diff options
Diffstat (limited to 'engine/lib/system_log.php')
| -rw-r--r-- | engine/lib/system_log.php | 76 |
1 files changed, 54 insertions, 22 deletions
diff --git a/engine/lib/system_log.php b/engine/lib/system_log.php index 5e4a145bb..84302632e 100644 --- a/engine/lib/system_log.php +++ b/engine/lib/system_log.php @@ -10,7 +10,10 @@ /** * Retrieve the system log based on a number of parameters. * + * @todo too many args, and the first arg is too confusing + * * @param int|array $by_user The guid(s) of the user(s) who initiated the event. + * Use 0 for unowned entries. Anything else falsey means anyone. * @param string $event The event you are searching on. * @param string $class The class of object it effects. * @param string $type The type @@ -21,11 +24,12 @@ * @param int $timebefore Lower time limit * @param int $timeafter Upper time limit * @param int $object_id GUID of an object - * + * @param string $ip_address The IP address. * @return mixed */ -function get_system_log($by_user = "", $event = "", $class = "", $type = "", $subtype = "", -$limit = 10, $offset = 0, $count = false, $timebefore = 0, $timeafter = 0, $object_id = 0) { +function get_system_log($by_user = "", $event = "", $class = "", $type = "", $subtype = "", $limit = 10, + $offset = 0, $count = false, $timebefore = 0, $timeafter = 0, $object_id = 0, + $ip_address = "") { global $CONFIG; @@ -37,16 +41,18 @@ $limit = 10, $offset = 0, $count = false, $timebefore = 0, $timeafter = 0, $obje } else { $by_user = (int)$by_user; } + $event = sanitise_string($event); $class = sanitise_string($class); $type = sanitise_string($type); $subtype = sanitise_string($subtype); + $ip_address = sanitise_string($ip_address); $limit = (int)$limit; $offset = (int)$offset; $where = array(); - if ($by_user_orig !== "") { + if ($by_user_orig !== "" && $by_user_orig !== false && $by_user_orig !== null) { if (is_int($by_user)) { $where[] = "performed_by_guid=$by_user"; } else if (is_array($by_user)) { @@ -75,6 +81,9 @@ $limit = 10, $offset = 0, $count = false, $timebefore = 0, $timeafter = 0, $obje if ($object_id) { $where[] = "object_id = " . ((int) $object_id); } + if ($ip_address) { + $where[] = "ip_address = '$ip_address'"; + } $select = "*"; if ($count) { @@ -91,7 +100,8 @@ $limit = 10, $offset = 0, $count = false, $timebefore = 0, $timeafter = 0, $obje } if ($count) { - if ($numrows = get_data_row($query)) { + $numrows = get_data_row($query); + if ($numrows) { return $numrows->count; } } else { @@ -128,9 +138,12 @@ function get_object_from_log_entry($entry_id) { if ($entry) { $class = $entry->object_class; - $tmp = new $class(); - $object = $tmp->getObjectFromID($entry->object_id); - + // surround with try/catch because object could be disabled + try { + $object = new $class($entry->object_id); + } catch (Exception $e) { + + } if ($object) { return $object; } @@ -145,17 +158,26 @@ function get_object_from_log_entry($entry_id) { * This is called by the event system and should not be called directly. * * @param object $object The object you're talking about. - * @param string $event String The event being logged - * - * @return mixed + * @param string $event The event being logged + * @return void */ function system_log($object, $event) { global $CONFIG; - static $logcache; + static $log_cache; + static $cache_size = 0; if ($object instanceof Loggable) { - if (!is_array($logcache)) { - $logcache = array(); + + /* @var ElggEntity|ElggExtender $object */ + if (datalist_get('version') < 2012012000) { + // this is a site that doesn't have the ip_address column yet + return; + } + + // reset cache if it has grown too large + if (!is_array($log_cache) || $cache_size > 500) { + $log_cache = array(); + $cache_size = 0; } // Has loggable interface, extract the necessary information and store @@ -165,7 +187,17 @@ function system_log($object, $event) { $object_subtype = $object->getSubtype(); $event = sanitise_string($event); $time = time(); - $performed_by = get_loggedin_userid(); + + if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { + $ip_address = array_pop(explode(',', $_SERVER['HTTP_X_FORWARDED_FOR'])); + } elseif (!empty($_SERVER['HTTP_X_REAL_IP'])) { + $ip_address = array_pop(explode(',', $_SERVER['HTTP_X_REAL_IP'])); + } else { + $ip_address = $_SERVER['REMOTE_ADDR']; + } + $ip_address = sanitise_string($ip_address); + + $performed_by = elgg_get_logged_in_user_guid(); if (isset($object->access_id)) { $access_id = $object->access_id; @@ -185,20 +217,19 @@ function system_log($object, $event) { } // Create log if we haven't already created it - if (!isset($logcache[$time][$object_id][$event])) { + if (!isset($log_cache[$time][$object_id][$event])) { $query = "INSERT DELAYED into {$CONFIG->dbprefix}system_log (object_id, object_class, object_type, object_subtype, event, - performed_by_guid, owner_guid, access_id, enabled, time_created) + performed_by_guid, owner_guid, access_id, enabled, time_created, ip_address) VALUES ('$object_id','$object_class','$object_type', '$object_subtype', '$event', - $performed_by, $owner_guid, $access_id, '$enabled', '$time')"; + $performed_by, $owner_guid, $access_id, '$enabled', '$time', '$ip_address')"; insert_data($query); - $logcache[$time][$object_id][$event] = true; + $log_cache[$time][$object_id][$event] = true; + $cache_size += 1; } - - return true; } } @@ -263,6 +294,7 @@ function system_log_default_logger($event, $object_type, $object) { * @param Loggable $object Object to log * * @return true + * @access private */ function system_log_listener($event, $object_type, $object) { if (($object_type != 'systemlog') && ($event != 'log')) { @@ -276,4 +308,4 @@ function system_log_listener($event, $object_type, $object) { elgg_register_event_handler('all', 'all', 'system_log_listener', 400); /** Register a default system log handler */ -elgg_register_event_handler('log', 'systemlog', 'system_log_default_logger', 999);
\ No newline at end of file +elgg_register_event_handler('log', 'systemlog', 'system_log_default_logger', 999); |