Issues in main.php (master) - Issues in master - XoopsModules25x/statistics - Measure and Improve Code Quality continuously with Scrutinizer

Issues (132)

Security Analysis not enabled

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

Header Injection

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

admin/main.php (1 issue)

Labels

Severity

Minor 1

<?php
/*
 * You may not change or alter any portion of this comment or credits
 * of supporting developers from this source code or any supporting source code
 * which is considered copyrighted (c) material of the original comment or credit authors.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 */

/**
 * @copyright      {@link https://xoops.org/ XOOPS Project}
 * @license        {@link https://www.gnu.org/licenses/gpl-2.0.html GNU GPL 2 or later}
 * @package
 * @since
 * @author         XOOPS Development Team
 */

use XoopsModules\Statistics\Utility;

require_once __DIR__ . '/admin_header.php';

$moduleDirName = basename(dirname(__DIR__));
xoops_loadLanguage('main', $moduleDirName);

// require_once  dirname(__DIR__) . '/class/clsWhois.php';
//require_once dirname(__DIR__) . '/include/statutils.php';

function remoteAddr()
{
    global $xoopsDB;

    $result = $xoopsDB->queryF('SELECT ip, date, hits FROM ' . $xoopsDB->prefix('stats_ip') . ' ORDER BY date');
    $iplist = [];
    $i      = 0;
    while (list($ip, $date, $hits) = $xoopsDB->fetchRow($result)) {
        $iplist[$i]['ip']   = $ip;
        $iplist[$i]['hits'] = $hits;
        preg_match('/([0-9]{4})([0-9]{2})([0-9]{2})([0-9]{2})/', $date, $regs);
        $iplist[$i]['ipyear']  = $regs[1];
        $iplist[$i]['ipmonth'] = $regs[2];
        $iplist[$i]['ipday']   = $regs[3];
        $iplist[$i]['iphour']  = $regs[4];
        ++$i;
    }

    echo "<h4 style='text-align:left;'>" . STATS_REMOTEADDR_HEAD . ' - ' . STATS_STDIP . "</h4><br>\n";
    echo "<table><tr><td>\n";
    echo "<form action='index.php' method='post'>\n";
    echo $GLOBALS['xoopsSecurity']->getTokenHTML();
    echo "<input type='hidden' name='op' value='purge_ips'>\n";
    echo "<input type='submit' value='" . STATS_IPPURGE . "' name='selsubmit'>";
    echo "</form>\n";
    echo "</td><td>\n";
    echo "<form action='main.php' method='post'>\n";
    echo $GLOBALS['xoopsSecurity']->getTokenHTML();
    echo "<input type='hidden' name='op' value='unique_ips'>\n";
    echo "<input type='submit' value='" . STATS_UNIQUEIP . "' name='selsubmit'>";
    echo "</form>\n";
    echo "</td></tr></table>\n";
    echo "<table>\n";
    echo '<tr><th>' . STATS_REMOTE_IP . '</th><th>' . STATS_REMOTE_DATE . '</th><th>' . STATS_REMOTE_HOUR . '</th><th>' . STATS_REMOTE_HITS . "</th></tr>\n";
    foreach ($iplist as $item) {
        echo '<tr><td><a href="main.php?op=reverseip&amp;iplookup=' . $item['ip'] . '">' . $item['ip'] . '</a></td>' . '<td>' . $item['ipmonth'] . '-' . $item['ipday'] . '-' . $item['ipyear'] . '</td><td>' . $item['iphour'] . '</td><td>' . $item['hits'] . "</td></tr>\n";
    }

    echo '</table>';
}

function uniqueRemoteAddr()
{
    global $xoopsDB;

    $result = $xoopsDB->queryF('SELECT ip, SUM(hits) AS total FROM ' . $xoopsDB->prefix('stats_ip') . ' GROUP BY ip ORDER BY total DESC');
    $iplist = [];
    $i      = 0;
    while (list($ip, $total) = $xoopsDB->fetchRow($result)) {
        $iplist[$i]['ip']   = $ip;
        $iplist[$i]['hits'] = $total;
        ++$i;
    }

    echo "<h4 style='text-align:left;'>" . STATS_REMOTEADDR_HEAD . ' - ' . STATS_UNIQUEIP . "</h4><br>\n";
    echo "<table><tr><td>\n";
    echo "<form action='main.php' method='post'>\n";
    echo $GLOBALS['xoopsSecurity']->getTokenHTML();
    echo "<input type='hidden' name='op' value='purge_ips'>\n";
    echo "<input type='submit' value='" . STATS_IPPURGE . "' name='selsubmit'>";
    echo "</form>\n";
    echo "</td><td>\n";
    echo "<form action='main.php' method='post'>\n";
    echo $GLOBALS['xoopsSecurity']->getTokenHTML();
    echo "<input type='hidden' name='op' value='remote_addr'>\n";
    echo "<input type='submit' value='" . STATS_STDIP . "' name='selsubmit'>";
    echo "</form>\n";
    echo "</td></tr></table>\n";
    echo "<table>\n";
    echo '<tr><th>' . STATS_REMOTE_IP . '</th><th>' . STATS_REMOTE_HITS . "</th></tr>\n";
    foreach ($iplist as $item) {
        echo '<tr><td><a href="main.php?op=reverseip&amp;iplookup=' . $item['ip'] . '">' . $item['ip'] . '</a></td>' . '<td>' . $item['hits'] . "</td></tr>\n";
    }

    echo '</table>';
}

function purgeRemoteAddr()
{
    global $xoopsDB;

    echo "<h4 style='text-align:left;'>" . STATS_REMOTEADDR_HEAD . "</h4><br>\n";

    $result = $xoopsDB->queryF('truncate table ' . $xoopsDB->prefix('stats_ip'));
    if ($result) {
        echo STATS_REMOTEADDR_PURGE;
    } else {
        echo STATS_REMOTEADDR_NPURGE;
    }
}

function referDB($orderby)
{
    global $xoopsDB;

    // get the current referers
    $result    = $xoopsDB->queryF('select ip, refer, date, hits, referpath from ' . $xoopsDB->prefix('stats_refer') . " order by $orderby DESC");
    $referlist = [];
    $i         = 0;
    while (list($ip, $refer, $date, $hits, $referpath) = $xoopsDB->fetchRow($result)) {
        $referpathparts = explode('|', $referpath);

        $referlist[$i]['ip']        = $ip;
        $referlist[$i]['refer']     = $refer;
        $referlist[$i]['referpath'] = $referpathparts[0];

        if (isset($referpathparts[1])) {
            $querystr = $referpathparts[1];
        } else {
            $querystr = '';
        }

        $referlist[$i]['query'] = $querystr;

        if (isset($referpathparts[2])) {
            $fragmentstr = $referpathparts[2];
        } else {
            $fragmentstr = '';
        }

