Logging.php 19 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532
  1. <?php
  2. /**
  3. * This file concerns itself with logging, whether in the database or files.
  4. *
  5. * Simple Machines Forum (SMF)
  6. *
  7. * @package SMF
  8. * @author Simple Machines http://www.simplemachines.org
  9. * @copyright 2013 Simple Machines and individual contributors
  10. * @license http://www.simplemachines.org/about/smf/license.php BSD
  11. *
  12. * @version 2.1 Alpha 1
  13. */
  14. if (!defined('SMF'))
  15. die('No direct access...');
  16. /**
  17. * Put this user in the online log.
  18. *
  19. * @param bool $force = false
  20. */
  21. function writeLog($force = false)
  22. {
  23. global $user_info, $user_settings, $context, $modSettings, $settings, $topic, $board, $smcFunc, $sourcedir;
  24. // If we are showing who is viewing a topic, let's see if we are, and force an update if so - to make it accurate.
  25. if (!empty($settings['display_who_viewing']) && ($topic || $board))
  26. {
  27. // Take the opposite approach!
  28. $force = true;
  29. // Don't update for every page - this isn't wholly accurate but who cares.
  30. if ($topic)
  31. {
  32. if (isset($_SESSION['last_topic_id']) && $_SESSION['last_topic_id'] == $topic)
  33. $force = false;
  34. $_SESSION['last_topic_id'] = $topic;
  35. }
  36. }
  37. // Are they a spider we should be tracking? Mode = 1 gets tracked on its spider check...
  38. if (!empty($user_info['possibly_robot']) && !empty($modSettings['spider_mode']) && $modSettings['spider_mode'] > 1)
  39. {
  40. require_once($sourcedir . '/ManageSearchEngines.php');
  41. logSpider();
  42. }
  43. // Don't mark them as online more than every so often.
  44. if (!empty($_SESSION['log_time']) && $_SESSION['log_time'] >= (time() - 8) && !$force)
  45. return;
  46. if (!empty($modSettings['who_enabled']))
  47. {
  48. $serialized = $_GET + array('USER_AGENT' => $_SERVER['HTTP_USER_AGENT']);
  49. // In the case of a dlattach action, session_var may not be set.
  50. if (!isset($context['session_var']))
  51. $context['session_var'] = $_SESSION['session_var'];
  52. unset($serialized['sesc'], $serialized[$context['session_var']]);
  53. $serialized = serialize($serialized);
  54. }
  55. else
  56. $serialized = '';
  57. // Guests use 0, members use their session ID.
  58. $session_id = $user_info['is_guest'] ? 'ip' . $user_info['ip'] : session_id();
  59. // Grab the last all-of-SMF-specific log_online deletion time.
  60. $do_delete = cache_get_data('log_online-update', 30) < time() - 30;
  61. // If the last click wasn't a long time ago, and there was a last click...
  62. if (!empty($_SESSION['log_time']) && $_SESSION['log_time'] >= time() - $modSettings['lastActive'] * 20)
  63. {
  64. if ($do_delete)
  65. {
  66. $smcFunc['db_query']('delete_log_online_interval', '
  67. DELETE FROM {db_prefix}log_online
  68. WHERE log_time < {int:log_time}
  69. AND session != {string:session}',
  70. array(
  71. 'log_time' => time() - $modSettings['lastActive'] * 60,
  72. 'session' => $session_id,
  73. )
  74. );
  75. // Cache when we did it last.
  76. cache_put_data('log_online-update', time(), 30);
  77. }
  78. $smcFunc['db_query']('', '
  79. UPDATE {db_prefix}log_online
  80. SET log_time = {int:log_time}, ip = IFNULL(INET_ATON({string:ip}), 0), url = {string:url}
  81. WHERE session = {string:session}',
  82. array(
  83. 'log_time' => time(),
  84. 'ip' => $user_info['ip'],
  85. 'url' => $serialized,
  86. 'session' => $session_id,
  87. )
  88. );
  89. // Guess it got deleted.
