function act_feed() { global $wpdb, $options_act; extract($options_act); $act_feed = wp_cache_get('act_feed'); if (!$act_feed) { $date = gmdate('r', strtotime($wpdb->get_var("SELECT MAX(act_date) FROM " . $wpdb->prefix . "activity"))); $wp_url = get_bloginfo('wpurl'); $act_not_in = ''; if (!$act_feed_connect) { $act_not_in .= "'CONNECT', "; } if (!$act_feed_comments) { $act_not_in .= "'COMMENT_ADD', 'COMMENT_EDIT', 'COMMENT_DEL', "; } if (!$act_feed_posts) { $act_not_in .= "'POST_ADD', 'POST_EDIT', 'POST_DEL', "; } if (!$act_feed_profiles) { $act_not_in .= "'PROFILE_EDIT', "; } if (!$act_feed_links) { $act_not_in .= "'LINK_ADD', "; } $act_types = array('CONNECT' => __('New visit', 'wp-activity'), 'POST_ADD' => __('New post', 'wp-activity'), 'POST_EDIT' => __('Post edited', 'wp-activity'), 'POST_DEL' => __('Post deleted', 'wp-activity'), 'PROFILE_EDIT' => __('Profile edited', 'wp-activity'), 'COMMENT_ADD' => __('New comment', 'wp-activity'), 'COMMENT_EDIT' => __('Comment edited', 'wp-activity'), 'COMMENT_DEL' => __('Comment deleted', 'wp-activity'), 'LINK_ADD' => __('New link', 'wp-activity')); $sql = "SELECT u.display_name as display_name, user_nicename, u.id as id, act_type, act_date, act_params, a.id as act_id, a.user_id as user_id FROM " . $wpdb->prefix . "activity AS a, " . $wpdb->prefix . "users AS u WHERE a.user_id = u.id AND a.act_type NOT IN (" . $act_not_in . "'LOGIN_FAIL', 'ACCESS_DENIED') ORDER BY a.act_date DESC"; if ($items = $wpdb->get_results($sql)) { $cache = '<?xml version="1.0" encoding="utf-8"?>'; $cache .= '<rss version="2.0" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:wfw="http://wellformedweb.org/CommentAPI/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:sy="http://purl.org/rss/1.0/modules/syndication/" xmlns:slash="http://purl.org/rss/1.0/modules/slash/" >'; $cache .= '<channel>'; $cache .= '<title>' . attribute_escape(strip_tags(html_entity_decode(sprintf(__('%s activity RSS Feed', 'wp-activity'), get_bloginfo('name'))))) . '</title>'; $cache .= '<link>' . $wp_url . '</link>'; $cache .= '<description><![CDATA[' . sprintf(__('User events of %s', 'wp-activity'), get_bloginfo('name')) . ']]></description>'; $cache .= '<lastBuildDate>' . $date . '</lastBuildDate>'; $cache .= '<language>' . get_bloginfo('language') . '</language>'; foreach ((array) $items as $item) { $act_prep = act_prepare($item, 'rss'); $act_desc = $act_prep['user'] . ' ' . $act_prep['text'] . ' ' . $act_prep['params']; $cache .= '<item>'; $cache .= '<title>' . $act_types[$act_prep['type']] . '</title>'; $cache .= '<pubDate>' . $act_prep['date'] . '</pubDate>'; $cache .= '<description><![CDATA[<p>' . attribute_escape(strip_tags(html_entity_decode($act_desc))) . '</p>]]></description>'; $cache .= '<content:encoded><![CDATA[<div style="float:left; margin:1em">' . get_avatar($item->user_id, 40) . '</div><p>' . $act_desc . '</p><div style="clear:both;"></div>]]></content:encoded>'; $cache .= '<dc:creator>' . $item->display_name . '</dc:creator>'; $cache .= '<link>' . $wp_url . '</link>'; $cache .= '</item>'; } $cache .= '</channel>'; $cache .= '</rss>'; } wp_cache_set('act_feed', $cache, '3600'); echo $cache; } else { echo $act_feed; } }
