Issues in logs.php (master) - Issues in master - XoopsModules25x/userlog - Measure and Improve Code Quality continuously with Scrutinizer

Issues (304)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

admin/logs.php (1 issue)

Labels

Severity

Minor 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/*
 You may not change or alter any portion of this comment or credits
 of supporting developers from this source code or any supporting source code
 which is considered copyrighted (c) material of the original comment or credit authors.

 This program is distributed in the hope that it will be useful,
 but WITHOUT ANY WARRANTY; without even the implied warranty of
 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
*/

/**
 *  userlog module
 *
 * @copyright       XOOPS Project (https://xoops.org)
 * @license         GNU GPL 2 (http://www.gnu.org/licenses/old-licenses/gpl-2.0.html)
 * @package         userlog admin
 * @since           1
 * @author          irmtfan ([email protected])
 * @author          XOOPS Project <www.xoops.org> <www.xoops.ir>
 */

use Xmf\Request;

require_once __DIR__ . '/admin_header.php';
require_once XOOPS_ROOT_PATH . '/class/pagenav.php';
xoops_cp_header();
$userlog = Userlog::getInstance();
// Where do we start ?
$startentry = Request::getInt('startentry', 0);
$limitentry = Request::getInt('limitentry', $userlog->getConfig('logs_perpage'));
$sortentry  = Request::getString('sortentry', 'log_id');
$orderentry = Request::getString('orderentry', 'DESC');

$options   = Request::getArray('options');
$engine    = Request::getString('engine', $userlog->getConfig('engine'));
$file      = Request::getArray('file', $userlog->getConfig('file'));
$opentry   = Request::getString('op', '', 'post');
$log_id    = Request::getArray('log_id', 0, 'post');
$logsetObj = UserlogSetting::getInstance();
// START build Criteria for database
// get var types int, text, bool , ...
$type_vars = $logsetObj->getOptions('', 'type');
//$query_types = array("="=>"",">"=>"GT", "<"=>"LT");

$criteria = new CriteriaCompo();
foreach ($options as $key => $val) {
    // deal with greater than and lower than
    $tt = substr($key, -2);
    switch ($tt) {
        case 'GT':
            $op = substr($key, 0, -2);
            $t  = '>';
            break;
        case 'LT':
            $op = substr($key, 0, -2);
            $t  = '<';
            break;
        default:
            $op = $key;
            $t  = '=';
            break;
    }
    $criteria_q[$key]  = new CriteriaCompo();
    $val_arr           = explode(',', $val);
    $query_array[$key] = "options[{$key}]={$val}"; // to keep options in url. very important
    // if type is text
    if ('text' === $type_vars[$op]) {
        foreach ($val_arr as $qry) {
            // if !QUERY eg: !logs.php,views.php
            if (0 === strpos($qry, '!')) {
                $criteria_q[$key]->add(new Criteria($op, '%' . substr($qry, 1) . '%', 'NOT LIKE'), 'AND');
            } else {
                $criteria_q[$key]->add(new Criteria($op, '%' . $qry . '%', 'LIKE'), 'OR');
            }
        }
    } else {
        // if there is one value - deal with =, > ,<
        if (1 == count($val_arr)) {
            $val_int = $val_arr[0];
            if ('log_time' === $op || 'last_login' === $op) {
                $val_int = time() - $userlog->getSinceTime($val_int);
            }
            // query is one int $t (=, < , >)
            $criteria_q[$key]->add(new Criteria($op, $val_int, $t));
        } else {
            // query is an array of int separate with comma. use OR ???
            $criteria_q[$key]->add(new Criteria($op, '(' . $val . ')', 'IN'));
        }
    }
    // add criteria
    $criteria->add($criteria_q[$key]);
}
// END build Criteria for database

// parse query page
if (!empty($query_array)) {
    $query_page = implode('&amp;', array_values($query_array));
}
// create query entry
$query_entry = '&amp;engine=' . $engine . '&amp;limitentry=' . $limitentry . '&amp;sortentry=' . $sortentry . '&amp;orderentry=' . $orderentry;
if ('file' === $engine) {
    foreach ($file as $oneFile) {
        $query_entry .= '&amp;file[]=' . $oneFile;
    }
}