  90. if ($smcFunc['db_affected_rows']() == 0)
  91. $_SESSION['log_time'] = 0;
  92. }
  93. else
  94. $_SESSION['log_time'] = 0;
  95. // Otherwise, we have to delete and insert.
  96. if (empty($_SESSION['log_time']))
  97. {
  98. if ($do_delete || !empty($user_info['id']))
  99. $smcFunc['db_query']('', '
  100. DELETE FROM {db_prefix}log_online
  101. WHERE ' . ($do_delete ? 'log_time < {int:log_time}' : '') . ($do_delete && !empty($user_info['id']) ? ' OR ' : '') . (empty($user_info['id']) ? '' : 'id_member = {int:current_member}'),
  102. array(
  103. 'current_member' => $user_info['id'],
  104. 'log_time' => time() - $modSettings['lastActive'] * 60,
  105. )
  106. );
  107. $smcFunc['db_insert']($do_delete ? 'ignore' : 'replace',
  108. '{db_prefix}log_online',
  109. array('session' => 'string', 'id_member' => 'int', 'id_spider' => 'int', 'log_time' => 'int', 'ip' => 'raw', 'url' => 'string'),
  110. array($session_id, $user_info['id'], empty($_SESSION['id_robot']) ? 0 : $_SESSION['id_robot'], time(), 'IFNULL(INET_ATON(\'' . $user_info['ip'] . '\'), 0)', $serialized),
  111. array('session')
  112. );
  113. }
  114. // Mark your session as being logged.
  115. $_SESSION['log_time'] = time();
  116. // Well, they are online now.
  117. if (empty($_SESSION['timeOnlineUpdated']))
  118. $_SESSION['timeOnlineUpdated'] = time();
  119. // Set their login time, if not already done within the last minute.
  120. if (SMF != 'SSI' && !empty($user_info['last_login']) && $user_info['last_login'] < time() - 60)
  121. {
  122. // Don't count longer than 15 minutes.
  123. if (time() - $_SESSION['timeOnlineUpdated'] > 60 * 15)
  124. $_SESSION['timeOnlineUpdated'] = time();
  125. $user_settings['total_time_logged_in'] += time() - $_SESSION['timeOnlineUpdated'];
  126. updateMemberData($user_info['id'], array('last_login' => time(), 'member_ip' => $user_info['ip'], 'member_ip2' => $_SERVER['BAN_CHECK_IP'], 'total_time_logged_in' => $user_settings['total_time_logged_in']));
  127. if (!empty($modSettings['cache_enable']) && $modSettings['cache_enable'] >= 2)
  128. cache_put_data('user_settings-' . $user_info['id'], $user_settings, 60);
  129. $user_info['total_time_logged_in'] += time() - $_SESSION['timeOnlineUpdated'];
  130. $_SESSION['timeOnlineUpdated'] = time();
  131. }
  132. }
  133. /**
  134. * Logs the last database error into a file.
  135. * Attempts to use the backup file first, to store the last database error
  136. * and only update db_last_error.php if the first was successful.
  137. */
  138. function logLastDatabaseError()
  139. {
  140. global $boarddir;
  141. // Make a note of the last modified time in case someone does this before us
  142. $last_db_error_change = @filemtime($boarddir . '/db_last_error.php');
  143. // save the old file before we do anything
  144. $file = $boarddir . '/db_last_error.php';
  145. $dberror_backup_fail = !@is_writable($boarddir . '/db_last_error_bak.php') || !@copy($file, $boarddir . '/db_last_error_bak.php');
  146. $dberror_backup_fail = !$dberror_backup_fail ? (!file_exists($boarddir . '/db_last_error_bak.php') || filesize($boarddir . '/db_last_error_bak.php') === 0) : $dberror_backup_fail;
  147. clearstatcache();
  148. if (filemtime($boarddir . '/db_last_error.php') === $last_db_error_change)
  149. {
  150. // Write the change
  151. $write_db_change = '<' . '?' . "php\n" . '$db_last_error = ' . time() . ';' . "\n" . '?' . '>';
  152. $written_bytes = file_put_contents($boarddir . '/db_last_error.php', $write_db_change, LOCK_EX);
  153. // survey says ...