function act_admin_activity() { global $wpdb, $act_plugin_version, $act_list_limit, $options_act, $act_user_filter_max; ?> <script type="text/javascript"> jQuery(function() { jQuery('#act_user_sel').suggest(ajaxurl + "?action=act_get_users", { minchars: 3 }); }); </script> <div class="wrap"> <h2>Activity Log</h2> <?php if (isset($_GET['act_list_action']) && isset($_GET['act_check']) && check_admin_referer('wp-activity-list', 'act_filter')) { $doaction = $_GET['act_list_action']; if ('delete' == $doaction) { $act_list_del = implode(",", $_GET['act_check']); if ($wpdb->query("DELETE FROM " . $wpdb->prefix . "activity WHERE id IN(" . $act_list_del . ")")) { echo '<div id="message" class="updated fade"><p><strong>' . __('Event(s) deleted.', 'wp-activity') . '</strong></div>'; } } } $act_data_filter = $act_args = $sqlfilter = ''; if (isset($_GET['act_type_filter'])) { $act_type_filter = esc_html($_GET['act_type_filter']); $act_user_sel = esc_html($_GET['act_user_sel']); $act_data_filter = esc_html($_GET['act_data_filter']); if ($act_user_sel != 'all' and !empty($act_user_sel)) { if (is_numeric($act_user_sel)) { $sql_userobject = get_userdata($act_user_sel); $sql_username = $sql_userobject->display_name; $sqlfilter .= ' AND u.id = ' . $act_user_sel; } else { $sql_username = $act_user_sel; $sql_userobject = get_user_by('login', $act_user_sel); $sqlfilter .= ' AND u.display_name = "' . $act_user_sel . '"'; //$act_user_sel = $sql_userobject->ID; } $sqlfilter .= ' AND act_type NOT IN ("LOGIN_FAIL", "ACCESS_DENIED")'; $act_args .= '&act_user_sel=' . $act_user_sel; } if ($act_type_filter != 'all' and !empty($act_type_filter)) { $sqlfilter .= ' AND act_type = "' . $act_type_filter . '"'; } if (!empty($act_data_filter)) { $sqlfilter .= ' AND act_params LIKE "%%' . $act_data_filter . '%%"'; //double % characters to be wpdb->prepare compatible $act_args .= '&act_data_filter=' . $act_data_filter; } $act_args .= '&act_type_filter=' . $act_type_filter; if (($act_type_filter == 'LOGIN_FAIL' or $act_type_filter == 'all') and $act_user_sel != 'all') { $sqlfilter .= ') UNION ALL (SELECT null as display_name, user_id as id, act_type, act_date, act_params, id FROM ' . $wpdb->prefix . 'activity WHERE act_type = "LOGIN_FAIL" AND SUBSTRING_INDEX(act_params, "###", 1) = "' . $sql_username . '"'; if (!empty($act_data_filter)) { //This avoid to have login_fail events not related to data filter selected when filtering also by user. //WARNING : If you enter the same value for user AND data filters, you will see login_fail events for this user. That's because raw data value contains the user logon name.) $sqlfilter .= ' AND act_params LIKE "%%' . $act_data_filter . '%%"'; } } } $sqlfilter .= ')'; if (isset($_GET['act_order_by'])) { $act_order_by = esc_html($_GET['act_order_by']); $act_args .= '&act_order_by=' . $act_order_by; } if (empty($act_type_filter)) { $act_type_filter = 'all'; } if (empty($act_order_by)) { $act_order_by = 'order_date'; } switch ($act_order_by) { case 'order_user': $sqlorderby = 'display_name ASC, act_date DESC'; break; case 'order_type': $sqlorderby = 'act_type ASC, act_date DESC'; break; case 'order_date': default: $sqlorderby = 'act_date DESC'; break; } ?> <div id="act_recent"> <?php if (isset($_GET['act_page']) && $_GET['act_page'] && is_numeric($_GET['act_page'])) { $act_page = $_GET['act_page']; } else { $act_page = 1; } ?> <?php /******** DISPLAY ********/ ?> <?php $act_start = ($act_page - 1) * $act_list_limit; $act_recent_sql = "(SELECT u.display_name as display_name, u.id as id, act_type, act_date, act_params, a.id as act_id FROM " . $wpdb->prefix . "activity AS a, " . $wpdb->users . " AS u WHERE a.user_id = u.id " . $sqlfilter . " ORDER BY " . $sqlorderby; $logins = $wpdb->get_results($act_recent_sql); $act_count = count($logins); //echo 'act_recent_sql : '.$act_recent_sql.' - act_count : '.$act_count.'<br />'; ?> <form id="act-filter" action="" method="get"> <input type="hidden" name="page" value="act_activity" /> <?php wp_nonce_field('wp-activity-list', 'act_filter', false); ?> <div class="tablenav"> <?php act_pagination($act_count, $act_list_limit, $act_page, $act_start, $act_args); ?