WebGUI 3.6.0 release

2002-03-20 06:01:00 +00:00 · 2002-03-20 06:01:00 +00:00 · 0997fc100c
commit 0997fc100c
parent 81da4fe3af
22 changed files with 3085 additions and 103 deletions
--- a/lib/WebGUI/Operation/Account.pm
+++ b/lib/WebGUI/Operation/Account.pm
@ -77,17 +77,9 @@ sub _hasBadUsername {
 }

 #-------------------------------------------------------------------
-sub _login {
-	my ($cookieInfo);
-	$cookieInfo = $_[0]."|".crypt($_[1],"yJ");
-	WebGUI::Session::end($cookieInfo); #clearing out old session info just in case something bad happened
-	if (WebGUI::Session::start($cookieInfo)) {
-		WebGUI::Session::setCookie("wgSession",$cookieInfo);
-		return "";
-	} else {
-		WebGUI::ErrorHandler::warn("Session signature '".$cookieInfo."' does not match account info for user ID ".$_[0]);
-		return "<b>Error:</b> Unable to initialize session vars because your session signature does not match your account information.<p>";
-	}
+sub _logLogin {
+        WebGUI::SQL->write("insert into userLoginLog values ('$_[0]','$_[1]',".time().",".
+                quote($session{env}{REMOTE_ADDR}).",".quote($session{env}{HTTP_USER_AGENT}).")");
 }

 #-------------------------------------------------------------------
@ -192,9 +184,8 @@ sub www_createAccountSave {
                WebGUI::SQL->write("insert into users (userId,username,identifier,email,authMethod,ldapURL,connectDN,language) values ($uid, ".quote($username).", ".quote($encryptedPassword).", ".quote($session{form}{email}).", ".quote($session{setting}{authMethod}).", ".quote($session{setting}{ldapURL}).", ".quote($connectDN).", ".quote($session{form}{language}).")");
 		($registeredUserExpire) = WebGUI::SQL->quickArray("select expireAfter from groups where groupId=2");
                WebGUI::SQL->write("insert into groupings values (2,$uid,".(time()+$registeredUserExpire).")");
-                _login($uid,$encryptedPassword);
-                $output .= WebGUI::International::get(80).'<p>';
-                $output .= www_displayAccount();
+                WebGUI::Session::start($uid);
+		_logLogin($uid,"success");
        } else {
                $output = "<h1>".WebGUI::International::get(70)."</h1>".$error.www_createAccount();
        }
@ -222,7 +213,6 @@ sub www_deactivateAccountConfirm {
                WebGUI::SQL->write("delete from users where userId=$session{user}{userId}");
                WebGUI::SQL->write("delete from groupings where userId=$session{user}{userId}");
 	        WebGUI::Session::end($session{var}{sessionId});
-        	_login(1,"null");
        }
        return www_displayLogin();
 }
@ -405,10 +395,12 @@ sub www_login {
                if ($auth->code == 48 || $auth->code == 49) {
 			$error = WebGUI::International::get(68);
 			WebGUI::ErrorHandler::warn("Invalid login for user account: ".$session{form}{username});
+                	_logLogin($uid,"invalid username/password");
 		} elsif ($auth->code > 0) {
 			$error .= 'LDAP error "'.$ldapStatusCode{$auth->code}.'" occured.';
 			$error .= WebGUI::International::get(69);
 			WebGUI::ErrorHandler::warn("LDAP error: ".$ldapStatusCode{$auth->code});
+                	_logLogin($uid,"LDAP error: ".$ldapStatusCode{$auth->code});
 		} else {
 			$success = 1;
 		}
@ -419,10 +411,12 @@ sub www_login {
 		} else {
 			$error = WebGUI::International::get(68);
 			WebGUI::ErrorHandler::warn("Invalid login for user account: ".$session{form}{username});
+			_logLogin($uid,"invalid username/password");
 		}
 	}
 	if ($success) {
-		_login($uid,$pass);
+		WebGUI::Session::start($uid);
+                _logLogin($uid,"success");
 		return "";
 	} else {
 		return "<h1>".WebGUI::International::get(70)."</h1>".$error.www_displayLogin();
@ -510,9 +504,6 @@ sub www_updateAccount {
        	if ($error eq "") {
                	$encryptedPassword = Digest::MD5::md5_base64($session{form}{identifier1});
                	WebGUI::SQL->write("update users set username=".quote($session{form}{username}).$passwordStatement.", email=".quote($session{form}{email}).", language=".quote($session{form}{language})." where userId=".$session{user}{userId});
-			if ($passwordStatement ne "") {
-                		_login($session{user}{userId},$encryptedPassword);
-			}
                	$output .= WebGUI::International::get(81).'<p>';
                	$output .= www_displayAccount();
        	} else {
--- a/lib/WebGUI/Operation/Settings.pm
+++ b/lib/WebGUI/Operation/Settings.pm
@ -181,7 +181,10 @@ sub www_editMailSettingsSave {