// START delete/purge
$confirm = Request::getString('confirm', 0, 'post');
if ('del' === $opentry && !empty($confirm)) {
    if ('db' === $engine) {
        // delete logs in database
        $statsObj = UserlogStats::getInstance();
        if (is_numeric($log_id[0])) {
            $criteriaLogId = new CriteriaCompo();
            $criteriaLogId->add(new Criteria('log_id', '(' . implode(',', $log_id) . ')', 'IN'));
            $numDel = $statsObj->delete('log', 0, 0, $criteriaLogId);
            redirect_header('logs.php?op=' . $query_entry . (!empty($query_page) ? '&amp;' . $query_page : ''), 1, sprintf(_AM_USERLOG_LOG_DELETE_SUCCESS, $numDel));
        } elseif ('bulk' === $log_id[0]) {
            $numDel = $statsObj->delete('log', 0, 0, $criteria);
            redirect_header('logs.php?op=' . $query_entry, 10, sprintf(_AM_USERLOG_LOG_DELETE_SUCCESS_QUERY, $numDel, $query_page));
        }
        redirect_header('logs.php?op=' . $query_entry . (!empty($query_page) ? '&amp;' . $query_page : ''), 1, _AM_USERLOG_LOG_DELETE_ERROR);
        // for file
    } else {
        redirect_header('logs.php?op=' . $query_entry . (!empty($query_page) ? '&amp;' . $query_page : ''), 1, _AM_USERLOG_LOG_DELETE_ERROR);
    }
}
// END delete/purge

// get logs from engine: 1- db 2- file
$loglogObj = UserlogLog::getInstance();
if ('db' === $engine) {
    $logs      = $userlog->getHandler('log')->getLogs($limitentry, $startentry, $criteria, $sortentry, $orderentry, null, false);
    $totalLogs = $userlog->getHandler('log')->getLogsCount($criteria);
} else {
    list($logs, $totalLogs) = $loglogObj->getLogsFromFiles($file, $limitentry, $startentry, $options, $sortentry, $orderentry);
}

// pagenav to template
$pagenav = new XoopsPageNav($totalLogs, $limitentry, $startentry, 'startentry', $query_entry . (!empty($query_page) ? '&amp;' . $query_page : ''));
$GLOBALS['xoopsTpl']->assign('pagenav', !empty($pagenav) ? $pagenav->renderNav() : '');

// options/entries to template
$GLOBALS['xoopsTpl']->assign('options', $options);
$GLOBALS['xoopsTpl']->assign('totalLogs', $totalLogs);
$GLOBALS['xoopsTpl']->assign('pages', ceil($totalLogs / $limitentry));
$GLOBALS['xoopsTpl']->assign('status', sprintf(_AM_USERLOG_LOG_STATUS, $totalLogs));

$GLOBALS['xoopsTpl']->assign('startentry', $startentry);
$GLOBALS['xoopsTpl']->assign('limitentry', $limitentry);
$GLOBALS['xoopsTpl']->assign('sortentry', $sortentry);
$GLOBALS['xoopsTpl']->assign('orderentry', $orderentry);

// skip these headers because we can merge it to request method column
$skips = ['zget', 'post', 'request', 'files', 'env'];
// prepared for display. timestamps and var_export
$logs = $loglogObj->arrayToDisplay($logs);

// logs to template
$GLOBALS['xoopsTpl']->assign('logs', $logs);

// query page
$GLOBALS['xoopsTpl']->assign('query_page', !empty($query_page) ? $query_page : '');

// query entry
$GLOBALS['xoopsTpl']->assign('query_entry', !empty($query_entry) ? $query_entry : '');

// var types to template
$GLOBALS['xoopsTpl']->assign('types', $type_vars);