  154. if ($written_bytes !== strlen($write_db_change) && !$dberror_backup_fail)
  155. {
  156. // Oops. maybe we have no more disk space left, or some other troubles, troubles...
  157. // Copy the file back and run for your life!
  158. @copy($boarddir . '/db_last_error_bak.php', $boarddir . '/db_last_error.php');
  159. }
  160. else
  161. {
  162. @touch($boarddir . '/' . 'Settings.php');
  163. return true;
  164. }
  165. }
  166. return false;
  167. }
  168. /**
  169. * This function shows the debug information tracked when $db_show_debug = true
  170. * in Settings.php
  171. */
  172. function displayDebug()
  173. {
  174. global $context, $scripturl, $boarddir, $modSettings, $boarddir;
  175. global $db_cache, $db_count, $db_show_debug, $cache_count, $cache_hits;
  176. global $smcFunc, $txt;
  177. // Add to Settings.php if you want to show the debugging information.
  178. if (!isset($db_show_debug) || $db_show_debug !== true || (isset($_GET['action']) && $_GET['action'] == 'viewquery') || WIRELESS)
  179. return;
  180. if (empty($_SESSION['view_queries']))
  181. $_SESSION['view_queries'] = 0;
  182. if (empty($context['debug']['language_files']))
  183. $context['debug']['language_files'] = array();
  184. if (empty($context['debug']['sheets']))
  185. $context['debug']['sheets'] = array();
  186. $files = get_included_files();
  187. $total_size = 0;
  188. for ($i = 0, $n = count($files); $i < $n; $i++)
  189. {
  190. if (file_exists($files[$i]))
  191. $total_size += filesize($files[$i]);
  192. $files[$i] = strtr($files[$i], array($boarddir => '.'));
  193. }
  194. $warnings = 0;
  195. if (!empty($db_cache))
  196. {
  197. foreach ($db_cache as $q => $qq)
  198. {
  199. if (!empty($qq['w']))
  200. $warnings += count($qq['w']);
  201. }
  202. $_SESSION['debug'] = &$db_cache;
  203. }
  204. // Gotta have valid HTML ;).
  205. $temp = ob_get_contents();
  206. ob_clean();
  207. echo preg_replace('~</body>\s*</html>~', '', $temp), '
  208. <div class="smalltext" style="text-align: left; margin: 1ex;">
  209. ', $txt['debug_browser'], $context['browser_body_id'], ' <em>(', implode('</em>, <em>', array_reverse(array_keys($context['browser'], true))), ')</em><br />
  210. ', $txt['debug_templates'], count($context['debug']['templates']), ': <em>', implode('</em>, <em>', $context['debug']['templates']), '</em>.<br />
  211. ', $txt['debug_subtemplates'], count($context['debug']['sub_templates']), ': <em>', implode('</em>, <em>', $context['debug']['sub_templates']), '</em>.<br />
  212. ', $txt['debug_language_files'], count($context['debug']['language_files']), ': <em>', implode('</em>, <em>', $context['debug']['language_files']), '</em>.<br />
  213. ', $txt['debug_stylesheets'], count($context['debug']['sheets']), ': <em>', implode('</em>, <em>', $context['debug']['sheets']), '</em>.<br />
  214. ', $txt['debug_hooks'], empty($context['debug']['hooks']) ? 0 : count($context['debug']['hooks']) . ' (<a href="javascript:void(0);" onclick="document.getElementById(\'debug_hooks\').style.display = \'inline\'; this.style.display = \'none\'; return false;">', $txt['debug_show'], '</a><span id="debug_hooks" style="display: none;"><em>' . implode('</em>, <em>', $context['debug']['hooks']), '</em></span>)', '<br />
  215. ', $txt['debug_files_included'], count($files), ' - ', round($total_size / 1024), $txt['debug_kb'], ' (<a href="javascript:void(0);" onclick="document.getElementById(\'debug_include_info\').style.display = \'inline\'; this.style.display = \'none\'; return false;">', $txt['debug_show'], '</a><span id="debug_include_info" style="display: none;"><em>', implode('</em>, <em>', $files), '</em></span>)<br />';
  216. // What tokens are active?
