documentation/zencart/init__admin__history_8php_source.html

00001 <?php
00009 if (!defined('IS_ADMIN_FLAG')) {
00010   die('Illegal Access');
00011 }
00012
00013   // log page visit into admin activity history
00014   if (basename($PHP_SELF) != FILENAME_DEFAULT . '.php') {
00015     $sql = "SELECT ip_address from " . TABLE_ADMIN_ACTIVITY_LOG . " LIMIT 1";
00016     $result = $db->Execute($sql);
00017     if ($result->RecordCount() < 1) {
00018       $sql_data_array = array( 'access_date' => 'now()',
00019                                'admin_id' => (isset($_SESSION['admin_id'])) ? (int)$_SESSION['admin_id'] : 0,
00020                                'page_accessed' =>  'Log found to be empty. Logging started.',
00021                                'page_parameters' => '',
00022                                'ip_address' => substr($_SERVER['REMOTE_ADDR'],0,15)
00023                                );
00024       zen_db_perform(TABLE_ADMIN_ACTIVITY_LOG, $sql_data_array);
00025     }
00026     $flagged = 0;
00027     $notes = $gzpostdata = $postdata = '';
00028     if (isset($_POST) && sizeof($_POST) > 0) {
00029       $postdata = $_POST;
00030       foreach ($postdata as $key=>$nul) {
00031         if (in_array($key, array('x','y','secur'.'ityTo'.'ken','admi'.'n_p'.'ass','pass'.'word','confirm', 'newpwd-'.$_SESSION['securityToken'],'oldpwd-'.$_SESSION['securityToken'],'confpwd-'.$_SESSION['securityToken']))) unset($postdata[$key]);
00032       }
00033       $notes = zen_parse_for_rogue_post(print_r($postdata, true));
00034       $postdata = json_encode($postdata);
00035       $gzpostdata = gzdeflate($postdata, 7);
00036       $flagged = ($notes === FALSE) ? 0 : 1;
00037     }
00038     $sql_data_array = array( 'access_date' => 'now()',
00039                              'admin_id' => (isset($_SESSION['admin_id'])) ? (int)$_SESSION['admin_id'] : 0,
00040                              'page_accessed' =>  basename($PHP_SELF) . (!isset($_SESSION['admin_id']) || (int)$_SESSION['admin_id'] == 0 ? ' ' . (isset($_POST['admin_name']) ? $_POST['admin_name'] : (isset($_POST['admin_email']) ? $_POST['admin_email'] : '') ) : ''),
00041                              'page_parameters' => zen_get_all_get_params(),
00042                              'ip_address' => substr($_SERVER['REMOTE_ADDR'],0,15),
00043                              'gzpost' => $gzpostdata,
00044                              'flagged' => (int)$flagged,
00045                              'attention' => ($notes === FALSE ? '' : $notes),
00046                              );
00047     zen_db_perform(TABLE_ADMIN_ACTIVITY_LOG, $sql_data_array);
00048     unset($flagged, $postdata, $notes, $gzpostdata, $sql_data_array, $key, $nul);
00049   }
00050
00051   function zen_parse_for_rogue_post($string) {
00052     $matches = '';
00053     if (preg_match_all('~(file://|<iframe|<frame|<embed|<script|<meta)~i', $string, $matches)) {
00054       return htmlspecialchars(WARNING_REVIEW_ROGUE_ACTIVITY . "\n" . implode(' and ', $matches[1]));
00055     } else {
00056       return FALSE;
00057     }
00058   }