// START main form
// form, elements, headers
list($form, $elements, $headers) = $logsetObj->logForm($options);
// START export
if (0 === strpos($opentry, 'export')) {
    list($opentry, $export) = explode('-', $opentry);
    // if it is not bulk export get the actual logs in the page
    if (is_numeric($log_id[0])) {
        $logs = $userlog->getFromKeys($logs, $log_id);
    }
    $totalLogsExport = count($logs);
    switch ($export) {
        case 'csv':
            if ($csvFile = $loglogObj->exportLogsToCsv($logs, $headers, 'engine_' . $engine . '_total_' . $totalLogsExport, ';')) {
                redirect_header('logs.php?op=' . $query_entry . (!empty($query_page) ? '&amp;' . $query_page : '') . '&amp;limitentry=' . (empty($limitentry) ? $userlog->getConfig('logs_perpage') : $limitentry), 7, sprintf(_AM_USERLOG_LOG_EXPORT_SUCCESS, $totalLogsExport, $csvFile));
            }
            redirect_header('logs.php?op=' . $query_entry . (!empty($query_page) ? '&amp;' . $query_page : '') . '&amp;limitentry=' . (empty($limitentry) ? $userlog->getConfig('logs_perpage') : $limitentry), 1, _AM_USERLOG_LOG_EXPORT_ERROR);
            break;
        default:
            break;
    }
}
// END export

// engine element
$engineEl = new XoopsFormSelect(_AM_USERLOG_ENGINE, 'engine', $engine);
$engineEl->addOption('db', _AM_USERLOG_ENGINE_DB);
$engineEl->addOption('file', _AM_USERLOG_ENGINE_FILE);
$engineEl->setDescription(_AM_USERLOG_ENGINE_DSC);
// file element
if ('file' === $engine) {
    $fileEl = $loglogObj->buildFileSelectEle($file, true);// multiselect = true
    $fileEl->setDescription(_AM_USERLOG_FILE_DSC);
}
// limit, sort, order
$limitEl = new XoopsFormText(_AM_USERLOG_LOGS_PERPAGE, 'limitentry', 10, 255, $limitentry);
$limitEl->setDescription(sprintf(_AM_USERLOG_LOGS_PERPAGE_DSC, $userlog->getConfig('logs_perpage')));
$sortEl = new XoopsFormSelect(_AM_USERLOG_SORT, 'sortentry', $sortentry);
$sortEl->addOptionArray($headers);
$sortEl->setDescription(_AM_USERLOG_SORT_DSC);
$orderEl = new XoopsFormSelect(_AM_USERLOG_ORDER, 'orderentry', $orderentry);
$orderEl->addOption('DESC', _DESCENDING);
$orderEl->addOption('ASC', _ASCENDING);
$orderEl->setDescription(_AM_USERLOG_ORDER_DSC);
// submit logs
$submitEl = new XoopsFormButton(_SUBMIT, 'submitlogs', _SUBMIT, 'submit');
// add elements
$form->addElement($engineEl);
if ('file' === $engine) {
    $form->addElement($fileEl);
}
$form->addElement($limitEl);
$form->addElement($sortEl);
$form->addElement($orderEl);
$form->addElement($submitEl);
$GLOBALS['xoopsTpl']->assign('form', $form->render());
// END main form
// START form navigation
// formNav in the upper section
require_once USERLOG_ROOT_PATH . '/class/form/simpleform.php';
$formNav = new UserlogSimpleForm('', 'logsnav', 'logs.php', 'get');
foreach ($elements as $key => $ele) {
    $ele->setClass('hidden');
    $formNav->addElement($elements[$key]);
}
if ('file' === $engine) {
    $fileEl->setClass('floatleft left');
    $fileEl->setExtra('onchange="document.forms.logsnav.submitlogsnav.click()"');
    $formNav->addElement($fileEl);
}
$engineEl->setClass('floatleft left');
$engineEl->setExtra('onchange="document.forms.logsnav.submitlogsnav.click()"');
$formNav->addElement($engineEl);
$limitEl->setClass('floatleft left');
$formNav->addElement($limitEl);
$sortEl->setExtra('onchange="document.forms.logsnav.submitlogsnav.click()"');
$sortEl->setClass('floatleft left');
$formNav->addElement($sortEl);
$orderEl->setExtra('onchange="document.forms.logsnav.submitlogsnav.click()"');
$orderEl->setClass('floatleft left');
$formNav->addElement($orderEl);
$submitEl = new XoopsFormButton('', 'submitlogsnav', _GO, 'submit');
$submitEl->setClass('floatleft left');
$formNav->addElement($submitEl);
$formNav->setExtra("onsubmit=\"preventSubmitEmptyInput('options[');\"");
$GLOBALS['xoopsTpl']->assign('formNav', $formNav->render());
// END form navigation
// START form head
// use _class = array("hidden") to reset element class
$formHead = new UserlogSimpleForm(_AM_USERLOG_LOGFORM, 'logshead', 'logs.php', 'get');
foreach ($elements as $key => $ele) {
    $ele->_class = ['floatleft', 'left'];
    $formHead->addElement($elements[$key]);
}
// add class hidden to formHead
if ('file' === $engine) {
    $fileEl->_class = ['hidden'];
    $formHead->addElement($fileEl);
}
$engineEl->_class = ['hidden'];
$formHead->addElement($engineEl);
$limitEl->_class = ['hidden'];
$formHead->addElement($limitEl);
$sortEl->_class = ['hidden'];
$formHead->addElement($sortEl);
$orderEl->_class = ['hidden'];
$formHead->addElement($orderEl);
// add submit to formHead
$submitEl = new XoopsFormButton('', 'submitlogshead', _SUBMIT, 'submit');
$submitEl->setClass('floatleft left');
$formHead->addElement($submitEl);
$formHead->setExtra("onsubmit=\"preventSubmitEmptyInput('options[');\"");
$GLOBALS['xoopsTpl']->assign('formHead', $formHead->render());
// END form head