        $referlist[$i]['fragment'] = $fragmentstr;

        $referlist[$i]['hits'] = $hits;
        preg_match('/([0-9]{4})([0-9]{2})([0-9]{2})([0-9]{2})/', $date, $regs);
        $referlist[$i]['referyear']  = $regs[1];
        $referlist[$i]['refermonth'] = $regs[2];
        $referlist[$i]['referday']   = $regs[3];
        $referlist[$i]['referhour']  = $regs[4];
        ++$i;
    }

    // get any current blacklist
    $result = $xoopsDB->queryF('SELECT * FROM ' . $xoopsDB->prefix('stats_refer_blacklist'));
    [$id, $referer] = $xoopsDB->fetchRow($result);
    $referblacklist = unserialize(stripslashes($referer));
    if (!is_array($referblacklist)) { // something went wrong, or there is no data...
        $referblacklist = [];
    }

    echo "<h4 style='text-align:left;'>" . STATS_REFER_HEAD . "</h4><br>\n";
    echo "<div style=\"font-size: x-small;\"><table cellspacing=\"0\" cellpadding=\"0\" border='1'><tr><td><form action='main.php' method='post'>\n";
    echo "<input type='hidden' name='op' value='purge_refer'>\n";
    echo "<input style=\"font-size: x-small;\" type='submit' value='" . STATS_REFERPURGE . "' name='selsubmit'>";
    echo "</form></td>\n";
    echo "<td><form action='main.php' method='post'>\n";
    echo STATS_STATSBL_INST . "<input type='hidden' name='op' value='blacklist_refer'>\n";
    echo "<br><textarea name='bad_refer' id='bad_refer' rows='5' cols='50'>\n";

    $rbldelimited = implode('|', $referblacklist);
    echo $rbldelimited;

    echo "</textarea><br>\n";

    echo STATS_STATSBL_HELP;
    echo "<br><input style=\"font-size: x-small;\" type='submit' value='" . STATS_REFERBLACKLIST . "' name='selsubmit'>\n";
    echo "</form>\n";
    echo "<form action='main.php' method='post'>\n";
    echo $GLOBALS['xoopsSecurity']->getTokenHTML();
    echo "<input type='hidden' name='op' value='purge_blacklist'>\n";
    echo "<input style=\"font-size: x-small;\" type='submit' value='" . STATS_PURGEBL . "' name='purgesubmit'>";
    echo "</td></tr></table></div>\n";

    // figure out which arrow image to display
    $referimg = 'refer' === $orderby ? 'arrowup.gif' : 'arrowdn.gif';
    $hitsimg  = 'hits' === $orderby ? 'arrowup.gif' : 'arrowdn.gif';
    $dateimg  = 'date' === $orderby ? 'arrowup.gif' : 'arrowdn.gif';

    echo "<div style=\"font-size: xx-small;\"><table>\n";
    echo '<tr><th>'
         . STATS_REMOTE_IP
         . '</th><th>'
         . STATS_REFER
         . ': <A href="main.php?op=refer&amp;orderby=refer"><img src="../assets/images/'
         . $referimg
         . '"></a></th>'
         . '<th>'
         . STATS_XWHOIS
         . '</th><th>'
         . STATS_REFER_PATH
         . "</th><th>\n"
         . STATS_QUERYSTRING
         . '</th><th>'
         . STATS_FRAGMENTSTRING
         . "</th><th>\n"
         . STATS_REFER_DATE
         . ': <a href="main.php?op=refer&amp;orderby=date"><img src="../assets/images/'
         . $dateimg
         . '"></a></th><th>'
         . STATS_REFER_HOUR
         . "</th><th>\n"
         . STATS_REFER_HITS
         . ': <a href="main.php?op=refer&amp;orderby=hits"><img src="../assets/images/'
         . $hitsimg
         . "\"></a></th></tr>\n";
    foreach ($referlist as $item) {
        $dn   = explode('.', $item['refer']);
        $name = $dn[1];
        if (isset($dn[2])) {
            $name .= '.' . $dn[2];
        }

        echo "<tr><td align='left'><a href=\"main.php?op=reverseip&amp;iplookup="
             . $item['ip']
             . '">'
             . $item['ip']
             . '</a></td>'
             . "<td align='right'><a href='http://"
             . $item['refer']
             . "' target='_new'>"
             . $item['refer']
             . "</a></td>\n"
             . '<td><a href="main.php?op=xwhois&amp;dnslookup='
             . $name
             . '&amp;orderby='
             . $orderby
             . '">'
             . STATS_XWHOIS
             . "</a></td>\n"
             . "<td><a href='http://"
             . $item['refer']
             . $item['referpath']
             . "' target='_new'>"
             . $item['referpath']
             . "</a></td>\n"
             . '<td>'
             . $item['query']
             . '</td><td>'
             . $item['fragment']
             . "</td>\n"
             . '<td>'
             . $item['refermonth']
             . '-'
             . $item['referday']
             . '-'
             . $item['referyear']
             . "</td>\n"
             . '<td>'
             . $item['referhour']
             . '</td><td>'
             . $item['hits']
             . "</td></tr>\n";
    }

    echo '</table></div>';
}

function purgeReferDB()
{
    global $xoopsDB;

    echo "<h4 style='text-align:left;'>" . STATS_REFER_HEAD . "</h4><br>\n";

    $result = $xoopsDB->queryF('truncate table ' . $xoopsDB->prefix('stats_refer'));
    if ($result) {
        echo STATS_REFER_PURGE;
    } else {
        echo STATS_REFER_NPURGE;
    }
}

function purgeBlacklist()
{
    global $xoopsDB;

    echo "<h4 style='text-align:left;'>" . STATS_PURGEBL . "</h4><br>\n";

    $result = $xoopsDB->queryF('truncate table ' . $xoopsDB->prefix('stats_refer_blacklist'));
    if ($result) {
        echo STATS_BLACKLIST_PURGE;
    } else {
        echo STATS_BLACKLIST_NPURGE;
    }
}

function blacklistReferDB($blr)
{
    global $xoopsDB;

    // truncate table first
    $result = $xoopsDB->queryF('truncate table ' . $xoopsDB->prefix('stats_refer_blacklist'));

    echo "<h4 style='text-align:left;'>" . STATS_BLACKLIST_CREATED . "</h4><br>\n";

    $rbl = explode('|', $blr);
    // insert into database table
    $result = $xoopsDB->queryF('INSERT INTO ' . $xoopsDB->prefix('stats_refer_blacklist') . " (referer) VALUES ('" . addslashes(serialize($rbl)) . "')");

    if ($result) {
        foreach ($rbl as $item) {
            echo STATS_BLACKLISTED . $item . '<br>';
        }
    }
}

function userScreen()
{
    global $xoopsDB;

