($_SERVER["PHP_SELF"], "", $_SERVER["SCRIPT_FILENAME"]); + } + $_SERVER["DOCUMENT_ROOT"] = realpath($_SERVER["DOCUMENT_ROOT"]); +// try to detect if a project path is being used + if (!defined('PROJECT_PATH')) { + if (is_dir($_SERVER["DOCUMENT_ROOT"]. '/fusionpbx')) { + define('PROJECT_PATH', '/fusionpbx'); + } elseif (file_exists($_SERVER["DOCUMENT_ROOT"]. '/project_root.php')) { + define('PROJECT_PATH', ''); + } else { + $dirs = explode('/', str_replace('\\', '/', pathinfo($_SERVER["PHP_SELF"], PATHINFO_DIRNAME))); + $i = 1; + $path = $_SERVER["DOCUMENT_ROOT"]; + while ($i < count($dirs)) { + $path .= '/' . $dirs[$i]; + if (file_exists($path. '/project_root.php')) { + break; + } + $i++; + } + if(!file_exists($path. '/project_root.php')){ + die("Failed to locate the Project Root by searching for project_root.php please contact support for assistance"); + } + $project_path = str_replace($_SERVER["DOCUMENT_ROOT"], "", $path); + define('PROJECT_PATH', $project_path); + } + $_SERVER["PROJECT_ROOT"] = realpath($_SERVER["DOCUMENT_ROOT"] . PROJECT_PATH); + set_include_path(get_include_path() . PATH_SEPARATOR . $_SERVER["PROJECT_ROOT"]); + } + +?> \ No newline at end of file diff --git a/core/user_logs/user_log_edit.php b/core/user_logs/user_log_edit.php new file mode 100644 index 0000000000..10c368ab30 --- /dev/null +++ b/core/user_logs/user_log_edit.php @@ -0,0 +1,213 @@ +get(); + +//get the uuid + $user_log_uuid = $_GET['id']; + +//pre-populate the form + if (is_array($_GET) && $_POST["persistformvar"] != "true") { + $sql = "select * from v_user_logs "; + $sql .= "where user_log_uuid = :user_log_uuid "; + //$sql .= "and domain_uuid = :domain_uuid "; + //$parameters['domain_uuid'] = $_SESSION['domain_uuid']; + $parameters['user_log_uuid'] = $user_log_uuid; + $database = new database; + $row = $database->select($sql, $parameters, 'row'); + if (is_array($row) && @sizeof($row) != 0) { + $domain_uuid = $row["domain_uuid"]; + $timestamp = $row["timestamp"]; + $user_uuid = $row["user_uuid"]; + $username = $row["username"]; + $type = $row["type"]; + $result = $row["result"]; + $remote_address = $row["remote_address"]; + $user_agent = $row["user_agent"]; + } + unset($sql, $parameters, $row); + } + +//create token + $object = new token; + $token = $object->create($_SERVER['PHP_SELF']); + +//show the header + $document['title'] = $text['title-user_log']; + require_once "resources/header.php"; + +//get the users + $sql = "SELECT user_uuid, username FROM v_users "; + $sql .= "WHERE domain_uuid = :domain_uuid "; + $sql .= "ORDER by username asc "; + $parameters['domain_uuid'] = $_SESSION['domain_uuid']; + $database = new database; + $users = $database->execute($sql, $parameters, 'all'); + unset ($sql, $parameters); + +//show the content + echo "
\n"; + echo "\n"; + + echo "
\n"; + echo "
".$text['title-user_log']."
