1 <?php |
1 <?php |
2 |
2 |
3 /* |
3 /* |
4 * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between |
4 * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between |
5 * Version 1.1.6 (Caoineag beta 1) |
5 * Copyright (C) 2006-2009 Dan Fuhry |
6 * Copyright (C) 2006-2008 Dan Fuhry |
|
7 * sessions.php - everything related to security and user management |
6 * sessions.php - everything related to security and user management |
8 * |
7 * |
9 * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License |
8 * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License |
10 * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. |
9 * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. |
11 * |
10 * |
411 $db->_die('The error seems to have occurred somewhere in the session management code.'); |
424 $db->_die('The error seems to have occurred somewhere in the session management code.'); |
412 } |
425 } |
413 return $result; |
426 return $result; |
414 } |
427 } |
415 |
428 |
|
429 /** |
|
430 * Returns true if we're currently on a page that shouldn't be blocked even if we have an inactive or banned account |
|
431 * @param bool strict - if true, whitelist of pages is even stricter (Login, Logout and CSS only). if false (default), admin access is allowed, assuming other factors allow it |
|
432 * @return bool |
|
433 */ |
|
434 |
|
435 function on_critical_page($strict = false) |
|
436 { |
|
437 global $title; |
|
438 list($page_id, $namespace) = RenderMan::strToPageID($title); |
|
439 list($page_id) = explode('/', $page_id); |
|
440 |
|
441 if ( $strict ) |
|
442 { |
|
443 return $namespace == 'Special' && in_array($page_id, array('CSS', 'Login', 'Logout')); |
|
444 } |
|
445 else |
|
446 { |
|
447 return $namespace == 'Admin' || ($namespace == 'Special' && in_array($page_id, array('CSS', 'Login', 'Logout', 'Administration'))); |
|
448 } |
|
449 } |
|
450 |
416 # Session restoration and permissions |
451 # Session restoration and permissions |
417 |
452 |
418 /** |
453 /** |
419 * Initializes the basic state of things, including most user prefs, login data, cookie stuff |
454 * Initializes the basic state of things, including most user prefs, login data, cookie stuff |
420 */ |
455 */ |
437 { |
472 { |
438 $userdata = $this->validate_session($_COOKIE['sid']); |
473 $userdata = $this->validate_session($_COOKIE['sid']); |
439 } |
474 } |
440 if ( is_array($userdata) ) |
475 if ( is_array($userdata) ) |
441 { |
476 { |
442 $data = RenderMan::strToPageID($paths->get_pageid_from_url()); |
|
443 |
|
444 if(!$this->compat && $userdata['account_active'] != 1 && $data[1] != 'Special' && $data[1] != 'Admin') |
|
445 { |
|
446 $this->show_inactive_error($userdata); |
|
447 } |
|
448 |
|
449 $this->sid = $_COOKIE['sid']; |
477 $this->sid = $_COOKIE['sid']; |
450 $this->user_logged_in = true; |
478 $this->user_logged_in = true; |
451 $this->user_id = intval($userdata['user_id']); |
479 $this->user_id = intval($userdata['user_id']); |
452 $this->username = $userdata['username']; |
480 $this->username = $userdata['username']; |
453 $this->user_level = intval($userdata['user_level']); |
481 $this->user_level = intval($userdata['user_level']); |
551 } |
579 } |
552 |
580 |
553 // make sure we aren't banned |
581 // make sure we aren't banned |
554 $this->check_banlist(); |
582 $this->check_banlist(); |
555 |
583 |
|
584 // make sure the account is active |
|
585 if ( !$this->compat && $this->user_logged_in && $userdata['account_active'] != 1 && !$this->on_critical_page() ) |
|
586 { |
|