 #-------------------------------------------------------------------
 sub www_editMiscSettings {
-        my ($output, @array, %notFoundPage, %yesNo);
+        my ($output, @array, %notFoundPage, %yesNo, %criticalError, %htmlFilter);
+	%htmlFilter = ('none'=>WebGUI::International::get(420), 'most'=>WebGUI::International::get(421),
+		'all'=>WebGUI::International::get(419));
+	%criticalError = ('debug'=>WebGUI::International::get(414), 'friendly'=>WebGUI::International::get(415));
        %notFoundPage = (1=>WebGUI::International::get(136), 4=>WebGUI::International::get(137));
 	%yesNo = ('1'=>WebGUI::International::get(138), '0'=>WebGUI::International::get(139));
        if (WebGUI::Privilege::isInGroup(3)) {
@ -200,6 +203,12 @@ sub www_editMiscSettings {
                $array[0] = $session{setting}{preventProxyCache};
                $output .= tableFormRow(WebGUI::International::get(400),
 			WebGUI::Form::selectList("preventProxyCache",\%yesNo,\@array));
+		$array[0] = $session{setting}{onCriticalError};
+		$output .= tableFormRow(WebGUI::International::get(413),
+			WebGUI::Form::selectList("onCriticalError",\%criticalError,\@array));
+                $array[0] = $session{setting}{filterContributedHTML};
+                $output .= tableFormRow(WebGUI::International::get(418),
+                        WebGUI::Form::selectList("filterContributedHTML",\%htmlFilter,\@array));
                $output .= formSave();
                $output .= '</table>';
                $output .= '</form> ';
@ -220,6 +229,10 @@ sub www_editMiscSettingsSave {
 			" where name='docTypeDec'");
 		WebGUI::SQL->write("update settings set value=".quote($session{form}{preventProxyCache}).
 			" where name='preventProxyCache'");
+		WebGUI::SQL->write("update settings set value=".quote($session{form}{onCriticalError}).
+			" where name='onCriticalError'");
+		WebGUI::SQL->write("update settings set value=".quote($session{form}{filterContributedHTML}).
+			" where name='filterContributedHTML'");
                return www_manageSettings(); 
        } else {
                return WebGUI::Privilege::adminOnly();
--- a/lib/WebGUI/Operation/Statistics.pm
+++ b/lib/WebGUI/Operation/Statistics.pm
@ -15,14 +15,94 @@ use HTTP::Request;
 use HTTP::Headers;
 use LWP::UserAgent;
 use strict;
+use WebGUI::DateTime;
 use WebGUI::International;
+use WebGUI::Paginator;
 use WebGUI::Privilege;
 use WebGUI::Session;
 use WebGUI::Shortcut;
 use WebGUI::SQL;

