clean up logging
authorJean-Michel Vourgère <jvourger@greenpeace.org>
Fri, 10 Mar 2017 05:52:06 +0000 (05:52 +0000)
committerJean-Michel Vourgère <jvourger@greenpeace.org>
Fri, 10 Mar 2017 05:52:06 +0000 (05:52 +0000)
webroot/squasher.class.php
webroot/squasher.php

index a992c333cd93362e29101fa102bc85c2d20f3f8a..29e26692be37df30d4d7b50e086d65a246422edc 100644 (file)
@@ -32,9 +32,8 @@ function validate_user($username, $password, $salt) {
                        $creds['user_name'] = $fetched_object->user_name;
                        $creds['user_level'] = $fetched_object->user_level;
                        $creds['validated'] = true;
-                       $log_hash=str_repeat("0",32); // File ID is always empty on login
-                       $q="INSERT INTO log (hash,action,user_id,user_name,ip,date) VALUES ('".mysql_escape_string($log_hash)."','login',".$creds['user_id'].",'".mysql_escape_string($creds['user_name'])."','".mysql_escape_string($_SERVER['REMOTE_ADDR'])."',NOW())";
-                       mysql_query($q);
+                       $_SESSION['creds'] = $creds;
+                       log_event('login', null);
                }
        }
        $_SESSION['creds'] = $creds;
@@ -54,6 +53,30 @@ function get_smarty() {
 }
 
 
+function log_event($action, $filename, $hash=null, $debugmsg=null) {
+       if ($hash===null)
+               $hash = str_repeat("0",32);
+               
+       if ($debugmsg!==null) {
+               $user_id = -1;
+               $user_name = 'squasher-web';
+               $ip = $debugmsg;
+       } else {
+               $user_id = $_SESSION['creds']['user_id'];
+               $user_name = $_SESSION['creds']['user_name'];
+               $ip = $_SERVER['REMOTE_ADDR'];
+       }
+
+       $hash = $hash===null ? 'NULL' : "'".mysql_escape_string($hash)."'";
+       $filename = "'".mysql_escape_string($filename)."'";
+       $action = "'".mysql_escape_string($action)."'";
+       $user_name = "'". mysql_escape_string($user_name)."'";
+       $ip = "'". mysql_escape_string($ip)."'";
+
+       @mysql_query("INSERT INTO log (hash,file,action,user_id,user_name,ip,date) VALUES ($hash, $filename, $action, $user_id, $user_name, $ip, NOW())");
+}
+
+
 class squashweb {
 
 var $configs = array();
@@ -112,23 +135,9 @@ function get_logs($type='all') {
        $q="SELECT log.* FROM log WHERE log.user_id != '1' and ip != '87.233.211.2' ";
        if ($_SESSION['creds']['user_id'] == 1)
                $q="SELECT log.* FROM log WHERE log.user_id != 'x' ";
-       switch($type) {
-       case "delete":
-               $q.= " AND log.action = 'delete'";
-               break;
-       case "download":
-               $q.= " AND log.action = 'download'";
-               break;
-       case "login":
-               $q.= " AND log.action = 'login'";
-               break;
-       case "debug":
-               $q.= " AND log.action = 'debug'";
-               break;
-       default:
-               $q.= "";
-               break;
-       }
+
+       if ($type != 'all')
+               $q.= " AND log.action = '".mysql_escape_string($type)."'";
 
        $today     =" AND date > date(date_add(now(), interval -0 day)) ";
        $yesterday =" AND date < date(date_add(now(), interval -0 day)) AND date > date(date_add(now(), interval -1 day)) ";
@@ -701,8 +710,8 @@ function check_stats($h) {
                        $m_subject = "Squasher Debug: File Removed";
                        $m_body = "Upload removed: \n File: ".$config['path']."/".$config[2]." \n Status: ".$config['status']." \n Chunks: ".$count." out of ".$config[5];
                        mail('jasper@netformatie.nl', $m_subject, $m_body, "From: support@netformatie.nl");
-                       $qlog = "INSERT INTO log (hash,file,action,user_id,user_name,ip,date) VALUES ('".mysql_escape_string($h)."','".mysql_escape_string($filepath)."','debug',-1,'squasher-web','cleanup',NOW())";
-                       mysql_query($qlog);
+                       
+                       log_event('debug', $filepath, $h, 'cleanup');
                } else {
                        //do move
                        rename(SQUASHER_UPLOADS_DIR.$config['path'].'/'.$config[2].'.Completed',
@@ -726,9 +735,7 @@ function check_stats($h) {
                        $ship = explode('/',$config['path']);
                        if ($ship[2] == 'myas' || $ship[2] == 'myez' || $ship[2] == 'myrw')
                                mail('ro1@'.$ship[2].'.greenpeace.org','Squasher: '.$config[2].' resume request','The squasher server has detected an upload error. Please resume the squasher transmission for '.$config[2].' to correct this problem.',"From: support@netformatie.nl\nX-Priority: 1");
-
-                       $qlog = "INSERT INTO log (hash,file,action,user_id,user_name,ip,date) VALUES ('".mysql_escape_string($h)."','".mysql_escape_string($filepath)."','debug',-1,'squasher-web','retry',NOW())";
-                       mysql_query($qlog);
+                       log_event('debug', $filepath, $h, 'retry');
 
                }
        } elseif ($config['status']=='Completed' && $count == $config[5]) {
@@ -1025,8 +1032,8 @@ function delete_file($h, $s) {
        #Update DB
        $q = "DELETE FROM file_hash WHERE md5_hash = '".mysql_escape_string($h)."'";
        mysql_query($q);
-       $q = "INSERT INTO log (hash,file,action,user_id,user_name,ip,date) VALUES ('".mysql_escape_string($h)."','".mysql_escape_string($filepath)."','delete',".(int)$s['user_id'].",'".mysql_escape_string($s['user_name'])."','".mysql_escape_string($_SERVER['REMOTE_ADDR'])."',NOW())";
-       mysql_query($q);
+
+       log_event('delete', $filepath, $h);
 
        #Send debug mail
        $m_name = $s['user_name'];
index 61b5645e0165df6108fe39b4c3b4f0e173f748de..1e7cb5b285285e95f585c9cb2fd15a91086516fb 100644 (file)
@@ -38,7 +38,7 @@ if (@$_GET['f']) {
        $f_o = mysql_fetch_object($f_r);
 
        //log downloads
-       @mysql_query("INSERT INTO log (hash,file,action,user_id,user_name,ip,date) VALUES ('".mysql_escape_string($_GET['f'])."','".mysql_escape_string($f_o->file)."','download','".mysql_escape_string($_SESSION['creds']['user_id'])."','".mysql_escape_string($_SESSION['creds']['user_name'])."','".mysql_escape_string($_SERVER['REMOTE_ADDR'])."',NOW())");
+       log_event('download', $f_o->file, $_GET['f']);
 
        $_hpath_arr=explode("/", $f_o->file);
        $file=array_pop($_hpath_arr); //Remove filename