    $result  = $xoopsDB->queryF('SELECT id, hits FROM ' . $xoopsDB->prefix('stats_userscreen'));
    $usWidth = [];
    $i       = 0;
    while (list($id, $hits) = $xoopsDB->fetchRow($result)) {
        switch ($id) {
            case '1':
                $usWidth[$i]['id'] = '640';
                break;
            case '2':
                $usWidth[$i]['id'] = '800';
                break;
            case '3':
                $usWidth[$i]['id'] = '1024';
                break;
            case '4':
                $usWidth[$i]['id'] = '1152';
                break;
            case '5':
                $usWidth[$i]['id'] = '1280';
                break;
            case '6':
                $usWidth[$i]['id'] = '1600';
                break;
            default:
                $usWidth[$i]['id'] = STATS_SW_UNKNOWN;
                break;
        }
        $usWidth[$i]['hits'] = $hits;
        ++$i;
    }

    $result  = $xoopsDB->queryF('SELECT id, hits FROM ' . $xoopsDB->prefix('stats_usercolor'));
    $usColor = [];
    $i       = 0;
    while (list($id, $hits) = $xoopsDB->fetchRow($result)) {
        switch ($id) {
            case '1':
                $usColor[$i]['id'] = '8';
                break;
            case '2':
                $usColor[$i]['id'] = '16';
                break;
            case '3':
                $usColor[$i]['id'] = '24';
                break;
            case '4':
                $usColor[$i]['id'] = '32';
                break;
            default:
                $usColor[$i]['id'] = STATS_SC_UNKNOWN;
                break;
        }
        $usColor[$i]['hits'] = $hits;
        ++$i;
    }

    echo '<table width="100%" cellpadding="1" cellspacing="1" border="0"><tr><th colspan="2">' . STATS_USERSCREEN_HEAD . "</th></tr><tr><td align=\"center\" valign=\"top\" width=\"50%\">\n";
    echo "<table cellpadding=\"0\" cellspacing=\"0\" border=\"0\" width=\"100%\">\n" . '<tr><th width="50%">' . STATS_SW_HEAD . '</th><th width="50%">' . STATS_SCREEN_HITS . "</th></tr>\n";
    foreach ($usWidth as $current) {
        echo '<tr><td>' . $current['id'] . '</td><td>' . $current['hits'] . "</td></tr>\n";
    }
    echo "</table></td><td align=\"center\" valign=\"top\" width=\"50%\"><table cellpadding=\"0\" cellspacing=\"0\" border=\"0\" width=\"100%\">\n";
    echo '<tr><th width="50%">' . STATS_SC_HEAD . '</th><th width="50%">' . STATS_SCREEN_HITS . "</th></tr>\n";
    foreach ($usColor as $current) {
        echo '<tr><td>' . $current['id'] . '</td><td>' . $current['hits'] . "</td></tr>\n";
    }
    echo "</table>\n";
    echo "</td></tr>\n";
    echo "<tr><td>\n";
    echo "<form action='main.php' method='post'>\n";
    echo $GLOBALS['xoopsSecurity']->getTokenHTML();
    echo "<input type='hidden' name='op' value='purge_userscreen'>\n";
    echo "<input style=\"font-size: x-small;\" type='submit' value='" . STATS_SCREEN_PURGE . "' name='selsubmit'>";
    echo "</form>\n";
    echo "</td></tr>\n";
    echo "</table>\n";
}

function purgeUserScreen()
{
    global $xoopsDB;

    echo "<h4 style='text-align:left;'>" . STATS_SCREEN_PURGE . "</h4><br>\n";

    $result_one = $xoopsDB->queryF('truncate table ' . $xoopsDB->prefix('stats_usercolor'));
    $result_two = $xoopsDB->queryF('truncate table ' . $xoopsDB->prefix('stats_userscreen'));
    if ($result_one && $result_two) {
        echo STATS_USERSCREEN_PURGE;
        $result = $xoopsDB->queryF('INSERT INTO ' . $xoopsDB->prefix('stats_userscreen') . ' VALUES (1, 0)');
        $result = $xoopsDB->queryF('INSERT INTO ' . $xoopsDB->prefix('stats_userscreen') . ' VALUES (2, 0)');
        $result = $xoopsDB->queryF('INSERT INTO ' . $xoopsDB->prefix('stats_userscreen') . ' VALUES (3, 0)');
        $result = $xoopsDB->queryF('INSERT INTO ' . $xoopsDB->prefix('stats_userscreen') . ' VALUES (4, 0)');
        $result = $xoopsDB->queryF('INSERT INTO ' . $xoopsDB->prefix('stats_userscreen') . ' VALUES (5, 0)');
        $result = $xoopsDB->queryF('INSERT INTO ' . $xoopsDB->prefix('stats_userscreen') . ' VALUES (6, 0)');
        $result = $xoopsDB->queryF('INSERT INTO ' . $xoopsDB->prefix('stats_userscreen') . ' VALUES (7, 0)');
        $result = $xoopsDB->queryF('INSERT INTO ' . $xoopsDB->prefix('stats_usercolor') . ' VALUES (1, 0)');
        $result = $xoopsDB->queryF('INSERT INTO ' . $xoopsDB->prefix('stats_usercolor') . ' VALUES (2, 0)');
        $result = $xoopsDB->queryF('INSERT INTO ' . $xoopsDB->prefix('stats_usercolor') . ' VALUES (3, 0)');
        $result = $xoopsDB->queryF('INSERT INTO ' . $xoopsDB->prefix('stats_usercolor') . ' VALUES (4, 0)');
        $result = $xoopsDB->queryF('INSERT INTO ' . $xoopsDB->prefix('stats_usercolor') . ' VALUES (5, 0)');
    } else {
        echo STATS_USERSCREEN_NPURGE;
    }
}

function statsreverselookup($ip)
{
    $whois = new xWhois();

    $d = $whois->reverselookup($ip);

    echo "<table width='100%' cellpadding='0' cellspacing='0'>\n" . '<tr><th>' . STATS_REVERSELOOKUP . "$ip</th></tr>\n" . '<tr><td>' . $d . "</td></tr></table>\n";
}

function statsdnslookup($domainname)
{
    $whois = new xWhois();

    $d = $whois->lookup($domainname);

    echo "<table width='100%' cellpadding='0' cellspacing='0'>\n" . '<tr><th>' . STATS_DNSLOOKUP . "$ip</th></tr>\n" . '<tr><td>' . $d . "</td></tr></table>\n";