\n"; + echo "
\n"; + echo button::create(['type'=>'button','label'=>$text['button-back'],'icon'=>$_SESSION['theme']['button_icon_back'],'id'=>'btn_back','collapse'=>'hide-xs','style'=>'margin-right: 15px;','link'=>'user_logs.php']); + echo "
\n"; + echo "
\n"; + echo "
\n"; + + echo $text['title_description-user_logs']."\n"; + echo "

\n"; + + echo "\n"; + + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + + echo "
\n"; + echo " ".$text['label-domain_uuid']."\n"; + echo "\n"; + echo " \n"; + echo "
\n"; + echo $text['description-domain_uuid']."\n"; + echo "
\n"; + echo " ".$text['label-timestamp']."\n"; + echo "\n"; + echo " \n"; + echo "
\n"; + echo $text['description-timestamp']."\n"; + echo "
\n"; + echo " ".$text['label-user_uuid']."\n"; + echo "\n"; + echo " \n"; + echo "
\n"; + echo $text['description-user_uuid']."\n"; + echo "
\n"; + echo " ".$text['label-username']."\n"; + echo "\n"; + echo " \n"; + echo "
\n"; + echo $text['description-username']."\n"; + echo "
\n"; + echo " ".$text['label-type']."\n"; + echo "\n"; + echo " \n"; + echo "
\n"; + echo $text['description-type']."\n"; + echo "
\n"; + echo " ".$text['label-result']."\n"; + echo "\n"; + echo " \n"; + echo "
\n"; + echo $text['description-result']."\n"; + echo "
\n"; + echo " ".$text['label-remote_address']."\n"; + echo "\n"; + echo " \n"; + echo "
\n"; + echo $text['description-remote_address']."\n"; + echo "
\n"; + echo " ".$text['label-user_agent']."\n"; + echo "\n"; + echo " \n"; + echo "
\n"; + echo $text['description-user_agent']."\n"; + echo "
"; + echo "

"; + + echo "\n"; + + echo "
"; + +//include the footer + require_once "resources/footer.php"; + +?> \ No newline at end of file diff --git a/core/user_logs/user_logs.php b/core/user_logs/user_logs.php new file mode 100644 index 0000000000..8427370204 --- /dev/null +++ b/core/user_logs/user_logs.php @@ -0,0 +1,262 @@ + + Portions created by the Initial Developer are Copyright (C) 2018 - 2020 + the Initial Developer. All Rights Reserved. +*/ + +//includes + require_once "root.php"; + require_once "resources/require.php"; + require_once "resources/check_auth.php"; + require_once "resources/paging.php"; + +//check permissions + if (permission_exists('user_log_view')) { + //access granted + } + else { + echo "access denied"; + exit; + } + +//add multi-lingual support + $language = new text; + $text = $language->get(); + +//get the http post data + if (is_array($_POST['user_logs'])) { + $action = $_POST['action']; + $search = $_POST['search']; + $user_logs = $_POST['user_logs']; + } + +//process the http post data by action + if ($action != '' && is_array($user_logs) && @sizeof($user_logs) != 0) { + + //validate the token + $token = new token; + if (!$token->validate($_SERVER['PHP_SELF'])) { + message::add($text['message-invalid_token'],'negative'); + header('Location: user_logs.php'); + exit; + } + + //prepare the array + foreach($user_logs as $row) { + $array['user_logs'][$x]['checked'] = $row['checked']; + $array['user_logs'][$x]['user_log_uuid'] = $row['user_log_uuid']; + $x++; + } + + //prepare the database object + $database = new database; + $database->app_name = 'user_logs'; + $database->app_uuid = '582a13cf-7d75-4ea3-b2d9-60914352d76e'; + + //send the array to the database class + if ($action == 'delete') { + if (permission_exists('user_log_delete')) { + $database->delete($array); + } + } + + //redirect the user + header('Location: user_logs.php'.($search != '' ? '?search='.urlencode($search) : null)); + exit; + } + +//get order and order by + $order_by = $_GET["order_by"]; + $order = $_GET["order"]; + +//add the search + if (isset($_GET["search"])) { + $search = strtolower($_GET["search"]); + $parameters['search'] = '%'.$search.'%'; + } + +//get the count + $sql = "select count(user_log_uuid) "; + $sql .= "from v_user_logs "; + if (isset($search)) { + $sql .= "where ("; + $sql .= " lower(username) like :search "; + $sql .= " or lower(type) like :search "; + $sql .= " or lower(result) like :search "; + $sql .= " or lower(remote_address) like :search "; + $sql .= " or lower(user_agent) like :search "; + $sql .= ") "; + } + else { + $sql .= "where (domain_uuid = :domain_uuid or domain_uuid is null) "; + if (isset($sql_search)) { + $sql .= "and ".$sql_search; + } + $parameters['domain_uuid'] = $domain_uuid; + } + $database = new database; + $num_rows = $database->select($sql, $parameters, 'column'); + unset($sql, $parameters); + +//prepare to page the results + $rows_per_page = ($_SESSION['domain']['paging']['numeric'] != '') ? $_SESSION['domain']['paging']['numeric'] : 50; + $param = $search ? "&search=".$search : null; + $param = ($_GET['show'] == 'all' && permission_exists('user_log_all')) ? "&show=all" : null; + $page = is_numeric($_GET['page']) ? $_GET['page'] : 0; + list($paging_controls, $rows_per_page) = paging($num_rows, $param, $rows_per_page); + list($paging_controls_mini, $rows_per_page) = paging($num_rows, $param, $rows_per_page, true); + $offset = $rows_per_page * $page; + +//get the list + $sql = "select "; + $sql .= "domain_uuid, "; + $sql .= "user_log_uuid, "; + $sql .= "timestamp, "; + $sql .= "username, "; + $sql .= "type, "; + $sql .= "result, "; + $sql .= "remote_address, "; + $sql .= "user_agent "; + $sql .= "from v_user_logs "; + if (isset($_GET["search"])) { + $sql .= "where ("; + $sql .= " lower(username) like :search "; + $sql .= " or lower(type) like :search "; + $sql .= " or lower(result) like :search "; + $sql .= " or lower(remote_address) like :search "; + $sql .= " or lower(user_agent) like :search "; + $sql .= ") "; + } + $sql .= order_by($order_by, $order, 'timestamp', 'desc'); + $sql .= limit_offset($rows_per_page, $offset); + $database = new database; + $user_logs = $database->select($sql, $parameters, 'all'); + unset($sql, $parameters); + +//create token + $object = new token; + $token = $object->create($_SERVER['PHP_SELF']); + +//additional includes + $document['title'] = $text['title-user_logs']; + require_once "resources/header.php"; + +//show the content + echo "
\n"; + echo "
".$text['title-user_logs']." (".$num_rows.")