 our @ISA = qw(Exporter);
-our @EXPORT = qw(&www_viewStatistics);
+our @EXPORT = qw(&www_viewStatistics &www_killSession &www_viewLoginHistory &www_viewActiveSessions);
+
+#-------------------------------------------------------------------
+sub www_killSession {
+        if (WebGUI::Privilege::isInGroup(3)) {
+		WebGUI::Session::end($session{form}{sid});
+		return www_viewActiveSessions();
+        } else {
+                return WebGUI::Privilege::adminOnly();
+	}
+}
+
+#-------------------------------------------------------------------
+sub www_viewActiveSessions {
+	my ($output, $p, @row, $i, $sth, %data);
+	tie %data, 'Tie::CPHash';
+        if (WebGUI::Privilege::isInGroup(3)) {
+                $output = '<h1>'.WebGUI::International::get(425).'</h1>';
+		$sth = WebGUI::SQL->read("select * from users,userSession where users.userId=userSession.userId");
+		while (%data = $sth->hash) {
+                        $row[$i] = '<tr class="tableData"><td>'.$data{username}.' ('.$data{userId}.')</td>';
+                        $row[$i] .= '<td>'.$data{sessionId}.'</td>';
+                        $row[$i] .= '<td>'.epochToHuman($data{expires},"%H:%n%p %M/%D/%y").'</td>';
+                        $row[$i] .= '<td>'.epochToHuman($data{lastPageView},"%H:%n%p %M/%D/%y").'</td>';
+                        $row[$i] .= '<td>'.$data{lastIP}.'</td>';
+			$row[$i] .= '<td align="center"><a href="'.WebGUI::URL::page("op=killSession&sid=$data{sessionId}").'">'.
+				'<img src="'.$session{setting}{lib}.'/delete.gif" border="0"</a></td></tr>';
+                        $i++;
+		}
+		$sth->finish;
+		$p = WebGUI::Paginator->new(WebGUI::URL::page('op=viewActiveSessions'),\@row);
+                $output .= '<table border=1 cellpadding=5 cellspacing=0 align="center">';
+                $output .= '<tr class="tableHeader"><td>'.WebGUI::International::get(428).'</td>';
+                $output .= '<td>'.WebGUI::International::get(435).'</td>';
+                $output .= '<td>'.WebGUI::International::get(432).'</td>';
+                $output .= '<td>'.WebGUI::International::get(430).'</td>';
+                $output .= '<td>'.WebGUI::International::get(431).'</td>';
+		$output .= '<td>'.WebGUI::International::get(436).'</td></tr>';
+                $output .= $p->getPage($session{form}{pn});
+                $output .= '</table>';
+                $output .= $p->getBarTraditional($session{form}{pn});
+        } else {
+                $output = WebGUI::Privilege::adminOnly();
+	}
+	return $output;
+}
+
+#-------------------------------------------------------------------
+sub www_viewLoginHistory {
+	my ($output, $p, @row, $i, $sth, %data);
+	tie %data, 'Tie::CPHash';
+        if (WebGUI::Privilege::isInGroup(3)) {
+                $output = '<h1>'.WebGUI::International::get(426).'</h1>';
+		$sth = WebGUI::SQL->read("select * from users,userLoginLog where users.userId=userLoginLog.userId order by userLoginLog.timeStamp");	
+		while (%data = $sth->hash) {
+			$data{username} = 'unknown user' if ($data{userId} == 0);
+			$row[$i] = '<tr class="tableData"><td>'.$data{username}.' ('.$data{userId}.')</td>';
+			$row[$i] .= '<td>'.$data{status}.'</td>';
+			$row[$i] .= '<td>'.epochToHuman($data{timeStamp},"%H:%n%p %M/%D/%y").'</td>';
+			$row[$i] .= '<td>'.$data{ipAddress}.'</td>';
+			$row[$i] .= '<td>'.$data{userAgent}.'</td></tr>';
+			$i++;
+		}
+		$sth->finish;
+		$p = WebGUI::Paginator->new(WebGUI::URL::page('op=viewLoginHistory'),\@row);
+		$output .= '<table border=1 cellpadding=5 cellspacing=0 align="center">';
+		$output .= '<tr class="tableHeader"><td>'.WebGUI::International::get(428).'</td>';
+		$output .= '<td>'.WebGUI::International::get(434).'</td>';
+		$output .= '<td>'.WebGUI::International::get(429).'</td>';
+		$output .= '<td>'.WebGUI::International::get(431).'</td>';
+		$output .= '<td>'.WebGUI::International::get(433).'</td></tr>';
+                $output .= $p->getPage($session{form}{pn});
+                $output .= '</table>';
+                $output .= $p->getBarTraditional($session{form}{pn});
+        } else {
+                $output = WebGUI::Privilege::adminOnly();
+	}
+	return $output;
+}