}

if (!isset($_POST['op'])) {
    $op = \Xmf\Request::getString('op', '', 'GET');
} else {
    $op = $_POST['op'];
}

xoops_cp_header();

switch ($op) {
    case INFO_CREDITS:
        phpcredits(CREDITS_ALL - CREDITS_FULLPAGE);
        echo '<hr><a href="index.php">' . STATS_ADMINHEAD . "</a>\n";
        break;
    case INFO_GENERAL:
    case INFO_CONFIGURATION:
    case INFO_MODULES:
    case INFO_ENVIRONMENT:
    case INFO_VARIABLES:
    case INFO_LICENSE:
    case INFO_ALL:
        ob_start();

        phpinfo($op);

        $php_info = ob_get_contents();
        ob_end_clean();

        $php_info = str_replace('<html><body>', '', $php_info);
        $php_info = str_replace('</body></html>', '', $php_info);

        $offset = mb_strpos($php_info, '<table');

        print mb_substr($php_info, $offset);
        echo '<hr><a href="index.php">' . STATS_ADMINHEAD . "</a>\n";
        break;
    case 'reverseip':
        if (!isset($_POST['iplookup'])) {
            $iplookup = \Xmf\Request::getString('iplookup', '', 'GET');
        } else {
            $iplookup = $_POST['iplookup'];
        }

        if ('' != $iplookup) {
            statsreverselookup($iplookup);
        }
        remoteAddr();
        echo '<hr><a href="index.php">' . STATS_ADMINHEAD . "</a>\n";
        break;
    case 'xwhois':
        if (!isset($_POST['dnslookup'])) {
            $dnslookup = \Xmf\Request::getString('dnslookup', '', 'GET');
        } else {
            $dnslookup = $_POST['dnslookup'];
        }

        if ('' != $dnslookup) {
            statsdnslookup($dnslookup);
        }

        if (!isset($_POST['orderby'])) {
            $orderby = isset($_GET['orderby']) ? $_GET['orderby'] : 'date';
        } else {
            $orderby = $_POST['orderby'];
        }

        referDB($orderby);
        echo '<hr><a href="index.php">' . STATS_ADMINHEAD . "</a>\n";
        break;
    case 'unique_ips':
        uniqueRemoteAddr();
        echo '<hr><a href="index.php">' . STATS_ADMINHEAD . "</a>\n";
        break;
    case 'remote_addr':
        remoteAddr();
        echo '<hr><a href="index.php">' . STATS_ADMINHEAD . "</a>\n";
        break;
    case 'purge_ips':
        if (\Xmf\Request::hasVar('confirm', 'POST') && 'purge_ips' === $_POST['confirm']) {
            purgeRemoteAddr();
        } else {
            $hidden = [
                confirm => 'purge_ips',
                op      => 'purge_ips',
            ];
            xoops_confirm($hidden, 'main.php', STATS_REMOTEADDR_PURGESURE, STATS_IPPURGE);
        }
        echo '<hr><a href="index.php">' . STATS_ADMINHEAD . "</a>\n";
        break;
    case 'refer':
        if (!isset($_POST['orderby'])) {
            $orderby = isset($_GET['orderby']) ? $_GET['orderby'] : 'date';
        } else {
            $orderby = $_POST['orderby'];
        }

        referDB($orderby);
        echo '<hr><a href="index.php">' . STATS_ADMINHEAD . "</a>\n";
        break;
    case 'purge_refer':
        if (\Xmf\Request::hasVar('confirm', 'POST') && 'purge_refer' === $_POST['confirm']) {
            purgeReferDB();
        } else {
            $hidden = [
                confirm => 'purge_refer',
                op      => 'purge_refer',
            ];
            xoops_confirm($hidden, 'main.php', STATS_REFER_PURGESURE, STATS_REFERPURGE);
        }
        echo '<hr><a href="index.php">' . STATS_ADMINHEAD . "</a>\n";
        break;
    case 'blacklist_refer':
        if (\Xmf\Request::hasVar('bad_refer', 'POST') && '' != $_POST['bad_refer']) {
            $hidden = [
                confirm => 'blacklist_refer',
                op      => 'blacklist_refer',
                blr     => $_POST['bad_refer'],
            ];
            xoops_confirm($hidden, 'main.php', STATS_REFER_BLSURE, STATS_REFERBLACKLIST);
        } elseif (\Xmf\Request::hasVar('confirm', 'POST') && 'blacklist_refer' === $_POST['confirm']) {
            blacklistReferDB($_POST['blr']);
        } else {
            referDB();
        }
        echo '<hr><a href="index.php">' . STATS_ADMINHEAD . "</a>\n";
        break;
    case 'purge_blacklist':
        if (\Xmf\Request::hasVar('confirm', 'POST') && 'purge_blacklist' === $_POST['confirm']) {
            purgeBlacklist();
        } else {
            $hidden = [
                confirm => 'purge_blacklist',
                op      => 'purge_blacklist',
            ];
            xoops_confirm($hidden, 'main.php', STATS_REFER_PURGEBL, STATS_PURGEBL);
        }
        echo '<hr><a href="index.php">' . STATS_ADMINHEAD . "</a>\n";
        break;
    case 'userscreen':
        userScreen();
        echo '<hr><a href="index.php">' . STATS_ADMINHEAD . "</a>\n";
        break;
    case 'purge_userscreen':
        if (\Xmf\Request::hasVar('confirm', 'POST') && 'purge_userscreen' === $_POST['confirm']) {
            purgeUserScreen();
        } else {
            $hidden = [
                confirm => 'purge_userscreen',
                op      => 'purge_userscreen',
            ];
            xoops_confirm($hidden, 'main.php', STATS_REFER_PURGEUS, STATS_SCREEN_PURGE);
        }
        echo '<hr><a href="index.php">' . STATS_ADMINHEAD . "</a>\n";
        break;
    default:
        //    stats_adminmenu( STATS_ADMINHEAD );
        break;
}

xoops_cp_footer();