$adminObject = \Xmf\Module\Admin::getInstance(); // add this just to include the css file to template
$GLOBALS['xoopsTpl']->assign('logo', $adminObject->displayNavigation(basename(__FILE__)));

//headers skip then to template
foreach ($skips as $option) {
    unset($headers[$option]);
}
$GLOBALS['xoopsTpl']->assign('headers', $headers);
// get TOGGLE cookie
$toggles = $userlog->getCookie('TOGGLE');
$expand  = (count($toggles) > 0) ? (in_array('formhead', $toggles) ? false : true) : true;
if ($expand) {
    $formHeadToggle['toggle'] = 'toggle_block';
    $formHeadToggle['icon']   = 'green';
    $formHeadToggle['alt']    = _AM_USERLOG_HIDE_FORM;
} else {
    $formHeadToggle['toggle'] = 'toggle_none';
    $formHeadToggle['icon']   = 'green_off';
    $formHeadToggle['alt']    = _AM_USERLOG_SHOW_FORM;
}
$xoopsTpl->assign('formHeadToggle', $formHeadToggle);
// template
$template_main = USERLOG_DIRNAME . '_admin_logs.tpl';
if (!empty($template_main)) {
    $GLOBALS['xoopsTpl']->display("db:{$template_main}");
}
xoops_cp_footer();