  217. if (isset($_SESSION['token']))
  218. {
  219. $token_list = array();
  220. foreach ($_SESSION['token'] as $key => $data)
  221. $token_list[] = $key;
  222. echo $txt['debug_tokens'] . '<em>' . implode(',</em> <em>', $token_list), '</em>.<br />';
  223. }
  224. if (!empty($modSettings['cache_enable']) && !empty($cache_hits))
  225. {
  226. $entries = array();
  227. $total_t = 0;
  228. $total_s = 0;
  229. foreach ($cache_hits as $cache_hit)
  230. {
  231. $entries[] = $cache_hit['d'] . ' ' . $cache_hit['k'] . ': ' . sprintf($txt['debug_cache_seconds_bytes'], comma_format($cache_hit['t'], 5), $cache_hit['s']);
  232. $total_t += $cache_hit['t'];
  233. $total_s += $cache_hit['s'];
  234. }
  235. echo '
  236. ', $txt['debug_cache_hits'], $cache_count, ': ', sprintf($txt['debug_cache_seconds_bytes_total'], comma_format($total_t, 5), comma_format($total_s)), ' (<a href="javascript:void(0);" onclick="document.getElementById(\'debug_cache_info\').style.display = \'inline\'; this.style.display = \'none\'; return false;">', $txt['debug_show'], '</a><span id="debug_cache_info" style="display: none;"><em>', implode('</em>, <em>', $entries), '</em></span>)<br />';
  237. }
  238. echo '
  239. <a href="', $scripturl, '?action=viewquery" target="_blank" class="new_win">', $warnings == 0 ? sprintf($txt['debug_queries_used'], (int) $db_count) : sprintf($txt['debug_queries_used_and_warnings'], (int) $db_count, $warnings), '</a><br />
  240. <br />';
  241. if ($_SESSION['view_queries'] == 1 && !empty($db_cache))
  242. foreach ($db_cache as $q => $qq)
  243. {
  244. $is_select = strpos(trim($qq['q']), 'SELECT') === 0 || preg_match('~^INSERT(?: IGNORE)? INTO \w+(?:\s+\([^)]+\))?\s+SELECT .+$~s', trim($qq['q'])) != 0;
  245. // Temporary tables created in earlier queries are not explainable.
  246. if ($is_select)
  247. {
  248. foreach (array('log_topics_unread', 'topics_posted_in', 'tmp_log_search_topics', 'tmp_log_search_messages') as $tmp)
  249. if (strpos(trim($qq['q']), $tmp) !== false)
  250. {
  251. $is_select = false;
  252. break;
  253. }
  254. }
  255. // But actual creation of the temporary tables are.
  256. elseif (preg_match('~^CREATE TEMPORARY TABLE .+?SELECT .+$~s', trim($qq['q'])) != 0)
  257. $is_select = true;
  258. // Make the filenames look a bit better.
  259. if (isset($qq['f']))
  260. $qq['f'] = preg_replace('~^' . preg_quote($boarddir, '~') . '~', '...', $qq['f']);
  261. echo '
  262. <strong>', $is_select ? '<a href="' . $scripturl . '?action=viewquery;qq=' . ($q + 1) . '#qq' . $q . '" target="_blank" class="new_win" style="text-decoration: none;">' : '', nl2br(str_replace("\t", '&nbsp;&nbsp;&nbsp;', $smcFunc['htmlspecialchars'](ltrim($qq['q'], "\n\r")))) . ($is_select ? '</a></strong>' : '</strong>') . '<br />
  263. &nbsp;&nbsp;&nbsp;';
  264. if (!empty($qq['f']) && !empty($qq['l']))
  265. echo sprintf($txt['debug_query_in_line'], $qq['f'], $qq['l']);
  266. if (isset($qq['s'], $qq['t']) && isset($txt['debug_query_which_took_at']))
  267. echo sprintf($txt['debug_query_which_took_at'], round($qq['t'], 8), round($qq['s'], 8)) . '<br />';
  268. elseif (isset($qq['t']))
  269. echo sprintf($txt['debug_query_which_took'], round($qq['t'], 8)) . '<br />';
  270. echo '
  271. <br />';
  272. }
  273. echo '
  274. <a href="' . $scripturl . '?action=viewquery;sa=hide">', $txt['debug_' . (empty($_SESSION['view_queries']) ? 'show' : 'hide') . '_queries'], '</a>
  275. </div></body></html>';
  276. }
  277. /**
  278. * Track Statistics.