 #-------------------------------------------------------------------
 sub www_viewStatistics {
@ -40,15 +120,17 @@ sub www_viewStatistics {
 		$version = $response->content;
 		chomp $version;
                $output .= helpLink(12);
-                $output .= '<h1>'.WebGUI::International::get(144).'</h1>';
+                $output .= '<h1>'.WebGUI::International::get(437).'</h1>';
 		$output .= '<table>';
 		$output .= '<tr><td class="tableHeader">'.WebGUI::International::get(145).'</td><td class="tableData">'.$WebGUI::VERSION.' ('.WebGUI::International::get(349).': '.$version.')</td></tr>';
 		($data) = WebGUI::SQL->quickArray("select count(*) from userSession");
-		$output .= '<tr><td class="tableHeader">'.WebGUI::International::get(146).'</td><td class="tableData">'.$data.'</td></tr>';
+		$output .= '<tr><td class="tableHeader">'.WebGUI::International::get(146).'</td><td class="tableData">'.$data.' (<a href="'.WebGUI::URL::page("op=viewActiveSessions").'">'.WebGUI::International::get(423).'</a> / <a href="'.WebGUI::URL::page("op=viewLoginHistory").'">'.WebGUI::International::get(424).'</a>)</td></tr>';
 		($data) = WebGUI::SQL->quickArray("select count(*)+1 from page where parentId>25");
 		$output .= '<tr><td class="tableHeader">'.WebGUI::International::get(147).'</td><td class="tableData">'.$data.'</td></tr>';
-		($data) = WebGUI::SQL->quickArray("select count(*) from page where pageId>25 or pageId=0");
+		($data) = WebGUI::SQL->quickArray("select count(*)-1 from widget");
 		$output .= '<tr><td class="tableHeader">'.WebGUI::International::get(148).'</td><td class="tableData">'.$data.'</td></tr>';
+		($data) = WebGUI::SQL->quickArray("select count(*) from style where styleId>25");
+		$output .= '<tr><td class="tableHeader">'.WebGUI::International::get(427).'</td><td class="tableData">'.$data.'</td></tr>';
 		($data) = WebGUI::SQL->quickArray("select count(*) from users where userId>25");
 		$output .= '<tr><td class="tableHeader">'.WebGUI::International::get(149).'</td><td class="tableData">'.$data.'</td></tr>';
 		($data) = WebGUI::SQL->quickArray("select count(*) from groups where groupId>25");
--- a/lib/WebGUI/Operation/User.pm
+++ b/lib/WebGUI/Operation/User.pm
@ -91,14 +91,10 @@ sub www_addUserSave {

 #-------------------------------------------------------------------
 sub www_becomeUser {
-        my ($cookieInfo, $output, $password);
+        my ($output);
        if (WebGUI::Privilege::isInGroup(3)) {
-		($password) = WebGUI::SQL->quickArray("select identifier from users where userId='$session{form}{uid}'");
        	WebGUI::Session::end($session{var}{sessionId});
-        	$cookieInfo = $session{form}{uid}."|".crypt($password,"yJ");
-		WebGUI::Session::end($cookieInfo);
-		WebGUI::Session::start($cookieInfo);
-        	WebGUI::Session::setCookie("wgSession",$cookieInfo);
+		WebGUI::Session::start($session{form}{uid});
 		$output = "";
        } else {
                $output = WebGUI::Privilege::adminOnly();