1			<?php
2			/*
3			You may not change or alter any portion of this comment or credits
4			of supporting developers from this source code or any supporting source code
5			which is considered copyrighted (c) material of the original comment or credit authors.
6
7			This program is distributed in the hope that it will be useful,
8			but WITHOUT ANY WARRANTY; without even the implied warranty of
9			MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
10			*/
11
12			/**
13			* userlog module
14			*
15			* @copyright XOOPS Project (https://xoops.org)
16			* @license GNU GPL 2 (http://www.gnu.org/licenses/old-licenses/gpl-2.0.html)
17			* @package userlog admin
18			* @since 1
19			* @author irmtfan ([email protected])
20			* @author XOOPS Project <www.xoops.org> <www.xoops.ir>
21			*/
22
23			use Xmf\Request;
24
25			require_once __DIR__ . '/admin_header.php';
26			require_once XOOPS_ROOT_PATH . '/class/pagenav.php';
27			xoops_cp_header();
28			$userlog = Userlog::getInstance();
29			// Where do we start ?
30			$startentry = Request::getInt('startentry', 0);
31			$limitentry = Request::getInt('limitentry', $userlog->getConfig('logs_perpage'));
32			$sortentry = Request::getString('sortentry', 'log_id');
33			$orderentry = Request::getString('orderentry', 'DESC');
34
35			$options = Request::getArray('options');
36			$engine = Request::getString('engine', $userlog->getConfig('engine'));
37			$file = Request::getArray('file', $userlog->getConfig('file'));
38			$opentry = Request::getString('op', '', 'post');
39			$log_id = Request::getArray('log_id', 0, 'post');
40			$logsetObj = UserlogSetting::getInstance();
41			// START build Criteria for database
42			// get var types int, text, bool , ...
43			$type_vars = $logsetObj->getOptions('', 'type');
44			//$query_types = array("="=>"",">"=>"GT", "<"=>"LT");
			0 ignored issues – show Unused Code Comprehensibility introduced 2016-06-01 04:08 UTC by Report Bug Copy Issue Report Show Similar Issues like this `80%` of this comment could be valid code. Did you maybe forget this after debugging? Sometimes obsolete code just ends up commented out instead of removed. In this case it is better to remove the code once you have checked you do not need it. The code might also have been commented out for debugging purposes. In this case it is vital that someone uncomments it again or your project may behave in very unexpected ways in production. This check looks for comments that seem to be mostly valid code and reports them. Loading history...
45			$criteria = new CriteriaCompo();
46			foreach ($options as $key => $val) {
47			// deal with greater than and lower than
48			$tt = substr($key, -2);
49			switch ($tt) {
50			case 'GT':
51			$op = substr($key, 0, -2);
52			$t = '>';
53			break;
54			case 'LT':
55			$op = substr($key, 0, -2);
56			$t = '<';
57			break;
58			default:
59			$op = $key;
60			$t = '=';
61			break;
62			}
63			$criteria_q[$key] = new CriteriaCompo();
64			$val_arr = explode(',', $val);
65			$query_array[$key] = "options[{$key}]={$val}"; // to keep options in url. very important
66			// if type is text
67			if ('text' === $type_vars[$op]) {
68			foreach ($val_arr as $qry) {
69			// if !QUERY eg: !logs.php,views.php
70			if (0 === strpos($qry, '!')) {
71			$criteria_q[$key]->add(new Criteria($op, '%' . substr($qry, 1) . '%', 'NOT LIKE'), 'AND');
72			} else {
73			$criteria_q[$key]->add(new Criteria($op, '%' . $qry . '%', 'LIKE'), 'OR');
74			}
75			}
76			} else {
77			// if there is one value - deal with =, > ,<
78			if (1 == count($val_arr)) {
79			$val_int = $val_arr[0];
