summaryrefslogtreecommitdiffstats
path: root/modules-available/syslog/api.inc.php
blob: cc64b31c7b3138724667579cfa82d2b573515a6f (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
<?php

// Check for user data export
if (($user = Request::post('export-user', false, 'string')) !== false) {
	User::load();
	User::assertPermission('export-user-data', null, '?do=syslog');
	if (!Util::verifyToken()) {
		die('Invalid Token');
	}
	$puser = preg_quote($user);
	$exp = "$puser logged|^\[$puser\]";
	Header('Content-Type: text/plain; charset=utf-8');
	Header('Content-Disposition: attachment; filename=bwlehrpool-export-' .Util::sanitizeFilename($user) . '-' . date('Y-m-d') . '.txt');
	$srcs = [];
	$srcs[] = ['res' => Database::simpleQuery("SELECT dateline, logtypeid AS typeid, clientip, description FROM clientlog
		WHERE description REGEXP :exp
		ORDER BY dateline ASC", ['exp' => $exp])];
	if (Module::get('statistics') !== false) {
		$srcs[] = ['res' => Database::simpleQuery("SELECT dateline, typeid, clientip, data AS description FROM statistic
			WHERE username = :user
			ORDER BY dateline ASC", ['user' => $user])];
	}
	echo "# Begin log\n";
	for (;;) {
		unset($best);
		foreach ($srcs as &$src) {
			if (!isset($src['row'])) {
				$src['row'] = $src['res']->fetch();
			}
			if ($src['row'] !== false && (!isset($best) || $src['row']['dateline'] < $best['dateline'])) {
				$best =& $src['row'];
			}
		}
		if (!isset($best))
			break;
		echo date('Y-m-d H:i:s', $best['dateline']), "\t", $best['typeid'], "\t", $best['clientip'], "\t", $best['description'], "\n";
		$best = null; // so we repopulate on next iteration
	}
	die("# End log\n");
}

if (empty($_POST['type'])) die('Missing options.');
$type = mb_strtolower($_POST['type']);

$ip = $_SERVER['REMOTE_ADDR'];
if (substr($ip, 0, 7) === '::ffff:') $ip = substr($ip, 7);

// TODO: Handle UUID in appropriate modules (optional)
$uuid = Request::post('uuid', '', 'string');
if (strlen($uuid) !== 36) {
	// Probably invalid UUID. What to do? Set NULL for now so the insert will succeed
	$uuid = null;
	error_log("Client log event $type without UUID");
}

/*
 * Normal logging
 */

if (!isset($_POST['description'])) die('Missing options..');

$description = $_POST['description'];
$longdesc = '';
if (isset($_POST['longdesc'])) $longdesc = $_POST['longdesc'];
$longdesc = Request::post('longdesc', '', 'string');

if (preg_match('/^[a-z0-9\-]+$/', $type)) {

	// Spam from IP?
	$row = Database::queryFirst('SELECT Count(*) AS cnt FROM clientlog
			WHERE clientip = :client AND dateline + 1800 > UNIX_TIMESTAMP()',
		[':client' => $ip]);
	if ($row !== false && $row['cnt'] > 250) {
		exit(0);
	}

	ClientLog::write(['machineuuid' => $uuid, 'clientip' => $ip], $type, $description, $longdesc);

}

echo "OK.\n";