> <div class="alignleft actions"> <select name="act_list_action"> <option value="" selected="selected"><?php _e('Bulk Actions'); ?> </option> <option value="delete"><?php _e('Delete'); ?> </option> </select> <input type="submit" value="<?php esc_attr_e('Apply'); ?> " name="doaction" id="doaction" class="button-secondary action" /> <?php $types = array('NEW_USER', 'LOGIN_FAIL', 'ACCESS_DENIED', 'CONNECT', 'POST_ADD', 'POST_EDIT', 'POST_DEL', 'PROFILE_EDIT', 'COMMENT_ADD', 'COMMENT_EDIT', 'COMMENT_DEL', 'LINK_ADD'); $select_type = "<select name=\"act_type_filter\">"; $select_type .= '<option value="all"' . ($act_type_filter == 'all' ? " selected='selected'" : '') . '>' . __('View all') . "</option>"; foreach ((array) $types as $type) { $select_type .= '<option value="' . $type . '"' . ($type == $act_type_filter ? " selected='selected'" : '') . '>' . $type . "</option>"; } $select_type .= "</select>"; echo $select_type; $select_order = "<select name=\"act_order_by\">"; $select_order .= '<option value="order_date"' . ($act_order_by == 'order_date' ? " selected='selected'" : '') . '>' . __('Order by date (DESC)', 'wp-activity') . '</option>'; $select_order .= '<option value="order_user"' . ($act_order_by == 'order_user' ? " selected='selected'" : '') . '>' . __('Order by user', 'wp-activity') . '</option>'; $select_order .= '<option value="order_type"' . ($act_order_by == 'order_type' ? " selected='selected'" : '') . '>' . __('Order by event type', 'wp-activity') . '</option>'; $select_order .= "</select>"; echo $select_order; $user_count = $wpdb->get_var("SELECT COUNT(*) FROM {$wpdb->users};"); if ($user_count <= $act_user_filter_max) { if (empty($act_user_sel)) { $act_user_sel = 'all'; } $act_u_res = get_users('orderby=displayname'); $act_u_sel = "<select name=\"act_user_sel\">"; $act_u_sel .= '<option value="all"' . ($act_user_sel == 'all' ? " selected='selected'" : '') . '>' . __('All users', 'wp-activity') . '</option>'; foreach ((array) $act_u_res as $act_u) { $act_u_sel .= '<option value="' . $act_u->ID . '"' . ($act_user_sel == $act_u->ID ? " selected='selected'" : '') . '>' . $act_u->display_name . '</option>'; } $act_u_sel .= "</select>"; } else { $act_u_sel = __("User") . ' : <input type="text" id="act_user_sel" name="act_user_sel" value="' . $act_user_sel . '" />'; } echo $act_u_sel; ?> <?php _e("Data", 'wp-activity'); ?> : <input type="text" id="act_data_filter" name="act_data_filter" value="<?php echo $act_data_filter; ?> " /> <input type="submit" id="post-query-submit" value="<?php esc_attr_e('Filter'); ?> " class="button-secondary" /> </div> <br class="clear" /> </div> <table id="activity-admin" class="widefat"> <thead> <tr> <th scope="col" id="cb" class="manage-column column-cb check-column"><input type="checkbox" /></th> <th></th> <th scope="col" class="manage-column"><?php _e("Date", 'wp-activity'); ?> </th> <th scope="col" class="manage-column"><?php _e("User", 'wp-activity'); ?> </th> <th scope="col" class="manage-column"><?php _e("Event Type", 'wp-activity'); ?> </th> <th scope="col" class="manage-column"><?php _e("Applies to", 'wp-activity'); ?> </th> </tr> </thead> <tfoot> <tr> <th scope="col" class="manage-column column-cb check-column"><input type="checkbox" /></th> <th></th> <th scope="col" class="manage-column"><?php _e("Date", 'wp-activity'); ?> </th> <th scope="col" class="manage-column"><?php _e("User", 'wp-activity'); ?> </th> <th scope="col" class="manage-column"><?php _e("Event Type", 'wp-activity'); ?> </th> <th scope="col" class="manage-column"><?php _e("Applies to", 'wp-activity'); ?