587 $this->show_inactive_error($userdata); |
|
588 } |
|
589 |
556 // Printable page view? Probably the wrong place to control |
590 // Printable page view? Probably the wrong place to control |
557 // it but $template is pretty dumb, it will just about always |
591 // it but $template is pretty dumb, it will just about always |
558 // do what you ask it to do, which isn't always what we want |
592 // do what you ask it to do, which isn't always what we want |
559 if ( isset ( $_GET['printable'] ) ) |
593 if ( isset ( $_GET['printable'] ) ) |
560 { |
594 { |
722 if ( $db->numrows() < 1 ) |
756 if ( $db->numrows() < 1 ) |
723 { |
757 { |
724 // This wasn't logged in <1.0.2, dunno how it slipped through |
758 // This wasn't logged in <1.0.2, dunno how it slipped through |
725 if ( $level > USER_LEVEL_MEMBER ) |
759 if ( $level > USER_LEVEL_MEMBER ) |
726 $this->sql('INSERT INTO ' . table_prefix . "logs(log_type,action,time_id,date_string,author,edit_summary,page_text) VALUES\n" |
760 $this->sql('INSERT INTO ' . table_prefix . "logs(log_type,action,time_id,date_string,author,edit_summary,page_text) VALUES\n" |
727 . ' (\'security\', \'admin_auth_bad\', '.time().', \''.enano_date('d M Y h:i a').'\', \''.$db->escape($username).'\', ' |
761 . ' (\'security\', \'admin_auth_bad\', '.time().', \''.enano_date(ED_DATE | ED_TIME).'\', \''.$db->escape($username).'\', ' |
728 . '\''.$db->escape($_SERVER['REMOTE_ADDR']).'\', ' . intval($level) . ')'); |
762 . '\''.$db->escape($_SERVER['REMOTE_ADDR']).'\', ' . intval($level) . ')'); |
729 else |
763 else |
730 $this->sql('INSERT INTO ' . table_prefix . "logs(log_type,action,time_id,date_string,author,edit_summary) VALUES\n" |
764 $this->sql('INSERT INTO ' . table_prefix . "logs(log_type,action,time_id,date_string,author,edit_summary) VALUES\n" |
731 . ' (\'security\', \'auth_bad\', '.time().', \''.enano_date('d M Y h:i a').'\', \''.$db->escape($username).'\', ' |
765 . ' (\'security\', \'auth_bad\', '.time().', \''.enano_date(ED_DATE | ED_TIME).'\', \''.$db->escape($username).'\', ' |
732 . '\''.$db->escape($_SERVER['REMOTE_ADDR']).'\')'); |
766 . '\''.$db->escape($_SERVER['REMOTE_ADDR']).'\')'); |
733 |
767 |
734 // Do we also need to increment the lockout countdown? |
768 // Do we also need to increment the lockout countdown? |
735 if ( @$lockout_data['lockout_policy'] != 'disable' && !defined('IN_ENANO_INSTALL') ) |
769 if ( @$lockout_data['lockout_policy'] != 'disable' && !defined('IN_ENANO_INSTALL') ) |
736 { |
770 { |
820 if((int)$level > (int)$row['user_level']) |
854 if((int)$level > (int)$row['user_level']) |
821 return array( |
855 return array( |
822 'success' => false, |
856 'success' => false, |
823 'error' => 'too_big_for_britches' |
857 'error' => 'too_big_for_britches' |
824 ); |
858 ); |
|
859 |
|
860 // grant session |
825 $sess = $this->register_session($row['user_id'], $username, ( isset($password_hmac) ? $password_hmac : $password ), $level, $remember); |
861 $sess = $this->register_session($row['user_id'], $username, ( isset($password_hmac) ? $password_hmac : $password ), $level, $remember); |
|
862 |
826 if($sess) |
863 if($sess) |
827 { |
864 { |
828 if($level > USER_LEVEL_MEMBER) |
865 if($level > USER_LEVEL_MEMBER) |
829 $this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary,page_text) VALUES(\'security\', \'admin_auth_good\', '.time().', \''.enano_date('d M Y h:i a').'\', \''.$db->escape($username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\', ' . intval($level) . ')'); |