  279. * Caches statistics changes, and flushes them if you pass nothing.
  280. * If '+' is used as a value, it will be incremented.
  281. * It does not actually commit the changes until the end of the page view.
  282. * It depends on the trackStats setting.
  283. *
  284. * @param array $stats = array()
  285. * @return boolean|array
  286. */
  287. function trackStats($stats = array())
  288. {
  289. global $modSettings, $smcFunc;
  290. static $cache_stats = array();
  291. if (empty($modSettings['trackStats']))
  292. return false;
  293. if (!empty($stats))
  294. return $cache_stats = array_merge($cache_stats, $stats);
  295. elseif (empty($cache_stats))
  296. return false;
  297. $setStringUpdate = '';
  298. $insert_keys = array();
  299. $date = strftime('%Y-%m-%d', forum_time(false));
  300. $update_parameters = array(
  301. 'current_date' => $date,
  302. );
  303. foreach ($cache_stats as $field => $change)
  304. {
  305. $setStringUpdate .= '
  306. ' . $field . ' = ' . ($change === '+' ? $field . ' + 1' : '{int:' . $field . '}') . ',';
  307. if ($change === '+')
  308. $cache_stats[$field] = 1;
  309. else
  310. $update_parameters[$field] = $change;
  311. $insert_keys[$field] = 'int';
  312. }
  313. $smcFunc['db_query']('', '
  314. UPDATE {db_prefix}log_activity
  315. SET' . substr($setStringUpdate, 0, -1) . '
  316. WHERE date = {date:current_date}',
  317. $update_parameters
  318. );
  319. if ($smcFunc['db_affected_rows']() == 0)
  320. {
  321. $smcFunc['db_insert']('ignore',
  322. '{db_prefix}log_activity',
  323. array_merge($insert_keys, array('date' => 'date')),
  324. array_merge($cache_stats, array($date)),
  325. array('date')
  326. );
  327. }
  328. // Don't do this again.
  329. $cache_stats = array();
  330. return true;
  331. }
  332. /**
  333. * This function logs an action in the respective log. (database log)
  334. * You should use {@link logActions()} instead.
  335. * @example logAction('remove', array('starter' => $id_member_started));
  336. *
  337. * @deprecated deprecated since version 2.1
  338. *
  339. * @param string $action
  340. * @param array $extra = array()
  341. * @param string $log_type options: 'moderate', 'admin', ...etc.
  342. */
  343. function logAction($action, $extra = array(), $log_type = 'moderate')
  344. {
  345. return logActions(array(array(
  346. 'action' => $action,
  347. 'log_type' => $log_type,
  348. 'extra' => $extra,
  349. )));
  350. }
  351. /**
  352. * Log changes to the forum, such as moderation events or administrative changes.
  353. * This behaves just like logAction() in SMF 2.0, except that it is designed to log multiple actions at once.
  354. *
  355. * @param array $logs
  356. * @return the last logged ID
  357. */
  358. function logActions($logs)
  359. {
  360. global $modSettings, $user_info, $smcFunc, $sourcedir;
  361. $inserts = array();
  362. $log_types = array(
  363. 'moderate' => 1,
  364. 'user' => 2,
  365. 'admin' => 3,
  366. );
  367. call_integration_hook('integrate_log_types', array(&$log_types));
  368. // No point in doing anything, if the log isn't even enabled.