\n"; + echo "
\n"; + if (permission_exists('user_log_delete') && $user_logs) { + echo button::create(['type'=>'button','label'=>$text['button-delete'],'icon'=>$_SESSION['theme']['button_icon_delete'],'id'=>'btn_delete','name'=>'btn_delete','style'=>'display:none;','onclick'=>"modal_open('modal-delete','btn_delete');"]); + } + echo "\n"; + echo "
\n"; + echo "
\n"; + echo "
\n"; + + if (permission_exists('user_log_delete') && $user_logs) { + echo modal::create(['id'=>'modal-delete','type'=>'delete','actions'=>button::create(['type'=>'button','label'=>$text['button-continue'],'icon'=>'check','id'=>'btn_delete','style'=>'float: right; margin-left: 15px;','collapse'=>'never','onclick'=>"modal_close(); list_action_set('delete'); list_form_submit('form_list');"])]); + } + + echo $text['title_description-user_logs']."\n"; + echo "

\n"; + + echo "
\n"; + echo "\n"; + echo "\n"; + + echo "\n"; + echo "\n"; + if (permission_exists('user_log_add') || permission_exists('user_log_edit') || permission_exists('user_log_delete')) { + echo " \n"; + } + if ($_GET['show'] == 'all' && permission_exists('user_log_all')) { + echo th_order_by('domain_name', $text['label-domain'], $order_by, $order); + } + echo th_order_by('timestamp', $text['label-timestamp'], $order_by, $order); + echo th_order_by('username', $text['label-username'], $order_by, $order); + echo th_order_by('type', $text['label-type'], $order_by, $order); + echo th_order_by('result', $text['label-result'], $order_by, $order); + echo th_order_by('remote_address', $text['label-remote_address'], $order_by, $order); + echo th_order_by('user_agent', $text['label-user_agent'], $order_by, $order); + if (permission_exists('user_log_edit') && $_SESSION['theme']['list_row_edit_button']['boolean'] == 'true') { + echo " \n"; + } + echo "\n"; + + if (is_array($user_logs) && @sizeof($user_logs) != 0) { + $x = 0; + foreach ($user_logs as $row) { + if (permission_exists('user_log_edit')) { + $list_row_url = "user_log_edit.php?id=".urlencode($row['user_log_uuid']); + } + echo "\n"; + if (permission_exists('user_log_add') || permission_exists('user_log_edit') || permission_exists('user_log_delete')) { + echo " \n"; + } + if ($_GET['show'] == 'all' && permission_exists('user_log_all')) { + echo " \n"; + } + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + if (permission_exists('user_log_edit') && $_SESSION['theme']['list_row_edit_button']['boolean'] == 'true') { + echo " \n"; + } + echo "\n"; + $x++; + } + unset($user_logs); + } + + echo "
\n"; + echo " \n"; + echo "  
\n"; + echo " \n"; + echo " \n"; + echo " ".escape($_SESSION['domains'][$row['domain_uuid']]['domain_name'])."".escape($row['timestamp'])."".escape($row['username'])."".escape($row['type'])."".escape($row['result'])."".escape($row['remote_address'])."".escape($row['user_agent'])."\n"; + echo button::create(['type'=>'button','title'=>$text['button-edit'],'icon'=>$_SESSION['theme']['button_icon_edit'],'link'=>$list_row_url]); + echo "
\n"; + echo "
\n"; + echo "
".$paging_controls."
\n"; + echo "\n"; + echo "
\n"; + +//include the footer + require_once "resources/footer.php"; + +?> \ No newline at end of file