function _errorlog_logErrorRecord($logType, $logData) { // limit errors logged per session (to prevent infinite loops from logging infinite errors) $maxErrorsPerPage = 25; $maxErrorsReached = false; static $totalErrorsLogged = 0; $totalErrorsLogged++; if ($totalErrorsLogged > $maxErrorsPerPage + 1) { return; } // ignore any errors after max error limit if ($totalErrorsLogged > $maxErrorsPerPage) { $maxErrorsReached = true; } // get summary of CMS user data $CMS_USER = getCurrentUserFromCMS(); $subsetFields = array(); foreach (array('num', 'username') as $field) { if (isset($CMS_USER[$field])) { $subsetFields[$field] = $CMS_USER[$field]; } } $subsetFields['_tableName'] = 'accounts'; $cms_user_summary = print_r($subsetFields, true); // get summary of WEB user data $WEB_USER = getCurrentUser(); $subsetFields = array(); foreach (array('num', 'username') as $field) { if (isset($WEB_USER[$field])) { $subsetFields[$field] = $WEB_USER[$field]; } } $subsetFields['_tableName'] = accountsTable(); $web_user_summary = print_r($subsetFields, true); // create error message if ($maxErrorsReached) { $errorMessage = t(sprintf("Max error limit reached! Only the first %s errors per page will be logged.", $maxErrorsPerPage)); } else { if (isset($logData['errno'])) { $errorName = _errorLog_erronoToConstantName($logData['errno']); } else { $errorName = 'UNKNOWN_ERROR'; } $errorMessage = "{$errorName}: " . (isset($logData['errstr']) ? $logData['errstr'] : ''); } // create $logDataSummary without $logDataSummary = $logData; if (array_key_exists('errcontext', $logData)) { $logDataSummary['errcontext'] = "*** in symbol table field above ***"; } // create log record data $colsToValues = array('dateLogged=' => 'NOW()', 'updatedDate=' => 'NOW()', 'updatedByuserNum' => '0', 'error' => $errorMessage, 'url' => thisPageUrl(), 'filepath' => isset($logData['errfile']) ? $logData['errfile'] : '', 'line_num' => isset($logData['errline']) ? $logData['errline'] : '', 'user_cms' => isset($CMS_USER['num']) ? $cms_user_summary : '', 'user_web' => isset($WEB_USER['num']) ? $web_user_summary : '', 'http_user_agent' => isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : '', 'remote_addr' => isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : '', 'request_vars' => print_r($_REQUEST, true), 'get_vars' => print_r($_GET, true), 'post_vars' => print_r($_POST, true), 'cookie_vars' => print_r($_COOKIE, true), 'session_vars' => isset($_SESSION) ? print_r($_SESSION, true) : '', 'server_vars' => print_r($_SERVER, true), 'symbol_table' => isset($logData['errcontext']) ? print_r($logData['errcontext'], true) : '', 'raw_log_data' => print_r($logDataSummary, true), 'email_sent' => 0); // insert record $newRecordNum = mysql_insert('_error_log', utf8_force($colsToValues, true)); // remove old log records $maxRecords = 900; $buffer = 100; // only erase records when we're this many over (to avoid erasing records every time) if (mysql_count('_error_log') > $maxRecords + $buffer) { $oldestRecordToSave_query = "SELECT * FROM `{$GLOBALS['TABLE_PREFIX']}_error_log` ORDER BY `num` DESC LIMIT 1 OFFSET " . ($maxRecords - 1); $oldestRecordToSave = mysql_get_query($oldestRecordToSave_query); if (!empty($oldestRecordToSave['num'])) { mysql_delete('_error_log', null, "num < {$oldestRecordToSave['num']}"); } } // send email update if ($GLOBALS['SETTINGS']['advanced']['phpEmailErrors']) { register_shutdown_function('_errorlog_sendEmailAlert'); } }
function encryptAllPasswords() { global $SETTINGS, $TABLE_PREFIX; // hash all unhashed passwords $prefix = '$sha1$'; $salt = 'd7w8e'; // Add random chars to passwords to prevent precomputed dictionary attacks. See: http://en.wikipedia.org/wiki/Salt_(cryptography) $expectedLength = strlen($prefix) + 40; $updateQuery = "UPDATE `{$TABLE_PREFIX}" . accountsTable() . "`\n SET `password` = CONCAT('{$prefix}', SHA1(CONCAT(`password`, '{$salt}')))\n WHERE `password` NOT LIKE '{$prefix}%' AND LENGTH(`password`) != {$expectedLength}"; mysql_query($updateQuery) or die("MySQL Error: " . mysql_error() . "\n"); }
function getCurrentUserFromCMS() { // NOTE: Keep this in /lib/common.php, not login_functions.php or user_functions.php so no extra libraries need to be loaded to call it require_once SCRIPT_DIR . "/lib/login_functions.php"; // if not already loaded by a plugin - loads getCurrentUser() and accountsTable(); // save old cookiespace and accounts table $oldCookiePrefix = array_first(cookiePrefix(false, true)); // save old cookiespace $oldAccountsTable = accountsTable(); // save old accounts table // switch to cms admin cookiespace and accounts table and load current CMS user cookiePrefix('cms'); // switch to CMS Admin cookiespace accountsTable('accounts'); // switch to CMS Admin accounts table $cmsUser = getCurrentUser($loginExpired); // 2.52 - load cms users accessList (needed by viewer_functions.php for previewing) if ($cmsUser['num']) { // 2.64 - only add if user found $records = mysql_select('_accesslist', array('userNum' => $cmsUser['num'])); foreach ($records as $record) { $cmsUser['accessList'][$record['tableName']]['accessLevel'] = $record['accessLevel']; $cmsUser['accessList'][$record['tableName']]['maxRecords'] = $record['maxRecords']; } } // switch back to previoius cookiespace and accounts table cookiePrefix($oldCookiePrefix); accountsTable($oldAccountsTable); // return $cmsUser; }