/** * Builds the file integrity table * */ public static function buildFileIntegrity() { $files = array(); // Extensions to fetch, an empty array will return all extensions $ext = array("php", "html"); // Directories to ignore, an empty array will check all directories $skip = array(); // Build profile $dir = new RecursiveDirectoryIterator(FROOT); $iter = new RecursiveIteratorIterator($dir); while ($iter->valid()) { // Skip unwanted directories if (!$iter->isDot() && !in_array($iter->getSubPath(), $skip)) { // get specific file extensions if (!empty($ext)) { // PHP 5.3.4: if (in_array($iter->getExtension(), $ext)) { if (in_array(pathinfo($iter->key(), PATHINFO_EXTENSION), $ext)) { $files[$iter->key()] = hash_file("sha1", $iter->key()); } } else { // ignore file extensions $files[$iter->key()] = hash_file("sha1", $iter->key()); } } $iter->next(); } // Add hashes to databases openRailwayCore::logEvent(time(), openRailwayCore::createInteractionIdentifier(), null, 5, 1, "File integrity hash table built"); foreach ($files as $k => $v) { $sql = "INSERT INTO integrity_hashes (file_path,file_hash) VALUES ('" . $k . "','" . $v . "')"; openRailwayCore::dbQuery($sql); } }
<?php if (isset($_GET['action']) && $_GET['action'] == 'deleteall') { $sql = "DELETE FROM `log` WHERE `security_relevant` = '1'"; $result = openRailwayCore::dbQuery($sql); openRailwayCore::logEvent(time(), openRailwayCore::createInteractionIdentifier(), $_SESSION['user_id'], 1, 1, 'User deleted all security log entries'); header("Location: " . ROOT . "admincp/index.php?module=log_err"); } $main = new Template(); $main->set_custom_template("includes/", 'default'); $main->assign_var('ROOT', ROOT); if (isset($_GET['id']) && is_numeric($_GET['id'])) { $main->assign_block_vars('if_linkback', ''); } elseif (isset($_GET['int'])) { $sql = "SELECT * FROM `log` WHERE `interaction_identifier` = '" . $_GET['int'] . "' ORDER BY `event_id` DESC"; $result = openRailwayCore::dbQuery($sql); $main->assign_block_vars('if_linkback', ''); $main->assign_block_vars('if_table_display', ''); while ($event = mysql_fetch_assoc($result)) { if (isset($event)) { $main->assign_var('SUBTITLE', "Viewing interaction " . $_GET['int']); $main->assign_block_vars('log_err', array('ID' => $event['event_id'], 'TIME' => date("d-M-Y H:i:s", $event['event_timestamp']), 'SEV' => $event['event_severity'], 'INTID' => $event['interaction_identifier'], 'IP' => $event['source_ip'], 'SUA' => $event['source_user_agent'], 'DESC' => $event['description'])); } } } else { $sql = "SELECT * FROM `log` WHERE `security_relevant` = '1' ORDER BY `event_id` DESC"; $result = openRailwayCore::dbQuery($sql); $main->assign_block_vars('if_table_display', ''); while ($event = mysql_fetch_assoc($result)) { if (isset($event)) { $main->assign_block_vars('log_err', array('ID' => $event['event_id'], 'TIME' => date("d-M-Y H:i:s", $event['event_timestamp']), 'SEV' => $event['event_severity'], 'INTID' => $event['interaction_identifier'], 'IP' => $event['source_ip'], 'SUA' => $event['source_user_agent'], 'DESC' => $event['description']));
case "account": Authentication::blockPageToVisitors(); // Account actions if (isset($_GET['action'])) { switch ($_GET['action']) { case "deactivate": // Deactivates account if (isset($_SESSION['user_id'])) { Authentication::deactivateUser($_SESSION['user_id']); } break; case "update": // Update user details - AJAX implementation if (isset($_POST['fname']) && isset($_POST['mname']) && isset($_POST['sname']) && isset($_POST['address']) && isset($_POST['dob']) && isset($_POST['mphone']) && isset($_POST['wphone']) && isset($_POST['hphone']) && isset($_POST['email'])) { openRailwayCore::dbQuery("UPDATE `staff_master` SET `first_name` = '" . $_POST['fname'] . "', `middle_name` = '" . $_POST['mname'] . "', `surname` = '" . $_POST['sname'] . "', `date_of_birth` = '" . $_POST['dob'] . "', `address` = '" . $_POST['address'] . "', `email` = '" . $_POST['email'] . "', `home_phone` = '" . $_POST['hphone'] . "', `mobile_phone` = '" . $_POST['mphone'] . "', `work_phone` = '" . $_POST['wphone'] . "' WHERE `staff_id` = '" . $_SESSION['staff_id'] . "'"); openRailwayCore::logEvent(time(), openRailwayCore::createInteractionIdentifier(), $_SESSION['user_id'], 5, 0, "User (SID: " . $_SESSION['staff_id'] . ") own profile updated"); } else { header("Location: " . ROOT . "user.php?mode=account"); } break; case "changepassword": if (isset($_POST['oldpassword']) && isset($_POST['newpassword']) && isset($_POST['confirmpassword'])) { // Change password code } break; default: header("Location: " . ROOT . "user.php?mode=account"); break; } } $result = openRailwayCore::dbQuery("SELECT * FROM `staff_master` WHERE `staff_id` = '" . $_SESSION['staff_id'] . "'");
/** * Reinstates a user account * @param integer $uid The user account to reinstate */ public static function reinstateUser($uid) { $sql = "UPDATE `users` SET `suspended` = '0' WHERE user_id = '" . $uid . "'"; $result = openRailwayCore::dbQuery($sql); openRailwayCore::logEvent(time(), openRailwayCore::createInteractionIdentifier(), $_SESSION['user_id'], 5, 1, "User (UID: " . $uid . ") reinstated by user (UID: " . $_SESSION['user_id'] . ")"); }