866 $this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary,page_text) VALUES(\'security\', \'admin_auth_good\', '.time().', \''.enano_date(ED_DATE | ED_TIME).'\', \''.$db->escape($username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\', ' . intval($level) . ')'); |
830 else |
867 else |
831 $this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary) VALUES(\'security\', \'auth_good\', '.time().', \''.enano_date('d M Y h:i a').'\', \''.$db->escape($username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\')'); |
868 $this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary) VALUES(\'security\', \'auth_good\', '.time().', \''.enano_date(ED_DATE | ED_TIME).'\', \''.$db->escape($username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\')'); |
832 |
869 |
833 $code = $plugins->setHook('login_success'); |
870 $code = $plugins->setHook('login_success'); |
834 foreach ( $code as $cmd ) |
871 foreach ( $code as $cmd ) |
835 { |
872 { |
836 eval($cmd); |
873 eval($cmd); |
847 ); |
884 ); |
848 } |
885 } |
849 else |
886 else |
850 { |
887 { |
851 if($level > USER_LEVEL_MEMBER) |
888 if($level > USER_LEVEL_MEMBER) |
852 $this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary,page_text) VALUES(\'security\', \'admin_auth_bad\', '.time().', \''.enano_date('d M Y h:i a').'\', \''.$db->escape($username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\', ' . intval($level) . ')'); |
889 $this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary,page_text) VALUES(\'security\', \'admin_auth_bad\', '.time().', \''.enano_date(ED_DATE | ED_TIME).'\', \''.$db->escape($username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\', ' . intval($level) . ')'); |
853 else |
890 else |
854 $this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary) VALUES(\'security\', \'auth_bad\', '.time().', \''.enano_date('d M Y h:i a').'\', \''.$db->escape($username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\')'); |
891 $this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary) VALUES(\'security\', \'auth_bad\', '.time().', \''.enano_date(ED_DATE | ED_TIME).'\', \''.$db->escape($username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\')'); |
855 |
892 |
856 // Do we also need to increment the lockout countdown? |
893 // Do we also need to increment the lockout countdown? |
857 if ( !defined('IN_ENANO_INSTALL') && $lockout_data['lockout_policy'] != 'disable' ) |
894 if ( !defined('IN_ENANO_INSTALL') && $lockout_data['lockout_policy'] != 'disable' ) |
858 { |
895 { |
859 $ipaddr = $db->escape($_SERVER['REMOTE_ADDR']); |
896 $ipaddr = $db->escape($_SERVER['REMOTE_ADDR']); |
965 { |
1002 { |
966 // Stash it in a cookie |
1003 // Stash it in a cookie |
967 // For now, make the cookie last forever, we can change this in 1.1.x |
1004 // For now, make the cookie last forever, we can change this in 1.1.x |
968 setcookie( 'sid', $session_key, time()+15552000, scriptPath.'/', null, $GLOBALS['is_https']); |
1005 setcookie( 'sid', $session_key, time()+15552000, scriptPath.'/', null, $GLOBALS['is_https']); |
969 $_COOKIE['sid'] = $session_key; |
1006 $_COOKIE['sid'] = $session_key; |
|
1007 $this->sid = $session_key; |
970 } |
1008 } |
971 // $keyhash is stored in the database, this is for compatibility with the older DB structure |
1009 // $keyhash is stored in the database, this is for compatibility with the older DB structure |
972 $keyhash = md5($session_key); |
1010 $keyhash = md5($session_key); |
973 // Record the user's IP |
1011 // Record the user's IP |
974 $ip = $_SERVER['REMOTE_ADDR']; |
1012 $ip = $_SERVER['REMOTE_ADDR']; |