> </th> </tr> </tfoot> <tbody> <?php $act_alt = 0; $i = 0; foreach ((array) $logins as $act) { $i++; if ($i > $act_start and $i <= $act_start + $act_list_limit) { if ($act_alt == 1) { $act_alt_class = 'class="alternate"'; } else { $act_alt_class = ''; } $act_prep = act_prepare($act, 'admin'); echo '<tr ' . $act_alt_class . '>'; echo '<th scope="row" class="check-column"><input type="checkbox" name="act_check[]" value="' . $act->act_id . '" /></th>'; echo '<td>' . $i . '</td><td>' . $act_prep['date'] . '</td> <td><span class="' . $act_prep['class'] . '"><a href="user-edit.php?user_id=' . get_user_by('login', $act_prep['user'])->ID . '">' . $act_prep['user'] . '</a></span></td> <td><span class="' . $act_prep['class'] . '">' . $act_prep['type'] . '</span></td> <td>' . $act_prep['params'] . '</td>'; echo '</tr>'; if ($act_alt == 1) { $act_alt = 0; } else { $act_alt = 1; } } } ?> </tbody> </table> </form> <div class="tablenav"> <form action="" method="post"> <input type="hidden" name="act_type_filter" value="<?php echo $act_type_filter; ?> " /> <input type="hidden" name="act_order_by" value="<?php echo $act_order_by; ?> " /> <input type="hidden" name="act_user_sel" value="<?php echo $act_user_sel; ?> " /> <input type="hidden" name="act_data_filter" value="<?php echo $act_data_filter; ?> " /> <input type="submit" class="button-primary" name="act_export" value="<?php _e('Export filtered Data »', 'wp-activity'); ?> " /> <input type="checkbox" name="act_del_exported" /> <?php _e('Delete exported data', 'wp-activity'); ?> <br /><span class="act_info"><?php _e('If you use MS Excel and have some ugly characters, rename the file extension to .txt and open it within Excel.', 'wp-activity'); ?> </span> <?php wp_nonce_field('wp-activity-export', 'act_export_csv'); ?> </form> <?php act_pagination($act_count, $act_list_limit, $act_page, $act_start, $act_args); echo '</div>'; echo '<div class="clearfix"></div>'; ?> </div> <?php }
function act_stream_common($act_number = '30', $act_user = '', $archive = false) { global $wpdb, $options_act, $user_ID; $wp_url = get_bloginfo('wpurl'); $act_old_class = ''; $act_old_flag = -1; $sql = "SELECT u.display_name as display_name, user_nicename, u.id as id, act_type, act_date, act_params, a.id as act_id, a.user_id as user_id FROM " . $wpdb->prefix . "activity AS a, " . $wpdb->users . " AS u WHERE a.user_id = u.id"; if ($act_user != '') { $sql .= " AND a.user_id = '" . $act_user . "'"; } else { $sql .= " AND act_type NOT IN ('LOGIN_FAIL', 'ACCESS_DENIED')"; } $sql .= " ORDER BY act_date DESC LIMIT " . $act_number; if ($act_logins = $wpdb->get_results($sql)) { foreach ((array) $act_logins as $act) { if ($options_act['act_old'] and $act_old_flag > 0 and !$archive) { $act_old_class = 'act-old'; } else { $act_old_class = ''; } if (!$act_logged[$act->user_id]) { $act_logged[$act->user_id] = "2029-01-01 00:00:01"; //hope this plugin won't be used anymore at this date... } if (strtotime($act_logged[$act->user_id]) - strtotime($act->act_date) > 60 and $act->act_type == 'CONNECT' or $act->act_type != 'CONNECT') { echo '<li class="login ' . $act_old_class . '">'; if ($options_act['act_icons'] != 'n') { if ($options_act['act_icons'] == 'a' and ($act->act_type == 'CONNECT' or $act->act_type == 'PROFILE_EDIT' or $act->act_type == 'NEW_USER')) { echo get_avatar($act->user_id, '16'); } else { $act_icon = WP_PLUGIN_DIR . '/wp-activity/img/' . $act->act_type . '.png'; if (@file_exists($act_icon)) { echo '<img class="activity_icon" alt="" src="' . WP_PLUGIN_URL . '/wp-activity/img/' . $act->act_type . '.png" />'; } else { echo '<img class="activity_icon" alt="" src="' . WP_PLUGIN_URL . '/wp-activity/img/default.png" />'; } } } if ($act->user_id == $user_ID and $options_act['act_old'] and $act->act_type == 'CONNECT') { $act_old_flag++; } //format event display $act_prep = act_prepare($act, 'frontend'); echo $act_prep['user'] . ' ' . $act_prep['text'] . ' ' . $act_prep['params'] . ' <span class="activity_date">' . $act_prep['date'] . '</span>'; echo '</li>'; } $act_logged[$act->user_id] = $act->act_date; } } }