1			<?php
2			/*
3			* You may not change or alter any portion of this comment or credits
4			* of supporting developers from this source code or any supporting source code
5			* which is considered copyrighted (c) material of the original comment or credit authors.
6			*
7			* This program is distributed in the hope that it will be useful,
8			* but WITHOUT ANY WARRANTY; without even the implied warranty of
9			* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
10			*/
11
12			/**
13			* @copyright {@link https://xoops.org/ XOOPS Project}
14			* @license {@link https://www.gnu.org/licenses/gpl-2.0.html GNU GPL 2 or later}
15			* @package
16			* @since
17			* @author XOOPS Development Team
18			*/
19
20			use XoopsModules\Statistics\Utility;
21
22			require_once __DIR__ . '/admin_header.php';
23
24			$moduleDirName = basename(dirname(__DIR__));
25			xoops_loadLanguage('main', $moduleDirName);
26
27			// require_once dirname(__DIR__) . '/class/clsWhois.php';
28			//require_once dirname(__DIR__) . '/include/statutils.php';
29
30			function remoteAddr()
31			{
32			global $xoopsDB;
33
34			$result = $xoopsDB->queryF('SELECT ip, date, hits FROM ' . $xoopsDB->prefix('stats_ip') . ' ORDER BY date');
35			$iplist = [];
36			$i = 0;
37			while (list($ip, $date, $hits) = $xoopsDB->fetchRow($result)) {
38			$iplist[$i]['ip'] = $ip;
39			$iplist[$i]['hits'] = $hits;
40			preg_match('/([0-9]{4})([0-9]{2})([0-9]{2})([0-9]{2})/', $date, $regs);
41			$iplist[$i]['ipyear'] = $regs[1];
42			$iplist[$i]['ipmonth'] = $regs[2];
43			$iplist[$i]['ipday'] = $regs[3];
44			$iplist[$i]['iphour'] = $regs[4];
45			++$i;
46			}
47
48			echo "<h4 style='text-align:left;'>" . STATS_REMOTEADDR_HEAD . ' - ' . STATS_STDIP . "</h4><br>\n";
49			echo "<table><tr><td>\n";
50			echo "<form action='index.php' method='post'>\n";
51			echo $GLOBALS['xoopsSecurity']->getTokenHTML();
52			echo "<input type='hidden' name='op' value='purge_ips'>\n";
53			echo "<input type='submit' value='" . STATS_IPPURGE . "' name='selsubmit'>";
54			echo "</form>\n";
55			echo "</td><td>\n";
56			echo "<form action='main.php' method='post'>\n";
57			echo $GLOBALS['xoopsSecurity']->getTokenHTML();
58			echo "<input type='hidden' name='op' value='unique_ips'>\n";
59			echo "<input type='submit' value='" . STATS_UNIQUEIP . "' name='selsubmit'>";
60			echo "</form>\n";
61			echo "</td></tr></table>\n";
62			echo "<table>\n";
63			echo '<tr><th>' . STATS_REMOTE_IP . '</th><th>' . STATS_REMOTE_DATE . '</th><th>' . STATS_REMOTE_HOUR . '</th><th>' . STATS_REMOTE_HITS . "</th></tr>\n";
64			foreach ($iplist as $item) {
65			echo '<tr><td><a href="main.php?op=reverseip&iplookup=' . $item['ip'] . '">' . $item['ip'] . '</a></td>' . '<td>' . $item['ipmonth'] . '-' . $item['ipday'] . '-' . $item['ipyear'] . '</td><td>' . $item['iphour'] . '</td><td>' . $item['hits'] . "</td></tr>\n";
66			}
67
68			echo '</table>';
69			}
70
71			function uniqueRemoteAddr()
72			{
73			global $xoopsDB;
74
75			$result = $xoopsDB->queryF('SELECT ip, SUM(hits) AS total FROM ' . $xoopsDB->prefix('stats_ip') . ' GROUP BY ip ORDER BY total DESC');
76			$iplist = [];
77			$i = 0;
78			while (list($ip, $total) = $xoopsDB->fetchRow($result)) {
79			$iplist[$i]['ip'] = $ip;
80			$iplist[$i]['hits'] = $total;
81			++$i;
82			}
83
84			echo "<h4 style='text-align:left;'>" . STATS_REMOTEADDR_HEAD . ' - ' . STATS_UNIQUEIP . "</h4><br>\n";
85			echo "<table><tr><td>\n";
86			echo "<form action='main.php' method='post'>\n";
87			echo $GLOBALS['xoopsSecurity']->getTokenHTML();
88			echo "<input type='hidden' name='op' value='purge_ips'>\n";
89			echo "<input type='submit' value='" . STATS_IPPURGE . "' name='selsubmit'>";
90			echo "</form>\n";
91			echo "</td><td>\n";
92			echo "<form action='main.php' method='post'>\n";
93			echo $GLOBALS['xoopsSecurity']->getTokenHTML();
94			echo "<input type='hidden' name='op' value='remote_addr'>\n";
95			echo "<input type='submit' value='" . STATS_STDIP . "' name='selsubmit'>";
96			echo "</form>\n";
97			echo "</td></tr></table>\n";
98			echo "<table>\n";
99			echo '<tr><th>' . STATS_REMOTE_IP . '</th><th>' . STATS_REMOTE_HITS . "</th></tr>\n";
100			foreach ($iplist as $item) {
101			echo '<tr><td><a href="main.php?op=reverseip&iplookup=' . $item['ip'] . '">' . $item['ip'] . '</a></td>' . '<td>' . $item['hits'] . "</td></tr>\n";
102			}
103
104			echo '</table>';
105			}
106
107			function purgeRemoteAddr()
108			{
109			global $xoopsDB;
110
111			echo "<h4 style='text-align:left;'>" . STATS_REMOTEADDR_HEAD . "</h4><br>\n";
112
113			$result = $xoopsDB->queryF('truncate table ' . $xoopsDB->prefix('stats_ip'));
114			if ($result) {
115			echo STATS_REMOTEADDR_PURGE;
116			} else {
117			echo STATS_REMOTEADDR_NPURGE;
118			}
119			}
120
121			function referDB($orderby)
122			{
123			global $xoopsDB;
124
125			// get the current referers
126			$result = $xoopsDB->queryF('select ip, refer, date, hits, referpath from ' . $xoopsDB->prefix('stats_refer') . " order by $orderby DESC");
127			$referlist = [];
128			$i = 0;
129			while (list($ip, $refer, $date, $hits, $referpath) = $xoopsDB->fetchRow($result)) {
130			$referpathparts = explode('\|', $referpath);
131
132			$referlist[$i]['ip'] = $ip;
133			$referlist[$i]['refer'] = $refer;
134			$referlist[$i]['referpath'] = $referpathparts[0];
135
136			if (isset($referpathparts[1])) {
137			$querystr = $referpathparts[1];
138			} else {
139			$querystr = '';
140			}
141