80			if ('log_time' === $op \|\| 'last_login' === $op) {
81			$val_int = time() - $userlog->getSinceTime($val_int);
82			}
83			// query is one int $t (=, < , >)
84			$criteria_q[$key]->add(new Criteria($op, $val_int, $t));
85			} else {
86			// query is an array of int separate with comma. use OR ???
87			$criteria_q[$key]->add(new Criteria($op, '(' . $val . ')', 'IN'));
88			}
89			}
90			// add criteria
91			$criteria->add($criteria_q[$key]);
92			}
93			// END build Criteria for database
94
95			// parse query page
96			if (!empty($query_array)) {
97			$query_page = implode('&', array_values($query_array));
98			}
99			// create query entry
100			$query_entry = '&engine=' . $engine . '&limitentry=' . $limitentry . '&sortentry=' . $sortentry . '&orderentry=' . $orderentry;
101			if ('file' === $engine) {
102			foreach ($file as $oneFile) {
103			$query_entry .= '&file[]=' . $oneFile;
104			}
105			}
106
107			// START delete/purge
108			$confirm = Request::getString('confirm', 0, 'post');
109			if ('del' === $opentry && !empty($confirm)) {
110			if ('db' === $engine) {
111			// delete logs in database
112			$statsObj = UserlogStats::getInstance();
113			if (is_numeric($log_id[0])) {
114			$criteriaLogId = new CriteriaCompo();
115			$criteriaLogId->add(new Criteria('log_id', '(' . implode(',', $log_id) . ')', 'IN'));
116			$numDel = $statsObj->delete('log', 0, 0, $criteriaLogId);
117			redirect_header('logs.php?op=' . $query_entry . (!empty($query_page) ? '&' . $query_page : ''), 1, sprintf(_AM_USERLOG_LOG_DELETE_SUCCESS, $numDel));
118			} elseif ('bulk' === $log_id[0]) {
119			$numDel = $statsObj->delete('log', 0, 0, $criteria);
120			redirect_header('logs.php?op=' . $query_entry, 10, sprintf(_AM_USERLOG_LOG_DELETE_SUCCESS_QUERY, $numDel, $query_page));
121			}
122			redirect_header('logs.php?op=' . $query_entry . (!empty($query_page) ? '&' . $query_page : ''), 1, _AM_USERLOG_LOG_DELETE_ERROR);
123			// for file
124			} else {
125			redirect_header('logs.php?op=' . $query_entry . (!empty($query_page) ? '&' . $query_page : ''), 1, _AM_USERLOG_LOG_DELETE_ERROR);
126			}
127			}
128			// END delete/purge
129
130			// get logs from engine: 1- db 2- file
131			$loglogObj = UserlogLog::getInstance();
132			if ('db' === $engine) {
133			$logs = $userlog->getHandler('log')->getLogs($limitentry, $startentry, $criteria, $sortentry, $orderentry, null, false);
134			$totalLogs = $userlog->getHandler('log')->getLogsCount($criteria);
135			} else {
136			list($logs, $totalLogs) = $loglogObj->getLogsFromFiles($file, $limitentry, $startentry, $options, $sortentry, $orderentry);
137			}
138
139			// pagenav to template
140			$pagenav = new XoopsPageNav($totalLogs, $limitentry, $startentry, 'startentry', $query_entry . (!empty($query_page) ? '&' . $query_page : ''));
141			$GLOBALS['xoopsTpl']->assign('pagenav', !empty($pagenav) ? $pagenav->renderNav() : '');
142
143			// options/entries to template
144			$GLOBALS['xoopsTpl']->assign('options', $options);
145			$GLOBALS['xoopsTpl']->assign('totalLogs', $totalLogs);
146			$GLOBALS['xoopsTpl']->assign('pages', ceil($totalLogs / $limitentry));
147			$GLOBALS['xoopsTpl']->assign('status', sprintf(_AM_USERLOG_LOG_STATUS, $totalLogs));
148
149			$GLOBALS['xoopsTpl']->assign('startentry', $startentry);
150			$GLOBALS['xoopsTpl']->assign('limitentry', $limitentry);
151			$GLOBALS['xoopsTpl']->assign('sortentry', $sortentry);
152			$GLOBALS['xoopsTpl']->assign('orderentry', $orderentry);
153
154			// skip these headers because we can merge it to request method column
155			$skips = ['zget', 'post', 'request', 'files', 'env'];