function act_export() { global $wpdb; if (isset($_POST['act_export']) and check_admin_referer('wp-activity-export', 'act_export_csv')) { $act_sqlorderby_sec = ''; if (isset($_POST['act_type_filter'])) { $act_type_filter = esc_html($_POST['act_type_filter']); $act_user_sel = esc_html($_POST['act_user_sel']); $act_data_filter = esc_html($_POST['act_data_filter']); if ($act_user_sel != 'all' and !empty($act_user_sel)) { if (is_numeric($act_user_sel)) { $sql_userobject = get_userdata($act_user_sel); $sql_username = $sql_userobject->display_name; $sqlfilter .= ' AND u.id = ' . $act_user_sel; } else { $sql_username = $act_user_sel; $sql_userobject = get_user_by('login', $act_user_sel); $sqlfilter .= ' AND u.display_name = "' . $act_user_sel . '"'; $act_user_sel = $sql_userobject->ID; } $sqlfilter .= ' AND act_type NOT IN ("LOGIN_FAIL", "ACCESS_DENIED")'; } if ($act_type_filter != 'all' and !empty($act_type_filter)) { $sqlfilter .= 'AND act_type = "' . $act_type_filter . '"'; } if (!empty($act_data_filter)) { $sqlfilter .= ' AND act_params LIKE "%%' . $act_data_filter . '%%"'; } if (($act_type_filter == 'LOGIN_FAIL' or $act_type_filter == 'all') and $act_user_sel != 'all') { $sqlfilter .= ') UNION ALL (SELECT null as display_name, user_id as id, act_type, act_date, act_params, id FROM ' . $wpdb->prefix . 'activity WHERE act_type = "LOGIN_FAIL" AND SUBSTRING_INDEX(act_params, "###", 1) = "' . $sql_username . '"'; if (!empty($act_data_filter)) { $sqlfilter .= ' AND act_params LIKE "%%' . $act_data_filter . '%%"'; } } } $sqlfilter .= ')'; if (isset($_POST['act_order_by'])) { $act_order_by = esc_html($_POST['act_order_by']); } else { $act_order_by = 'order_date'; } switch ($act_order_by) { case 'order_user': $sqlorderby = 'display_name ASC, act_date DESC'; break; case 'order_type': $sqlorderby = 'act_type ASC, act_date DESC'; break; case 'order_date': default: $sqlorderby = 'act_date DESC'; break; } $act_recent_sql = "(SELECT u.display_name as display_name, u.id as id, act_type, act_date, act_params, a.id as act_id FROM " . $wpdb->prefix . "activity AS a, " . $wpdb->users . " AS u WHERE a.user_id = u.id " . $sqlfilter . " ORDER BY " . $sqlorderby; if ($logins = $wpdb->get_results($wpdb->prepare($act_recent_sql))) { header("Pragma: public"); header("Expires: 0"); header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); header("Cache-Control: private", false); header("Content-Type: application/csv-tab-delimited-table; charset=utf-8"); header("Content-Disposition: attachment; filename=wp-activity.csv"); header("Content-Transfer-Encoding: binary"); echo __("Date", 'wp-activity') . ';' . __("User", 'wp-activity') . ';' . __("Event Type", 'wp-activity') . ';' . __("Applies to", 'wp-activity') . ";\n"; foreach ((array) $logins as $act) { $act_id_tab[] = $act->act_id; $act_prep = act_prepare($act, 'csv'); echo $act_prep['date'] . ';' . $act_prep['user'] . ';' . $act_prep['type'] . ';' . $act_prep['params']; echo "\n"; } //delete exported data if requested if ($_POST['act_del_exported'] == true) { $act_del = implode(",", $act_id_tab); $del_sql = "DELETE FROM " . $wpdb->prefix . "activity WHERE id IN(" . $act_del . ")"; $wpdb->query($wpdb->prepare($del_sql)); } } else { echo 'Zombie frenzy ! They gonna eat our brains ! ...No, in fact something goes wrong with the sql query : ' . $wpdb->print_error(); } } else { echo "Alien Invasion ! We all gonna die ! ...No, in fact this is a security check failure."; } die; }