/**
* Used for logging our admin actions to our Avatar commit log
* @param string $userid SteamID for the user taking the action. This will match $adminid for grant/revoke requests
* @param string $adminid SteamID for the admin that granted the action
* @param string $assignedname requested name for avatar
* @param string $event one of the actions our users can take, 'add', 'delete', 'granting', 'gravatar', 'revoke', 'upload', 'error'
*/
function writeAvatarLog($userid, $adminid, $assignedname, $event)
{
global $avatarKeyPath;
// userid should be 0 for file uploads and gravatar emails
$steamID = is_numeric($userid) ? $userid : 0;
// adminid should be 0 for ILLEGAL events
$adminAuth = is_numeric($adminid) ? $adminid : 0;
// assigned name should report the string given to the script (to log dodgy attempts)
$eventName = sanitiseName($assignedname);
// event should be a verb like: add/delete/gravtar etc
$actionVerbs = array('add', 'delete', 'granting', 'gravatar', 'revoke', 'upload', 'error');
$event = in_array($event, $actionVerbs) ? $event : "error";
$logMsg = $steamID . ':' . $adminAuth . ':' . $eventName . ':' . $event . ':' . time() . "\n";
$logFile = $avatarKeyPath . '/logfile';
$value = file_put_contents($logFile, $logMsg, FILE_APPEND | LOCK_EX);
}
$action = "Revoke Avatar Permission";
$requestedName = sanitiseName($_GET['name']);
$requestedPath = $avatarKeyPath . '/' . $requestedName;
if (file_exists($requestedPath) and !is_dir($requestedPath)) {
writeAvatarLog(0, $me, $requestedName, 'revoke');
$body = "<p>Revoked permission for the user {$requestedName}.</p>";
unlink($requestedPath);
} else {
$style = "panel-danger";
$body = "<p>Can not revoke permission for the user {$requestedName}.</p>";
}
}
// are we supplying query for delete + name? → write to log, delete image
if (isset($_GET['delete']) and isset($_GET['name'])) {
$action = "Remove Avatar";
$requestedName = sanitiseName($_GET['name']);
$originalPath = $avatarFilePath . '/original/' . $requestedName . '.png';
$requestedPath = $avatarFilePath . '/' . $requestedName . '.png';
if (file_exists($requestedPath) and !is_dir($requestedPath)) {
if (file_exists($originalPath) and !is_dir($originalPath)) {
unlink($originalPath);
}
writeAvatarLog(0, $me, $requestedName, 'delete');
$body = "<p>Removed avatar file for user {$requestedName}.</p>";
unlink($requestedPath);
} else {
// fancy this message up.
$style = "panel-danger";
$body = "<p>Can not remove avatar file for user {$requestedName}.</p>";
}
}