156			// prepared for display. timestamps and var_export
157			$logs = $loglogObj->arrayToDisplay($logs);
158
159			// logs to template
160			$GLOBALS['xoopsTpl']->assign('logs', $logs);
161
162			// query page
163			$GLOBALS['xoopsTpl']->assign('query_page', !empty($query_page) ? $query_page : '');
164
165			// query entry
166			$GLOBALS['xoopsTpl']->assign('query_entry', !empty($query_entry) ? $query_entry : '');
167
168			// var types to template
169			$GLOBALS['xoopsTpl']->assign('types', $type_vars);
170
171			// START main form
172			// form, elements, headers
173			list($form, $elements, $headers) = $logsetObj->logForm($options);
174			// START export
175			if (0 === strpos($opentry, 'export')) {
176			list($opentry, $export) = explode('-', $opentry);
177			// if it is not bulk export get the actual logs in the page
178			if (is_numeric($log_id[0])) {
179			$logs = $userlog->getFromKeys($logs, $log_id);
180			}
181			$totalLogsExport = count($logs);
182			switch ($export) {
183			case 'csv':
184			if ($csvFile = $loglogObj->exportLogsToCsv($logs, $headers, 'engine_' . $engine . '_total_' . $totalLogsExport, ';')) {
185			redirect_header('logs.php?op=' . $query_entry . (!empty($query_page) ? '&' . $query_page : '') . '&limitentry=' . (empty($limitentry) ? $userlog->getConfig('logs_perpage') : $limitentry), 7, sprintf(_AM_USERLOG_LOG_EXPORT_SUCCESS, $totalLogsExport, $csvFile));
186			}
187			redirect_header('logs.php?op=' . $query_entry . (!empty($query_page) ? '&' . $query_page : '') . '&limitentry=' . (empty($limitentry) ? $userlog->getConfig('logs_perpage') : $limitentry), 1, _AM_USERLOG_LOG_EXPORT_ERROR);
188			break;
189			default:
190			break;
191			}
192			}
193			// END export
194
195			// engine element
196			$engineEl = new XoopsFormSelect(_AM_USERLOG_ENGINE, 'engine', $engine);
197			$engineEl->addOption('db', _AM_USERLOG_ENGINE_DB);
198			$engineEl->addOption('file', _AM_USERLOG_ENGINE_FILE);
199			$engineEl->setDescription(_AM_USERLOG_ENGINE_DSC);
200			// file element
201			if ('file' === $engine) {
202			$fileEl = $loglogObj->buildFileSelectEle($file, true);// multiselect = true
203			$fileEl->setDescription(_AM_USERLOG_FILE_DSC);
204			}
205			// limit, sort, order
206			$limitEl = new XoopsFormText(_AM_USERLOG_LOGS_PERPAGE, 'limitentry', 10, 255, $limitentry);
207			$limitEl->setDescription(sprintf(_AM_USERLOG_LOGS_PERPAGE_DSC, $userlog->getConfig('logs_perpage')));
208			$sortEl = new XoopsFormSelect(_AM_USERLOG_SORT, 'sortentry', $sortentry);
209			$sortEl->addOptionArray($headers);
210			$sortEl->setDescription(_AM_USERLOG_SORT_DSC);
211			$orderEl = new XoopsFormSelect(_AM_USERLOG_ORDER, 'orderentry', $orderentry);
212			$orderEl->addOption('DESC', _DESCENDING);
213			$orderEl->addOption('ASC', _ASCENDING);
214			$orderEl->setDescription(_AM_USERLOG_ORDER_DSC);
215			// submit logs
216			$submitEl = new XoopsFormButton(_SUBMIT, 'submitlogs', _SUBMIT, 'submit');
217			// add elements
218			$form->addElement($engineEl);
219			if ('file' === $engine) {
220			$form->addElement($fileEl);
221			}
222			$form->addElement($limitEl);
223			$form->addElement($sortEl);
224			$form->addElement($orderEl);
225			$form->addElement($submitEl);
226			$GLOBALS['xoopsTpl']->assign('form', $form->render());
227			// END main form
228			// START form navigation
229			// formNav in the upper section
230			require_once USERLOG_ROOT_PATH . '/class/form/simpleform.php';
231			$formNav = new UserlogSimpleForm('', 'logsnav', 'logs.php', 'get');
232			foreach ($elements as $key => $ele) {
233			$ele->setClass('hidden');