142			$referlist[$i]['query'] = $querystr;
143
144			if (isset($referpathparts[2])) {
145			$fragmentstr = $referpathparts[2];
146			} else {
147			$fragmentstr = '';
148			}
149
150			$referlist[$i]['fragment'] = $fragmentstr;
151
152			$referlist[$i]['hits'] = $hits;
153			preg_match('/([0-9]{4})([0-9]{2})([0-9]{2})([0-9]{2})/', $date, $regs);
154			$referlist[$i]['referyear'] = $regs[1];
155			$referlist[$i]['refermonth'] = $regs[2];
156			$referlist[$i]['referday'] = $regs[3];
157			$referlist[$i]['referhour'] = $regs[4];
158			++$i;
159			}
160
161			// get any current blacklist
162			$result = $xoopsDB->queryF('SELECT * FROM ' . $xoopsDB->prefix('stats_refer_blacklist'));
163			[$id, $referer] = $xoopsDB->fetchRow($result);
164			$referblacklist = unserialize(stripslashes($referer));
165			if (!is_array($referblacklist)) { // something went wrong, or there is no data...
166			$referblacklist = [];
167			}
168
169			echo "<h4 style='text-align:left;'>" . STATS_REFER_HEAD . "</h4><br>\n";
170			echo "<div style=\"font-size: x-small;\"><table cellspacing=\"0\" cellpadding=\"0\" border='1'><tr><td><form action='main.php' method='post'>\n";
171			echo "<input type='hidden' name='op' value='purge_refer'>\n";
172			echo "<input style=\"font-size: x-small;\" type='submit' value='" . STATS_REFERPURGE . "' name='selsubmit'>";
173			echo "</form></td>\n";
174			echo "<td><form action='main.php' method='post'>\n";
175			echo STATS_STATSBL_INST . "<input type='hidden' name='op' value='blacklist_refer'>\n";
176			echo "<br><textarea name='bad_refer' id='bad_refer' rows='5' cols='50'>\n";
177
178			$rbldelimited = implode('\|', $referblacklist);
179			echo $rbldelimited;
180
181			echo "</textarea><br>\n";
182
183			echo STATS_STATSBL_HELP;
184			echo "<br><input style=\"font-size: x-small;\" type='submit' value='" . STATS_REFERBLACKLIST . "' name='selsubmit'>\n";
185			echo "</form>\n";
186			echo "<form action='main.php' method='post'>\n";
187			echo $GLOBALS['xoopsSecurity']->getTokenHTML();
188			echo "<input type='hidden' name='op' value='purge_blacklist'>\n";
189			echo "<input style=\"font-size: x-small;\" type='submit' value='" . STATS_PURGEBL . "' name='purgesubmit'>";
190			echo "</td></tr></table></div>\n";
191
192			// figure out which arrow image to display
193			$referimg = 'refer' === $orderby ? 'arrowup.gif' : 'arrowdn.gif';
194			$hitsimg = 'hits' === $orderby ? 'arrowup.gif' : 'arrowdn.gif';
195			$dateimg = 'date' === $orderby ? 'arrowup.gif' : 'arrowdn.gif';
196
197			echo "<div style=\"font-size: xx-small;\"><table>\n";
198			echo '<tr><th>'
199			. STATS_REMOTE_IP
200			. '</th><th>'
201			. STATS_REFER
202			. ': <A href="main.php?op=refer&orderby=refer"><img src="../assets/images/'
203			. $referimg
204			. '"></a></th>'
205			. '<th>'
206			. STATS_XWHOIS
207			. '</th><th>'
208			. STATS_REFER_PATH
209			. "</th><th>\n"
210			. STATS_QUERYSTRING
211			. '</th><th>'
212			. STATS_FRAGMENTSTRING
213			. "</th><th>\n"
214			. STATS_REFER_DATE
215			. ': <a href="main.php?op=refer&orderby=date"><img src="../assets/images/'
216			. $dateimg
217			. '"></a></th><th>'
218			. STATS_REFER_HOUR
219			. "</th><th>\n"
220			. STATS_REFER_HITS
221			. ': <a href="main.php?op=refer&orderby=hits"><img src="../assets/images/'
222			. $hitsimg
223			. "\"></a></th></tr>\n";
224			foreach ($referlist as $item) {
225			$dn = explode('.', $item['refer']);
226			$name = $dn[1];
227			if (isset($dn[2])) {
228			$name .= '.' . $dn[2];
229			}
230
231			echo "<tr><td align='left'><a href=\"main.php?op=reverseip&iplookup="
232			. $item['ip']
233			. '">'
234			. $item['ip']
235			. '</a></td>'
236			. "<td align='right'><a href='http://"
237			. $item['refer']
238			. "' target='_new'>"
239			. $item['refer']
240			. "</a></td>\n"
241			. '<td><a href="main.php?op=xwhois&dnslookup='
242			. $name
243			. '&orderby='
244			. $orderby
245			. '">'
246			. STATS_XWHOIS
247			. "</a></td>\n"
248			. "<td><a href='http://"
249			. $item['refer']
250			. $item['referpath']
251			. "' target='_new'>"
252			. $item['referpath']
253			. "</a></td>\n"
254			. '<td>'
255			. $item['query']
256			. '</td><td>'
257			. $item['fragment']
258			. "</td>\n"
259			. '<td>'
260			. $item['refermonth']
261			. '-'
262			. $item['referday']
263			. '-'
264			. $item['referyear']
265			. "</td>\n"
266			. '<td>'
267			. $item['referhour']
268			. '</td><td>'
269			. $item['hits']
270			. "</td></tr>\n";
271			}
272
273			echo '</table></div>';
274			}
275
276			function purgeReferDB()
277			{
278			global $xoopsDB;
279
280			echo "<h4 style='text-align:left;'>" . STATS_REFER_HEAD . "</h4><br>\n";
281
282			$result = $xoopsDB->queryF('truncate table ' . $xoopsDB->prefix('stats_refer'));
283			if ($result) {
284			echo STATS_REFER_PURGE;
285			} else {
286			echo STATS_REFER_NPURGE;
287			}
288			}
289
290			function purgeBlacklist()
291			{
292			global $xoopsDB;
293
294			echo "<h4 style='text-align:left;'>" . STATS_PURGEBL . "</h4><br>\n";
295
296			$result = $xoopsDB->queryF('truncate table ' . $xoopsDB->prefix('stats_refer_blacklist'));
297			if ($result) {
298			echo STATS_BLACKLIST_PURGE;
299			} else {
300			echo STATS_BLACKLIST_NPURGE;
301			}
302			}
303
304			function blacklistReferDB($blr)
305			{
306			global $xoopsDB;
307
308			// truncate table first
309			$result = $xoopsDB->queryF('truncate table ' . $xoopsDB->prefix('stats_refer_blacklist'));
310