1190 |
1228 |
1191 $columns_groupby = "u.user_id, u.username, u.password, u.password_salt, u.email, u.real_name, u.user_level, u.theme, u.style, u.signature,\n" |
1229 $columns_groupby = "u.user_id, u.username, u.password, u.password_salt, u.email, u.real_name, u.user_level, u.theme, u.style, u.signature,\n" |
1192 . " u.reg_time, u.account_active, u.activation_key, u.user_lang, u.user_timezone, u.user_title, u.user_dst,\n" |
1230 . " u.reg_time, u.account_active, u.activation_key, u.user_lang, u.user_timezone, u.user_title, u.user_dst,\n" |
1193 . " k.salt, k.source_ip, k.time, k.auth_level, k.key_type, x.user_id, x.user_aim, x.user_yahoo, x.user_msn,\n" |
1231 . " k.salt, k.source_ip, k.time, k.auth_level, k.key_type, x.user_id, x.user_aim, x.user_yahoo, x.user_msn,\n" |
1194 . " x.user_xmpp, x.user_homepage, x.user_location, x.user_job, x.user_hobbies, x.email_public,\n" |
1232 . " x.user_xmpp, x.user_homepage, x.user_location, x.user_job, x.user_hobbies, x.email_public,\n" |
1195 . " x.disable_js_fx"; |
1233 . " x.disable_js_fx, x.date_format, x.time_format"; |
1196 |
1234 |
1197 $joins = " LEFT JOIN " . table_prefix . "users AS u\n" |
1235 $joins = " LEFT JOIN " . table_prefix . "users AS u\n" |
1198 . " ON ( u.user_id=k.user_id )\n" |
1236 . " ON ( u.user_id=k.user_id )\n" |
1199 . " LEFT JOIN " . table_prefix . "users_extra AS x\n" |
1237 . " LEFT JOIN " . table_prefix . "users_extra AS x\n" |
1200 . " ON ( u.user_id=x.user_id OR x.user_id IS NULL )\n" |
1238 . " ON ( u.user_id=x.user_id OR x.user_id IS NULL )\n" |
1219 . " GROUP BY $columns_groupby;"); |
1257 . " GROUP BY $columns_groupby;"); |
1220 } |
1258 } |
1221 |
1259 |
1222 if ( !$query && ( defined('IN_ENANO_INSTALL') or defined('IN_ENANO_UPGRADE') ) ) |
1260 if ( !$query && ( defined('IN_ENANO_INSTALL') or defined('IN_ENANO_UPGRADE') ) ) |
1223 { |
1261 { |
1224 $query = $this->sql('SELECT u.user_id AS uid,u.username,u.password,\'\' AS password_salt,u.email,u.real_name,u.user_level,u.theme,u.style,u.signature,u.reg_time,u.account_active,u.activation_key,k.source_ip,k.time,k.auth_level,COUNT(p.message_id) AS num_pms, 1440 AS user_timezone, \'0;0;0;0;60\' AS user_dst, ' . SK_SHORT . ' AS key_type FROM '.table_prefix.'session_keys AS k |
1262 $key_md5 = $loose_call ? $key : md5($key); |
|
1263 $query = $this->sql('SELECT u.user_id AS uid,u.username,u.password,\'\' AS password_salt,u.email,u.real_name,u.user_level,u.theme,u.style,u.signature,u.reg_time,u.account_active,u.activation_key,k.source_ip,k.time,k.auth_level,COUNT(p.message_id) AS num_pms, 1440 AS user_timezone, \'0;0;0;0;60\' AS user_dst, ' . SK_SHORT . ' AS key_type, k.salt FROM '.table_prefix.'session_keys AS k |
1225 LEFT JOIN '.table_prefix.'users AS u |
1264 LEFT JOIN '.table_prefix.'users AS u |
1226 ON ( u.user_id=k.user_id ) |
1265 ON ( u.user_id=k.user_id ) |
1227 LEFT JOIN '.table_prefix.'privmsgs AS p |
1266 LEFT JOIN '.table_prefix.'privmsgs AS p |
1228 ON ( p.message_to=u.username AND p.message_read=0 ) |
1267 ON ( p.message_to=u.username AND p.message_read=0 ) |
1229 WHERE k.session_key=\''.$key.'\' |
1268 WHERE k.session_key=\''.$key_md5.'\' |
1230 AND k.salt=\''.$salt.'\' |
1269 GROUP BY u.user_id,u.username,u.password,u.email,u.real_name,u.user_level,u.theme,u.style,u.signature,u.reg_time,u.account_active,u.activation_key,k.source_ip,k.time,k.auth_level,k.salt;'); |
1231 GROUP BY u.user_id,u.username,u.password,u.email,u.real_name,u.user_level,u.theme,u.style,u.signature,u.reg_time,u.account_active,u.activation_key,k.source_ip,k.time,k.auth_level;'); |