234			$formNav->addElement($elements[$key]);
235			}
236			if ('file' === $engine) {
237			$fileEl->setClass('floatleft left');
238			$fileEl->setExtra('onchange="document.forms.logsnav.submitlogsnav.click()"');
239			$formNav->addElement($fileEl);
240			}
241			$engineEl->setClass('floatleft left');
242			$engineEl->setExtra('onchange="document.forms.logsnav.submitlogsnav.click()"');
243			$formNav->addElement($engineEl);
244			$limitEl->setClass('floatleft left');
245			$formNav->addElement($limitEl);
246			$sortEl->setExtra('onchange="document.forms.logsnav.submitlogsnav.click()"');
247			$sortEl->setClass('floatleft left');
248			$formNav->addElement($sortEl);
249			$orderEl->setExtra('onchange="document.forms.logsnav.submitlogsnav.click()"');
250			$orderEl->setClass('floatleft left');
251			$formNav->addElement($orderEl);
252			$submitEl = new XoopsFormButton('', 'submitlogsnav', _GO, 'submit');
253			$submitEl->setClass('floatleft left');
254			$formNav->addElement($submitEl);
255			$formNav->setExtra("onsubmit=\"preventSubmitEmptyInput('options[');\"");
256			$GLOBALS['xoopsTpl']->assign('formNav', $formNav->render());
257			// END form navigation
258			// START form head
259			// use _class = array("hidden") to reset element class
260			$formHead = new UserlogSimpleForm(_AM_USERLOG_LOGFORM, 'logshead', 'logs.php', 'get');
261			foreach ($elements as $key => $ele) {
262			$ele->_class = ['floatleft', 'left'];
263			$formHead->addElement($elements[$key]);
264			}
265			// add class hidden to formHead
266			if ('file' === $engine) {
267			$fileEl->_class = ['hidden'];
268			$formHead->addElement($fileEl);
269			}
270			$engineEl->_class = ['hidden'];
271			$formHead->addElement($engineEl);
272			$limitEl->_class = ['hidden'];
273			$formHead->addElement($limitEl);
274			$sortEl->_class = ['hidden'];
275			$formHead->addElement($sortEl);
276			$orderEl->_class = ['hidden'];
277			$formHead->addElement($orderEl);
278			// add submit to formHead
279			$submitEl = new XoopsFormButton('', 'submitlogshead', _SUBMIT, 'submit');
280			$submitEl->setClass('floatleft left');
281			$formHead->addElement($submitEl);
282			$formHead->setExtra("onsubmit=\"preventSubmitEmptyInput('options[');\"");
283			$GLOBALS['xoopsTpl']->assign('formHead', $formHead->render());
284			// END form head
285
286			$adminObject = \Xmf\Module\Admin::getInstance(); // add this just to include the css file to template
287			$GLOBALS['xoopsTpl']->assign('logo', $adminObject->displayNavigation(basename(__FILE__)));
288
289			//headers skip then to template
290			foreach ($skips as $option) {
291			unset($headers[$option]);
292			}
293			$GLOBALS['xoopsTpl']->assign('headers', $headers);
294			// get TOGGLE cookie
295			$toggles = $userlog->getCookie('TOGGLE');
296			$expand = (count($toggles) > 0) ? (in_array('formhead', $toggles) ? false : true) : true;
297			if ($expand) {
298			$formHeadToggle['toggle'] = 'toggle_block';
299			$formHeadToggle['icon'] = 'green';
300			$formHeadToggle['alt'] = _AM_USERLOG_HIDE_FORM;
301			} else {
302			$formHeadToggle['toggle'] = 'toggle_none';
303			$formHeadToggle['icon'] = 'green_off';
304			$formHeadToggle['alt'] = _AM_USERLOG_SHOW_FORM;
305			}
306			$xoopsTpl->assign('formHeadToggle', $formHeadToggle);
307			// template
308			$template_main = USERLOG_DIRNAME . '_admin_logs.tpl';
309			if (!empty($template_main)) {
310			$GLOBALS['xoopsTpl']->display("db:{$template_main}");
311			}
312			xoops_cp_footer();
313

XoopsModules25x / userlog

Issues (304)

Security Analysis not enabled

admin/logs.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like