311			echo "<h4 style='text-align:left;'>" . STATS_BLACKLIST_CREATED . "</h4><br>\n";
312
313			$rbl = explode('\|', $blr);
314			// insert into database table
315			$result = $xoopsDB->queryF('INSERT INTO ' . $xoopsDB->prefix('stats_refer_blacklist') . " (referer) VALUES ('" . addslashes(serialize($rbl)) . "')");
316
317			if ($result) {
318			foreach ($rbl as $item) {
319			echo STATS_BLACKLISTED . $item . '<br>';
320			}
321			}
322			}
323
324			function userScreen()
325			{
326			global $xoopsDB;
327
328			$result = $xoopsDB->queryF('SELECT id, hits FROM ' . $xoopsDB->prefix('stats_userscreen'));
329			$usWidth = [];
330			$i = 0;
331			while (list($id, $hits) = $xoopsDB->fetchRow($result)) {
332			switch ($id) {
333			case '1':
334			$usWidth[$i]['id'] = '640';
335			break;
336			case '2':
337			$usWidth[$i]['id'] = '800';
338			break;
339			case '3':
340			$usWidth[$i]['id'] = '1024';
341			break;
342			case '4':
343			$usWidth[$i]['id'] = '1152';
344			break;
345			case '5':
346			$usWidth[$i]['id'] = '1280';
347			break;
348			case '6':
349			$usWidth[$i]['id'] = '1600';
350			break;
351			default:
352			$usWidth[$i]['id'] = STATS_SW_UNKNOWN;
353			break;
354			}
355			$usWidth[$i]['hits'] = $hits;
356			++$i;
357			}
358
359			$result = $xoopsDB->queryF('SELECT id, hits FROM ' . $xoopsDB->prefix('stats_usercolor'));
360			$usColor = [];
361			$i = 0;
362			while (list($id, $hits) = $xoopsDB->fetchRow($result)) {
363			switch ($id) {
364			case '1':
365			$usColor[$i]['id'] = '8';
366			break;
367			case '2':
368			$usColor[$i]['id'] = '16';
369			break;
370			case '3':
371			$usColor[$i]['id'] = '24';
372			break;
373			case '4':
374			$usColor[$i]['id'] = '32';
375			break;
376			default:
377			$usColor[$i]['id'] = STATS_SC_UNKNOWN;
378			break;
379			}
380			$usColor[$i]['hits'] = $hits;
381			++$i;
382			}
383
384			echo '<table width="100%" cellpadding="1" cellspacing="1" border="0"><tr><th colspan="2">' . STATS_USERSCREEN_HEAD . "</th></tr><tr><td align=\"center\" valign=\"top\" width=\"50%\">\n";
385			echo "<table cellpadding=\"0\" cellspacing=\"0\" border=\"0\" width=\"100%\">\n" . '<tr><th width="50%">' . STATS_SW_HEAD . '</th><th width="50%">' . STATS_SCREEN_HITS . "</th></tr>\n";
386			foreach ($usWidth as $current) {
387			echo '<tr><td>' . $current['id'] . '</td><td>' . $current['hits'] . "</td></tr>\n";
388			}
389			echo "</table></td><td align=\"center\" valign=\"top\" width=\"50%\"><table cellpadding=\"0\" cellspacing=\"0\" border=\"0\" width=\"100%\">\n";
390			echo '<tr><th width="50%">' . STATS_SC_HEAD . '</th><th width="50%">' . STATS_SCREEN_HITS . "</th></tr>\n";
391			foreach ($usColor as $current) {
392			echo '<tr><td>' . $current['id'] . '</td><td>' . $current['hits'] . "</td></tr>\n";
393			}
394			echo "</table>\n";
395			echo "</td></tr>\n";
396			echo "<tr><td>\n";
397			echo "<form action='main.php' method='post'>\n";
398			echo $GLOBALS['xoopsSecurity']->getTokenHTML();
399			echo "<input type='hidden' name='op' value='purge_userscreen'>\n";
400			echo "<input style=\"font-size: x-small;\" type='submit' value='" . STATS_SCREEN_PURGE . "' name='selsubmit'>";
401			echo "</form>\n";
402			echo "</td></tr>\n";
403			echo "</table>\n";
404			}
405
406			function purgeUserScreen()
407			{
408			global $xoopsDB;
409
410			echo "<h4 style='text-align:left;'>" . STATS_SCREEN_PURGE . "</h4><br>\n";
411
412			$result_one = $xoopsDB->queryF('truncate table ' . $xoopsDB->prefix('stats_usercolor'));
413			$result_two = $xoopsDB->queryF('truncate table ' . $xoopsDB->prefix('stats_userscreen'));
414			if ($result_one && $result_two) {
415			echo STATS_USERSCREEN_PURGE;
416			$result = $xoopsDB->queryF('INSERT INTO ' . $xoopsDB->prefix('stats_userscreen') . ' VALUES (1, 0)');
417			$result = $xoopsDB->queryF('INSERT INTO ' . $xoopsDB->prefix('stats_userscreen') . ' VALUES (2, 0)');
418			$result = $xoopsDB->queryF('INSERT INTO ' . $xoopsDB->prefix('stats_userscreen') . ' VALUES (3, 0)');
419			$result = $xoopsDB->queryF('INSERT INTO ' . $xoopsDB->prefix('stats_userscreen') . ' VALUES (4, 0)');
420			$result = $xoopsDB->queryF('INSERT INTO ' . $xoopsDB->prefix('stats_userscreen') . ' VALUES (5, 0)');
421			$result = $xoopsDB->queryF('INSERT INTO ' . $xoopsDB->prefix('stats_userscreen') . ' VALUES (6, 0)');
422			$result = $xoopsDB->queryF('INSERT INTO ' . $xoopsDB->prefix('stats_userscreen') . ' VALUES (7, 0)');
423			$result = $xoopsDB->queryF('INSERT INTO ' . $xoopsDB->prefix('stats_usercolor') . ' VALUES (1, 0)');
424			$result = $xoopsDB->queryF('INSERT INTO ' . $xoopsDB->prefix('stats_usercolor') . ' VALUES (2, 0)');
425			$result = $xoopsDB->queryF('INSERT INTO ' . $xoopsDB->prefix('stats_usercolor') . ' VALUES (3, 0)');
426			$result = $xoopsDB->queryF('INSERT INTO ' . $xoopsDB->prefix('stats_usercolor') . ' VALUES (4, 0)');
427			$result = $xoopsDB->queryF('INSERT INTO ' . $xoopsDB->prefix('stats_usercolor') . ' VALUES (5, 0)');
428			} else {
429			echo STATS_USERSCREEN_NPURGE;
430			}
431			}
432
433			function statsreverselookup($ip)
434			{
435			$whois = new xWhois();
436
437			$d = $whois->reverselookup($ip);
438
439			echo "<table width='100%' cellpadding='0' cellspacing='0'>\n" . '<tr><th>' . STATS_REVERSELOOKUP . "$ip</th></tr>\n" . '<tr><td>' . $d . "</td></tr></table>\n";
440			}
441
442			function statsdnslookup($domainname)
443			{
444			$whois = new xWhois();
445
446			$d = $whois->lookup($domainname);
447