  369. if (empty($modSettings['modlog_enabled']))
  370. return false;
  371. foreach ($logs as $log)
  372. {
  373. if (!isset($log_types[$log['log_type']]))
  374. return false;
  375. if (!is_array($log['extra']))
  376. trigger_error('logActions(): data is not an array with action \'' . $action . '\'', E_USER_NOTICE);
  377. // Pull out the parts we want to store separately, but also make sure that the data is proper
  378. if (isset($log['extra']['topic']))
  379. {
  380. if (!is_numeric($log['extra']['topic']))
  381. trigger_error('logActions(): data\'s topic is not a number', E_USER_NOTICE);
  382. $topic_id = empty($log['extra']['topic']) ? 0 : (int) $log['extra']['topic'];
  383. unset($log['extra']['topic']);
  384. }
  385. else
  386. $topic_id = 0;
  387. if (isset($log['extra']['message']))
  388. {
  389. if (!is_numeric($log['extra']['message']))
  390. trigger_error('logActions(): data\'s message is not a number', E_USER_NOTICE);
  391. $msg_id = empty($log['extra']['message']) ? 0 : (int) $log['extra']['message'];
  392. unset($log['extra']['message']);
  393. }
  394. else
  395. $msg_id = 0;
  396. // @todo cache this?
  397. // Is there an associated report on this?
  398. if (in_array($log['action'], array('move', 'remove', 'split', 'merge')))
  399. {
  400. $request = $smcFunc['db_query']('', '
  401. SELECT id_report
  402. FROM {db_prefix}log_reported
  403. WHERE {raw:column_name} = {int:reported}
  404. LIMIT 1',
  405. array(
  406. 'column_name' => !empty($msg_id) ? 'id_msg' : 'id_topic',
  407. 'reported' => !empty($msg_id) ? $msg_id : $topic_id,
  408. ));
  409. // Alright, if we get any result back, update open reports.
  410. if ($smcFunc['db_num_rows']($request) > 0)
  411. {
  412. require_once($sourcedir . '/ModerationCenter.php');
  413. updateSettings(array('last_mod_report_action' => time()));
  414. recountOpenReports();
  415. }
  416. $smcFunc['db_free_result']($request);
  417. }
  418. if (isset($log['extra']['member']) && !is_numeric($log['extra']['member']))
  419. trigger_error('logActions(): data\'s member is not a number', E_USER_NOTICE);
  420. if (isset($log['extra']['board']))
  421. {
  422. if (!is_numeric($log['extra']['board']))
  423. trigger_error('logActions(): data\'s board is not a number', E_USER_NOTICE);
  424. $board_id = empty($log['extra']['board']) ? 0 : (int) $log['extra']['board'];
  425. unset($log['extra']['board']);
  426. }
  427. else
  428. $board_id = 0;
  429. if (isset($log['extra']['board_to']))
  430. {
  431. if (!is_numeric($log['extra']['board_to']))
  432. trigger_error('logActions(): data\'s board_to is not a number', E_USER_NOTICE);
  433. if (empty($board_id))
  434. {
  435. $board_id = empty($log['extra']['board_to']) ? 0 : (int) $log['extra']['board_to'];
  436. unset($log['extra']['board_to']);
  437. }
  438. }
  439. if (isset($log['extra']['member_affected']))
  440. $memID = $log['extra']['member_affected'];
  441. else
  442. $memID = $user_info['id'];
  443. $inserts[] = array(
  444. time(), $log_types[$log['log_type']], $memID, $user_info['ip'], $log['action'],
  445. $board_id, $topic_id, $msg_id, serialize($log['extra']),
  446. );
  447. }
  448. $smcFunc['db_insert']('',
  449. '{db_prefix}log_actions',
  450. array(
  451. 'log_time' => 'int', 'id_log' => 'int', 'id_member' => 'int', 'ip' => 'string-16', 'action' => 'string',
  452. 'id_board' => 'int', 'id_topic' => 'int', 'id_msg' => 'int', 'extra' => 'string-65534',
  453. ),
  454. $inserts,
  455. array('id_action')
  456. );
  457. return $smcFunc['db_insert_id']('{db_prefix}log_actions', 'id_action');
  458. }
  459. ?>