|
1232 } |
1270 } |
1233 else if ( !$query ) |
1271 else if ( !$query ) |
1234 { |
1272 { |
1235 $db->_die(); |
1273 $db->_die(); |
1236 } |
1274 } |
1237 if($db->numrows() < 1) |
1275 if($db->numrows() < 1) |
1238 { |
1276 { |
1239 // echo '(debug) $session->validate_session: Key was not found in database<br />'; |
1277 // echo '(debug) $session->validate_session: Key was not found in database: ' . $key_md5 . '<br />'; |
1240 return false; |
1278 return false; |
1241 } |
1279 } |
1242 $row = $db->fetchrow(); |
1280 $row = $db->fetchrow(); |
1243 profiler_log("SessionManager: session check: selected and fetched results"); |
1281 profiler_log("SessionManager: session check: selected and fetched results"); |
1244 |
1282 |
1344 $user_extra[$column] = $row[$column]; |
1382 $user_extra[$column] = $row[$column]; |
1345 else |
1383 else |
1346 $user_extra[$column] = ''; |
1384 $user_extra[$column] = ''; |
1347 } |
1385 } |
1348 |
1386 |
|
1387 if ( isset($row['date_format']) ) |
|
1388 $this->date_format = $row['date_format']; |
|
1389 if ( isset($row['time_format']) ) |
|
1390 $this->time_format = $row['time_format']; |
|
1391 |
1349 $this->user_extra = $user_extra; |
1392 $this->user_extra = $user_extra; |
1350 // Leave the rest to PHP's automatic garbage collector ;-) |
1393 // Leave the rest to PHP's automatic garbage collector ;-) |
1351 |
1394 |
1352 $row['password'] = ''; |
1395 $row['password'] = ''; |
1353 $row['user_timezone'] = intval($row['user_timezone']) - 1440; |
1396 $row['user_timezone'] = intval($row['user_timezone']) - 1440; |
1473 |
1516 |
1474 function show_inactive_error($userdata) |
1517 function show_inactive_error($userdata) |
1475 { |
1518 { |
1476 global $db, $session, $paths, $template, $plugins; // Common objects |
1519 global $db, $session, $paths, $template, $plugins; // Common objects |
1477 global $lang; |
1520 global $lang; |
|
1521 |
|
1522 global $title; |
|
1523 $paths->init($title); |
1478 |
1524 |
1479 $language = intval(getConfig('default_language')); |
1525 $language = intval(getConfig('default_language')); |
1480 $lang = new Language($language); |
1526 $lang = new Language($language); |
1481 @setlocale(LC_ALL, $lang->lang_code); |
1527 @setlocale(LC_ALL, $lang->lang_code); |
1482 |
1528 |
1539 <p><input type="submit" name="logout" value="' . $lang->get('user_login_noact_btn_log_out') . '" /></p> |
1585 <p><input type="submit" name="logout" value="' . $lang->get('user_login_noact_btn_log_out') . '" /></p> |
1540 </form>'; |
1586 </form>'; |
1541 } |
1587 } |
1542 } |
1588 } |
1543 |
1589 |
1544 die_semicritical($lang->get('user_login_noact_title'), '<p>' . $lang->get('user_login_noact_msg_intro') . ' '.$solution.'</p>' . $form); |
1590 global $output; |
|
1591 $output = new Output_HTML(); |
|
1592 $output->set_title($lang->get('user_login_noact_title')); |
|
1593 die_friendly($lang->get('user_login_noact_title'), '<p>' . $lang->get('user_login_noact_msg_intro') . ' '.$solution.'</p>' . $form); |
1545 } |
1594 } |
1546 |
1595 |
1547 /** |
1596 /** |
1548 * Appends the high-privilege session key to the URL if we are authorized to do high-privilege stuff |
1597 * Appends the high-privilege session key to the URL if we are authorized to do high-privilege stuff |
1549 * @param string $url The URL to add session data to |
1598 * @param string $url The URL to add session data to |
1755 function check_banlist() |
1804 function check_banlist() |
1756 { |
1805 { |
1757 global $db, $session, $paths, $template, $plugins; // Common objects |
