diff --git a/log.phtml b/log.phtml index 7a50f3c..169c465 100644 --- a/log.phtml +++ b/log.phtml @@ -1,348 +1,349 @@ "CDRTool_Session", "auth" => "CDRTool_Auth", "perm" => "CDRTool_Perm" ) ); $loginname=$auth->auth["uname"]; $title = "Logs"; $search_text = isset($_REQUEST['search_text']) ? $_REQUEST['search_text'] : ''; $task = isset($_REQUEST['task']) ? $_REQUEST['task'] : ''; $current_log = isset($_REQUEST['current_log']) ? $_REQUEST['current_log'] : ''; $log_description = isset($_REQUEST['log_description']) ? $_REQUEST['log_description'] : ''; $next = isset($_REQUEST['next']) ? intval($_REQUEST['next']) : 0; $maxrowsperpage = 20; -$PHP_SELF = $_SERVER['PHP_SELF']; +$PHP_SELF = htmlentities($_SERVER['PHP_SELF']); $thisMonth = isset($_REQUEST['thisMonth']) ? $_REQUEST['thisMonth'] : ''; $db = new DB_CDRTool; if (is_readable("/etc/cdrtool/local/header.phtml")) { include("/etc/cdrtool/local/header.phtml"); } else { include("header.phtml"); } if ($search_text) { $search_text=preg_replace("/[^\d|\w| -\.@_]/s", "", $search_text); } $layout = new pageLayoutLocal(); $layout->showTopMenu($title); if ($thisMonth) { $checked_thisMonth='checked'; } else { $checked_thisMonth=''; } $where = " (1=1) "; if ($CDRTool['filter']['reseller']) { $where .= sprintf(' and reseller_id = %s', addslashes($CDRTool['filter']['reseller'])); } else if (!$perm->have_perm("admin")) { $where .= sprintf(" and login = '%s'", addslashes($auth->auth["uname"])); } if ($perm->have_perm('admin')) { $query="select * from auth_user where perms like '%admin%'"; $db->query($query); while ($db->next_record()) { $Collegues[$db->f('email')] = $db->f('name'); if ($loginname == $db->f('username')) { $myEmailAddress=$db->f('email'); $myName=$db->f('name'); } } } else { $Collegues[$CDRTool['provider']['toEmail']] = $CDRTool['provider']['name']; $myName = $CDRTool["loginName"]; $myEmailAddress = $CDRTool["loginEmail"]; } if ($current_log) { if ($task == "edit") { $query = sprintf( "update log set description = '%s' where %s and id = %d", addslashes($log_description), $where, intval($current_log) ); $db->query($query); } else if ($task == "mailLog" && $recipient) { $query=sprintf("select * from log where %s and id = %d", $where, intval($current_log)); $db->query($query); $db->next_record(); $rerun = $db->f('rerun'); $description = $db->f('description'); if ($_SERVER['HTTPS']=="on") { $protocolURL="https://"; } else { $protocolURL="http://"; } $subject="CDRTool"; $fullURL=$protocolURL.$_SERVER['HTTP_HOST'].$CDRTool['tld']."/".$rerun; $body="CDRTool query to analize:\n\n$fullURL\n\n"; if ($description) { $body=$body."The query id $current_log is saved with name \"$description\"\n\n"; $subject=$subject.": ".$description; } $body=$body."This notification has been sent to you from CDRTool log interface by $myName"; mail($recipient, $subject, $body, "From: $myEmailAddress"); print "
Notified $recipient."; } } $url_log = ''; if ($search_text) { $where.= sprintf( " and (description like '%s%s%s' or url like '%s' or id = '%s')", "%", addslashes($search_text), "%", addslashes($search_text), addslashes($search_text) ); $search_text_enc = urlencode($search_text); $url_log .= "&search_text=$search_text_enc"; } if ($thisMonth) { $where .= sprintf(" and date like '%s'", date('Y-m').'%'); $url_log .= "&thisMonth=1"; } $query = sprintf("select count(*) as records from log where %s ", $where); if ($db->query($query)) { $db->next_record(); $rows = $db->f('records'); } else { $rows = 0; } if (!$next) { $i=0; $next=0; } else { $i = intval($next); } $j=0; $z=0; print "
"; if ($rows > 0) { if ($rows > $maxrowsperpage) { $maxrows=$maxrowsperpage + $next; if ($maxrows > $rows) { $maxrows = $rows; $prev_rows = $maxrows; } } else { $maxrows=$rows; } $_max_rows= intval($maxrowsperpage); if (!$_max_rows) { $_max_rows = 10; } $query = sprintf("select * from log where %s order by id desc limit %d, %d", $where, intval($i), $_max_rows); $db->query($query); print "Log id | Reseller | Date and time | Account | IP address | Data source | Rows | Description | Actions | |
---|---|---|---|---|---|---|---|---|---|
$found. | $current_log | $reseller_id | $log_date | $login | $ip | $datasource_print | $results |