448			echo "<table width='100%' cellpadding='0' cellspacing='0'>\n" . '<tr><th>' . STATS_DNSLOOKUP . "$ip</th></tr>\n" . '<tr><td>' . $d . "</td></tr></table>\n";
			0 ignored issues – show Comprehensibility Best Practice introduced 2020-11-12 04:31 UTC by Report Bug Copy Issue Report Show Similar Issues like this The variable `$ip` seems to be never defined. Loading history...
449			}
450
451			if (!isset($_POST['op'])) {
452			$op = \Xmf\Request::getString('op', '', 'GET');
453			} else {
454			$op = $_POST['op'];
455			}
456
457			xoops_cp_header();
458
459			switch ($op) {
460			case INFO_CREDITS:
461			phpcredits(CREDITS_ALL - CREDITS_FULLPAGE);
462			echo '<hr><a href="index.php">' . STATS_ADMINHEAD . "</a>\n";
463			break;
464			case INFO_GENERAL:
465			case INFO_CONFIGURATION:
466			case INFO_MODULES:
467			case INFO_ENVIRONMENT:
468			case INFO_VARIABLES:
469			case INFO_LICENSE:
470			case INFO_ALL:
471			ob_start();
472
473			phpinfo($op);
474
475			$php_info = ob_get_contents();
476			ob_end_clean();
477
478			$php_info = str_replace('<html><body>', '', $php_info);
479			$php_info = str_replace('</body></html>', '', $php_info);
480
481			$offset = mb_strpos($php_info, '<table');
482
483			print mb_substr($php_info, $offset);
484			echo '<hr><a href="index.php">' . STATS_ADMINHEAD . "</a>\n";
485			break;
486			case 'reverseip':
487			if (!isset($_POST['iplookup'])) {
488			$iplookup = \Xmf\Request::getString('iplookup', '', 'GET');
489			} else {
490			$iplookup = $_POST['iplookup'];
491			}
492
493			if ('' != $iplookup) {
494			statsreverselookup($iplookup);
495			}
496			remoteAddr();
497			echo '<hr><a href="index.php">' . STATS_ADMINHEAD . "</a>\n";
498			break;
499			case 'xwhois':
500			if (!isset($_POST['dnslookup'])) {
501			$dnslookup = \Xmf\Request::getString('dnslookup', '', 'GET');
502			} else {
503			$dnslookup = $_POST['dnslookup'];
504			}
505
506			if ('' != $dnslookup) {
507			statsdnslookup($dnslookup);
508			}
509
510			if (!isset($_POST['orderby'])) {
511			$orderby = isset($_GET['orderby']) ? $_GET['orderby'] : 'date';
512			} else {
513			$orderby = $_POST['orderby'];
514			}
515
516			referDB($orderby);
517			echo '<hr><a href="index.php">' . STATS_ADMINHEAD . "</a>\n";
518			break;
519			case 'unique_ips':
520			uniqueRemoteAddr();
521			echo '<hr><a href="index.php">' . STATS_ADMINHEAD . "</a>\n";
522			break;
523			case 'remote_addr':
524			remoteAddr();
525			echo '<hr><a href="index.php">' . STATS_ADMINHEAD . "</a>\n";
526			break;
527			case 'purge_ips':
528			if (\Xmf\Request::hasVar('confirm', 'POST') && 'purge_ips' === $_POST['confirm']) {
529			purgeRemoteAddr();
530			} else {
531			$hidden = [
532			confirm => 'purge_ips',
533			op => 'purge_ips',
534			];
535			xoops_confirm($hidden, 'main.php', STATS_REMOTEADDR_PURGESURE, STATS_IPPURGE);
536			}
537			echo '<hr><a href="index.php">' . STATS_ADMINHEAD . "</a>\n";
538			break;
539			case 'refer':
540			if (!isset($_POST['orderby'])) {
541			$orderby = isset($_GET['orderby']) ? $_GET['orderby'] : 'date';
542			} else {
543			$orderby = $_POST['orderby'];
544			}
545
546			referDB($orderby);
547			echo '<hr><a href="index.php">' . STATS_ADMINHEAD . "</a>\n";
548			break;
549			case 'purge_refer':
550			if (\Xmf\Request::hasVar('confirm', 'POST') && 'purge_refer' === $_POST['confirm']) {
551			purgeReferDB();
552			} else {
553			$hidden = [
554			confirm => 'purge_refer',
555			op => 'purge_refer',
556			];
557			xoops_confirm($hidden, 'main.php', STATS_REFER_PURGESURE, STATS_REFERPURGE);
558			}
559			echo '<hr><a href="index.php">' . STATS_ADMINHEAD . "</a>\n";
560			break;
561			case 'blacklist_refer':
562			if (\Xmf\Request::hasVar('bad_refer', 'POST') && '' != $_POST['bad_refer']) {
563			$hidden = [
564			confirm => 'blacklist_refer',
565			op => 'blacklist_refer',
566			blr => $_POST['bad_refer'],
567			];
568			xoops_confirm($hidden, 'main.php', STATS_REFER_BLSURE, STATS_REFERBLACKLIST);
569			} elseif (\Xmf\Request::hasVar('confirm', 'POST') && 'blacklist_refer' === $_POST['confirm']) {
570			blacklistReferDB($_POST['blr']);
571			} else {
572			referDB();
573			}
574			echo '<hr><a href="index.php">' . STATS_ADMINHEAD . "</a>\n";
575			break;
576			case 'purge_blacklist':
577			if (\Xmf\Request::hasVar('confirm', 'POST') && 'purge_blacklist' === $_POST['confirm']) {
578			purgeBlacklist();
579			} else {
580			$hidden = [
581			confirm => 'purge_blacklist',
582			op => 'purge_blacklist',
583			];
584			xoops_confirm($hidden, 'main.php', STATS_REFER_PURGEBL, STATS_PURGEBL);
585			}
586			echo '<hr><a href="index.php">' . STATS_ADMINHEAD . "</a>\n";
587			break;
588			case 'userscreen':
589			userScreen();
590			echo '<hr><a href="index.php">' . STATS_ADMINHEAD . "</a>\n";
591			break;
592			case 'purge_userscreen':
593			if (\Xmf\Request::hasVar('confirm', 'POST') && 'purge_userscreen' === $_POST['confirm']) {
594			purgeUserScreen();
595			} else {
596			$hidden = [
597			confirm => 'purge_userscreen',
598			op => 'purge_userscreen',
599			];
600			xoops_confirm($hidden, 'main.php', STATS_REFER_PURGEUS, STATS_SCREEN_PURGE);
601			}
602			echo '<hr><a href="index.php">' . STATS_ADMINHEAD . "</a>\n";
603			break;
604			default:
605			// stats_adminmenu( STATS_ADMINHEAD );
606			break;
607			}
608
609			xoops_cp_footer();
610

XoopsModules25x / statistics

Issues (132)

Security Analysis not enabled

admin/main.php (1 issue)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like