1806 global $db, $session, $paths, $template, $plugins; // Common objects |
1758 global $lang; |
1807 global $lang; |
1759 |
1808 |
1760 $col_reason = ( $this->compat ) ? '"No reason entered (session manager is in compatibility mode)" AS reason' : 'reason'; |
1809 $col_reason = ( $this->compat ) ? '\'No reason available (session manager is in compatibility mode)\' AS reason' : 'reason'; |
|
1810 $remote_addr = ( strstr($_SERVER['REMOTE_ADDR'], ':') ) ? expand_ipv6_address($_SERVER['REMOTE_ADDR']) : $_SERVER['REMOTE_ADDR']; |
|
1811 |
1761 $banned = false; |
1812 $banned = false; |
1762 if ( $this->user_logged_in ) |
1813 if ( $this->user_logged_in ) |
1763 { |
1814 { |
1764 // check by IP, email, and username |
1815 // check by IP, email, and username |
1765 if ( ENANO_DBLAYER == 'MYSQL' ) |
1816 if ( ENANO_DBLAYER == 'MYSQL' ) |
2227 */ |
2281 */ |
2228 |
2282 |
2229 function admin_activation_request($u) |
2283 function admin_activation_request($u) |
2230 { |
2284 { |
2231 global $db; |
2285 global $db; |
2232 $this->sql('INSERT INTO '.table_prefix.'logs(log_type, action, time_id, date_string, author, edit_summary) VALUES(\'admin\', \'activ_req\', '.time().', \''.enano_date('d M Y h:i a').'\', \''.$this->username.'\', \''.$db->escape($u).'\');'); |
2286 $this->sql('INSERT INTO '.table_prefix.'logs(log_type, action, time_id, date_string, author, edit_summary) VALUES(\'admin\', \'activ_req\', '.time().', \''.enano_date(ED_DATE | ED_TIME).'\', \''.$this->username.'\', \''.$db->escape($u).'\');'); |
2233 } |
2287 } |
2234 |
2288 |
2235 /** |
2289 /** |
2236 * Activates a user account. If the action fails, a report is sent to the admin. |
2290 * Activates a user account. If the action fails, a report is sent to the admin. |
2237 * @param string $user The username of the user requesting activation |
2291 * @param string $user The username of the user requesting activation |
2243 global $db, $session, $paths, $template, $plugins; // Common objects |
2297 global $db, $session, $paths, $template, $plugins; // Common objects |
2244 $this->sql('UPDATE '.table_prefix.'users SET account_active=1 WHERE username=\''.$db->escape($user).'\' AND activation_key=\''.$db->escape($key).'\';'); |
2298 $this->sql('UPDATE '.table_prefix.'users SET account_active=1 WHERE username=\''.$db->escape($user).'\' AND activation_key=\''.$db->escape($key).'\';'); |
2245 $r = mysql_affected_rows(); |
2299 $r = mysql_affected_rows(); |
2246 if ( $r > 0 ) |
2300 if ( $r > 0 ) |
2247 { |
2301 { |
2248 $e = $this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary) VALUES(\'security\', \'activ_good\', '.time().', \''.enano_date('d M Y h:i a').'\', \''.$db->escape($user).'\', \''.$_SERVER['REMOTE_ADDR'].'\')'); |
2302 $e = $this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary) VALUES(\'security\', \'activ_good\', '.time().', \''.enano_date(ED_DATE | ED_TIME).'\', \''.$db->escape($user).'\', \''.$_SERVER['REMOTE_ADDR'].'\')'); |
2249 } |
2303 } |
2250 else |
2304 else |
2251 { |
2305 { |
2252 $e = $this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary) VALUES(\'security\', \'activ_bad\', '.time().', \''.enano_date('d M Y h:i a').'\', \''.$db->escape($user).'\', \''.$_SERVER['REMOTE_ADDR'].'\')'); |
2306 $e = $this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary) VALUES(\'security\', \'activ_bad\', '.time().', \''.enano_date(ED_DATE | ED_TIME).'\', \''.$db->escape($user).'\', \''.$_SERVER['REMOTE_ADDR'].'\')'); |
2253 } |
2307 } |
2254 return $r; |
2308 return $r; |
2255 } |
2309 } |
2256 |
2310 |
2257 /** |
2311 /** |